John P. Carlin

John P. Carlin


Washington D.C., (202) 463-1000
New York, (212) 336-8600


Williams College (B.A., 1995)
Harvard Law School (J.D., 1999)

Bar Admissions

New York
District of Columbia

As Chair of the global risk and crisis management practice, Mr. Carlin regularly advises leading U.S. and overseas companies across numerous industries—including in the technology, healthcare, fashion, media, pharmaceutical and telecommunications sector—regarding crisis management, cyber incident response and preparedness, regulatory strategy, and CFIUS.  Clients appreciate Mr. Carlin’s inside perspective and ability to quickly engage the appropriate government actors in the event of a cyber or other national security incident impacting their business. Mr. Carlin also provides training and table-top exercises to the board, executive, and broader workforce.

Selected Significant Representations

  • Exposure of sensitive customer information. Advised global companies on the exposure of sensitive customer information by a third party vendor.
  • Cybersecurity training Advised international consulting companies on their privacy, data security issues, and provides onsite training exercise to board and executive members.
  • CFIUS strategy. Advised major foreign investment technology companies on CFIUS strategy and legislative issues. 
  • Breach and ransomware response Consulted multibillion dollar firm on breach and ransomware issues.
  • Compliance and risk assessment. Conducted compliance and risk assessment as well as advised on cybersecurity incidents and legislative issues to global technology firms.
  • Breach incident simulation Provided various breach incident simulations as well as table top exercises to members of executive teams to international companies.

Prior to joining Morrison & Foerster, Mr. Carlin has served as a top-level official in both Republican and Democratic administrations, most recently as Assistant Attorney General for National Security, the DOJ’s highest-ranking national security lawyer. In this capacity, for which Mr. Carlin was nominated by the President and overwhelmingly confirmed by the Senate on a bipartisan basis, he oversaw nearly 400 employees responsible for protecting the nation against terrorism, espionage, and cyber and other national security threats. Under his leadership, the NSD:

  • Created a threat analysis team to study potential national security challenges posed by the Internet of Things;
  • Launched a nationwide outreach effort across industries to raise awareness of national security, cyber, and espionage threats against American companies and encourage greater C-suite involvement in corporate cyber security matters;
  • Oversaw DOJ’s Counterintelligence and Export Control Section, responsible for investigating and prosecuting espionage cases, cases involving the illegal export of military and strategic commodities, and cases involving certain cyber-related activity;
  • Brought an unprecedented indictment against five members of the Chinese military for economic espionage;
  • Led investigations into breaches of public and private sector e-mail systems and protocol;
  • Investigated the attack on Sony Entertainment’s computer systems;
  • Brought charges, in conjunction with the FBI, against seven Iranians working for Islamic Revolutionary Guard Corps-affiliated entities for conducting a coordinated campaign of cyber attacks against the U.S. financial sector;
  • Oversaw the efforts of the National Security Cyber Specialist Network and the National Security/Anti-Terrorism Advisory Council program;
  • Secured the first federal jury conviction on charges brought under the Economic Espionage Act of 1996;
  • Led DOJ’s participation on the Committee on Foreign Investments in the United States;
  • Disrupted multiple terrorist plots and national security threats, bringing those involved to justice;
  • Prosecuted the Boston Marathon bombing cases; and
  • Provided legal oversight of the NSA’s surveillance activities and represented the government before the Foreign Intelligence Surveillance Court.

Prior to assuming his role in the NSD, Mr. Carlin served as Chief of Staff and Senior Counsel to Robert S. Mueller, III, former director of the FBI, where he helped lead the FBI’s evolution to meet growing and changing national security threats, including cyber threats. Mr. Carlin also held positions as National Coordinator of the DOJ’s Computer Hacking and Intellectual Property Program and Assistant United States Attorney for the District of Columbia, where he prosecuted cyber, fraud, and public corruption matters, among others, trying more than 40 cases to verdict.

Mr. Carlin is an inaugural Fellow of Harvard Kennedy School’s Belfer Center for Science and International Affairs’ Homeland Security Project, focused on the unique challenges and choices around protecting the American homeland. He also chairs the Aspen Institute’s Cybersecurity and Technology policy program, which provides a cross-disciplinary forum for industry, government, and media to address the rapidly developing landscape of digital threats and craft appropriate policy solutions.

Mr. Carlin, who joined DOJ through the Attorney General’s Honors Program, is a five-time recipient of the Department of Justice Award for Special Achievement and has drawn bipartisan praise, with U.S. Attorney General Loretta Lynch calling him “a trusted and tireless leader” and former U.S. Attorney General Michael Mukasey calling him “a superb civil servant.” He earned his Juris Doctorate from Harvard Law School, where he received the Samuel J. Heyman Fellowship for Federal Government Service and served as Articles editor for the Harvard Journal on Legislation, and earned his Bachelor of Arts degree, magna cum laude, from Williams College, where he was elected to Phi Beta Kappa.

Legal 500 US 2018
Recommended for Cyber Law (including Data Protection and Privacy)
Recommended for Dispute Resolution: Corporate Investigations and White-Collar Criminal Defense

Cybersecurity Docket: Global Cybersecurity and Incident Response Report
Selected as one of the Top 30 Data Breach Response Lawyers

Email Disclaimer

Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.

©1996-2018 Morrison & Foerster LLP. All rights reserved.