John Dermody


Thank you for your interest. Before you communicate with one of our attorneys, please note: Any comments our attorneys share with you are general information and not legal advice. No attorney-client relationship will exist between you or your business and O’Melveny or any of its attorneys unless conflicts have been cleared, our management has given its approval, and an engagement letter has been signed. Meanwhile, you agree: we have no duty to advise you or provide you with legal assistance; you will not divulge any confidences or send any confidential or sensitive information to our attorneys (we are not in a position to keep it confidential and might be required to convey it to our clients); and, you may not use this contact to attempt to disqualify O’Melveny from representing other clients adverse to you or your business. By clicking "accept" you acknowledge receipt and agree to all of the terms of this paragraph and our Disclaimer.


John Dermody joined O’Melveny after a decade in government service, recently serving as a deputy legal advisor at the National Security Council (NSC). Previously, John served in the General Counsel’s offices of the Department of Homeland Security (DHS) and the Department of Defense.  Drawing on his experience in the highest levels of government, John advises clients on data security, privacy, cybersecurity, and national security issues, including economic sanctions and national security reviews of investments and technology transactions conducted by the Departments of Justice, Homeland Security, Defense, the Treasury, State, and Commerce. As a member of O’Melveny’s Coronavirus Task Force, John advises clients on government emergency powers, shelter-in-place orders, and data privacy issues associated with public health measures.

While at the NSC, John advised senior officials on cybersecurity, infrastructure protection, disaster response, border and transportation security, election security, biodefense, and other matters of US national security. His work included coordinating responses to and attribution of cyber incidents, revising US cyber operations policy, and helping to develop and implement the National Cyber Strategy. He also advised on US sanctions programs and matters and policies relating to supply chain security, 5G deployment, and spectrum allocation.


Government Experience

  • Deputy Legal Advisor, Office of the Legal Advisor, National Security Council
  • Attorney-Advisor, Intelligence Law Division, Office of the General Counsel, United States Department of Homeland Security
  • Associate Deputy General Counsel, Office of the General Counsel, United States Department of Defense

Honors & Awards

  • Meritorious Unit Citation, Director of National Intelligence, 2018
  • Secretary’s Award for Excellence, Department of Homeland Security, 2017, 2014
  • Team of the Year, Intelligence Community Legal Award, 2017
  • Intelligence Integration Unit Citation, Director of National Intelligence, 2015
  • Intelligence Leadership Award, Department of Homeland Security, 2015


Bar Admissions

  • California
  • District of Columbia


  • University of California, Hastings College of the Law, J.D., Hastings International and Comparative Law Review, Consulting Editor
  • Queen’s University, Belfast, M.A., International Politics, with merit
  • University of Dublin, Trinity College, M.Phil. 
  • University of California, Berkeley, B.A.

Professional Activities


  • The Honorable Robert R. Rigsby, Superior Court of the District of Columbia, Washington, DC
  • The Honorable Frederick H. Weisberg, Superior Court of the District of Columbia, Washington, DC


Speaking Engagements

  • Presenter, “Ransomware: How to Prepare and Respond,” O’Melveny Public Company Boot Camp series (August 2021)
  • Panelist, “Board of Directors Roundtable - Ransomware Developments,” Board of Directors Forum: Let’s Wine About Ransomware (December 10, 2020)
  • Panelist, “Are you Being Reasonable? Implementing and Defending Reasonable Data Security Requirements,” O’Melveny and the Crypsis Group Webinar (August 13, 2020)
  • Panelist, “Business Preparedness in Times of Pandemic,” J&J’s Legal Webinar Series for Life Sciences Entrepreneurs (July 23, 2020)
  • Panelist, “DEFCON ONE: Cyberattacks, Pandemics, Emergency Planning, and the Legal Battle for Recovery” O’Melveny and Homeland Security Advisory Council Webinar (May 28, 2020)
  • Presenter, “Returning to the Workplace Amidst COVID-19,” O’Melveny Webinar (May 20, 2020)


  • Certified Information Privacy Professional/United States (CIPP/US)
  • Certified Information Privacy Professional/Europe (CIPP/E)

Alerts and Publications

Bipartisan Legislation Seeks to Address National Security Threats From Foreign Information and Communications Technology

March 23, 2023

Illinois Supreme Court Allows Five-Year Statute of Limitations for BIPA Claims

March 6, 2023

US National Security’s Impact on Trade with China

February 14, 2023

Insights 2023

January 31, 2023

FTC Obtains Record Penalties from Video Game Company Amidst Growing Privacy and Consumer Protection Enforcement Trends

January 23, 2023

FCC Bans New Licenses for the Import and Use of Certain Chinese Telecommunications and Video Surveillance Equipment

December 5, 2022

New York State Seeks to Raise the Bar on Cybersecurity for Financial Services Providers, Including Certain Fintech and Cryptocurrency Companies

November 21, 2022

United States Imposes New Restrictions on Exports of Advanced Computing Chips and Semiconductor Manufacturing Items to China

October 11, 2022

Utah Joins California, Colorado, and Virginia in Enacting Consumer Privacy Law

March 29, 2022

President Biden Signs New Critical Infrastructure Cyber Incident Reporting Obligations Into Law

March 22, 2022

SEC Proposes New Rules on Cybersecurity

March 16, 2022

Russian Aggression Prompts Senate to Pass Cybersecurity Legislation

March 9, 2022

Data Security & Privacy Predictions for 2022: Six Issues to Watch

January 26, 2022

Commerce Clarifies That Technology Supply Chain Rule Reaches “Connected Software Applications” But Leaves Many Questions Unanswered

December 8, 2021

Biden’s Build Back Better Act Aims to Strengthen the FTC’s Privacy and Data Security Stance, But Enforcement Options Remain Limited by Supreme Court Precedent

November 29, 2021

Secure Equipment Act Accelerates FCC Rulemaking to Prohibit Licenses for Chinese Security and Technology Equipment

November 24, 2021

It’s a Sign: Key Takeaways from FinCEN’s Ransomware Report

October 20, 2021

New OFAC Compliance Guidance for the Virtual Currency Industry Provides Insights into OFAC’s Compliance Expectations that are Useful for Both the Virtual Currency Industry and the Broader Corporate Community

October 19, 2021

The Deadline for EU Standard Contractual Clauses is Here, Are You Ready?

September 27, 2021

European Commission Revises Rules for International Data Transfers

June 16, 2021

Supreme Court Narrows Computer Trespass Law

June 9, 2021

Biden Administration Recalibrates Executive Order Prohibiting Investments in Publicly Traded Securities of Certain Chinese Companies

June 7, 2021

Biden Administration Recalibrates Executive Order Prohibiting Investments in Publicly Traded Securities of Certain Chinese Companies

June 7, 2021

Government Imposes Mandatory Cybersecurity Requirements on Pipeline Operators in Response to Ransomware Attack

June 2, 2021

Biden Executive Order Sets the Table for Industry Cybersecurity Reform

May 17, 2021

Biden Administration Issues New Targeted Economic Sanctions On Russia

April 16, 2021

In the News

The American Lawyer: An Embarrassment of Litigator of the Week Runners-Up and Shout Out Riches

February 10, 2023

Law360: Cyber Enforcers Could Face Uphill Battle With GOP House

November 10, 2022

The Texas Lawbook: TSA Softens Cyber Rules: Trend or Outlier in Next Wave of Federal Cyber Regulation?

August 17, 2022

Law360: 2 FCA Settlements Highlight Gov’t Cyber Liability Focus

May 31, 2022

The Cyber Wire: US-EU Data Negotiations

April 11, 2022

The National Law Journal: Ex-DHS Attorney on Corporate Cybersecurity Risks in Wake of Russia-Ukraine Conflict

February 24, 2022

Law360: Dentons, CMS Close Kyiv Offices Amid Crisis In Ukraine

February 24, 2022

LiveNow from FOX: O’Melveny’s John Dermody Joins FOX News to Discuss Ukraine Crisis

February 23, 2022

Law360: Ukrainian Websites Attacked As New Malware Said To Spread

February 23, 2022

Reuters Legal: O’Melveny’s Dermody on New Cybersecurity Directives For Critical Pipelines

August 3, 2021

Law360: Cybersecurity & Privacy Policy To Watch For Rest Of 2021

July 30, 2021

WTOP NEWS: Nation-state hackers undeterred by US ‘naming and shaming’

July 27, 2021

TechRepublic: The Ransomware Risk Management Calculus is Changing for OT, ICS and Critical Infrastructure

July 22, 2021

Law360: 6 Cybersecurity Events That Have Defined 2021

July 12, 2021

Law360: Biden Taps Obama Counterterror Chief To Lead DOJ Division

May 26, 2021

SC Magazine: Colonial Pipeline attack: What government can do to deter critical infrastructure cybercriminals

May 10, 2021

Law360: SolarWinds Sanctions Far From Last Word On Russian Hacks

April 15, 2021

Press Releases