The following is an excerpt from Practice Perspectives: Vault's Guide to Legal Practice Areas.
Beth George—Of Counsel, Privacy & Data Security
Beth George is Of Counsel in the San Francisco office of Wilson Sonsini Goodrich & Rosati, where her practice focuses on cybersecurity and the intersection of national security and technology. Beth most recently served as a Deputy General Counsel at the U.S. Department of Defense, where she led a team of attorneys and support staff that provided department-wide strategic and legal guidance regarding all interactions with Congress. Previously, she worked in the White House Counsel’s Office, for the Senate Select Committee on Intelligence, and as a Counsel to the Assistant Attorney General for National Security at the U.S. Department of Justice. Beth is a lecturer on surveillance law and technology at the UC Berkeley School of Law, serves as a senior adjunct fellow for the New York University School of Law’s Center for Law and Security, and teaches a course on cyber law at Stanford University.
Please provide an overview of what, substantively, your practice area entails.
My work focuses on cybersecurity, which spans a breadth of laws. Whether it’s running an investigation of a breach that may result in class action litigation, or advising a company of its legal duties to disclose a vulnerability they discovered in their software, or helping companies decide how to disclose their cybersecurity risks on their quarterly SEC filings, my practice covers all issues where technology and security meets law.
What types of clients do you represent?
I have the opportunity to work with a wide breadth of technology and biotech clients, from large multinational corporations to small startups.
What types of cases/deals do you work on?
I’m the first call our clients make when they realize that they may have a cybersecurity breach. No two cases are the same. Sometimes, a wide number of employees have been spammed with a phishing email, and we have to figure out if anything was compromised. Other times, we know that a massive amount of data has been breached and have to advise on how to comply with the dozens of state laws that govern data breaches.
How did you decide to practice in your area?
I wanted to work on cutting edge issues in national security. When I joined the government, cybersecurity was emerging as a major issue, and because I have a background in computer science, it was a great fit for my skills.
What is a typical day or week like in your practice area?
The only thing that is typical in my job is to get a call that a client has been breached. From there, the facts of the case quickly differ—from how the breach occurred, to what kind of data may have been taken, to who the actor is, to what legal liabilities the client is facing. My most common task is working closely with forensic investigators and internal security teams to understand the scope and impact of the breach.
What is the best thing about your practice area?
I love that every day can be a different challenge. The technical aspects of my job are constantly changing, and no two clients’ issues are the same.
What is the most challenging aspect of your practice area?
In this job, it’s important not only to stay on top of the law as it evolves, but you also have to stay on top of the technology. The best-in-class cybersecurity practices three years ago are outdated today. Straddling both fields requires a lot of research and reading.
What training, classes, experience, or skills development would you recommend to someone who wishes to enter your practice area?
Having a technical background is a huge plus, but if you don’t, it’s really helpful to take basic computer science courses to understand how the internet works, what forensic analysis can and cannot show on a computer, and how hackers gain access to systems.
What misconceptions exist about your practice area? What do you wish you had known before joining your practice area?
A lot of people think cybersecurity is just about data breaches of private information, but it’s much more interesting than that.
What is unique about your practice area at your firm, and how has it evolved since you have been at the firm?
Our firm has some of the most interesting clients in the tech and life sciences sector. I’ve enjoyed joining the firm to build out a cutting-edge cybersecurity practice that helps companies understand how to manage risk and prevent attacks, rather than merely brace for an inevitable breach.
What activities do you enjoy when you are not in the office, and how do you make time for them?
I love swimming and biking. It’s great to live in a city where you can be outside all year round. Sometimes it requires getting up a bit earlier to fit in these activities, but it’s worth it.