John Dermody


Thank you for your interest. Before you communicate with one of our attorneys, please note: Any comments our attorneys share with you are general information and not legal advice. No attorney-client relationship will exist between you or your business and O’Melveny or any of its attorneys unless conflicts have been cleared, our management has given its approval, and an engagement letter has been signed. Meanwhile, you agree: we have no duty to advise you or provide you with legal assistance; you will not divulge any confidences or send any confidential or sensitive information to our attorneys (we are not in a position to keep it confidential and might be required to convey it to our clients); and, you may not use this contact to attempt to disqualify O’Melveny from representing other clients adverse to you or your business. By clicking "accept" you acknowledge receipt and agree to all of the terms of this paragraph and our Disclaimer.


John Dermody joined O’Melveny after a decade in government service, recently serving as a deputy legal advisor at the National Security Council (NSC). Previously, John served in the General Counsel’s offices of the Department of Homeland Security (DHS) and the Department of Defense.  Drawing on his experience in the highest levels of government, John advises clients on data security, privacy, cybersecurity, and national security issues, including economic sanctions and national security reviews of investments and technology transactions conducted by the Departments of Justice, Homeland Security, Defense, the Treasury, State, and Commerce. As a member of O’Melveny’s Coronavirus Task Force, John advises clients on government emergency powers, shelter-in-place orders, and data privacy issues associated with public health measures.

While at the NSC, John advised senior officials on cybersecurity, infrastructure protection, disaster response, border and transportation security, election security, biodefense, and other matters of US national security. His work included coordinating responses to and attribution of cyber incidents, revising US cyber operations policy, and helping to develop and implement the National Cyber Strategy. He also advised on US sanctions programs and matters and policies relating to supply chain security, 5G deployment, and spectrum allocation.


Government Experience

  • Deputy Legal Advisor, Office of the Legal Advisor, National Security Council
  • Attorney-Advisor, Intelligence Law Division, Office of the General Counsel, United States Department of Homeland Security
  • Associate Deputy General Counsel, Office of the General Counsel, United States Department of Defense

Honors & Awards

  • Meritorious Unit Citation, Director of National Intelligence, 2018
  • Secretary’s Award for Excellence, Department of Homeland Security, 2017, 2014
  • Team of the Year, Intelligence Community Legal Award, 2017
  • Intelligence Integration Unit Citation, Director of National Intelligence, 2015
  • Intelligence Leadership Award, Department of Homeland Security, 2015


Bar Admissions

  • California
  • District of Columbia


  • University of California, Hastings College of the Law, J.D., Hastings International and Comparative Law Review, Consulting Editor
  • Queen’s University, Belfast, M.A., International Politics, with merit
  • University of Dublin, Trinity College, M.Phil. 
  • University of California, Berkeley, B.A.

Professional Activities


  • The Honorable Robert R. Rigsby, Superior Court of the District of Columbia, Washington, DC
  • The Honorable Frederick H. Weisberg, Superior Court of the District of Columbia, Washington, DC


Speaking Engagements

  • Presenter, “Ransomware: How to Prepare and Respond,” O’Melveny Public Company Boot Camp series (August 2021)
  • Panelist, “Board of Directors Roundtable - Ransomware Developments,” Board of Directors Forum: Let’s Wine About Ransomware (December 10, 2020)
  • Panelist, “Are you Being Reasonable? Implementing and Defending Reasonable Data Security Requirements,” O’Melveny and the Crypsis Group Webinar (August 13, 2020)
  • Panelist, “Business Preparedness in Times of Pandemic,” J&J’s Legal Webinar Series for Life Sciences Entrepreneurs (July 23, 2020)
  • Panelist, “DEFCON ONE: Cyberattacks, Pandemics, Emergency Planning, and the Legal Battle for Recovery” O’Melveny and Homeland Security Advisory Council Webinar (May 28, 2020)
  • Presenter, “Returning to the Workplace Amidst COVID-19,” O’Melveny Webinar (May 20, 2020)


  • Certified Information Privacy Professional/United States (CIPP/US)
  • Certified Information Privacy Professional/Europe (CIPP/E)


Alerts and Publications

Commerce Clarifies That Technology Supply Chain Rule Reaches “Connected Software Applications” But Leaves Many Questions Unanswered

December 8, 2021

Biden’s Build Back Better Act Aims to Strengthen the FTC’s Privacy and Data Security Stance, But Enforcement Options Remain Limited by Supreme Court Precedent

November 29, 2021

Secure Equipment Act Accelerates FCC Rulemaking to Prohibit Licenses for Chinese Security and Technology Equipment

November 24, 2021

It’s a Sign: Key Takeaways from FinCEN’s Ransomware Report

October 20, 2021 | Fintech

New OFAC Compliance Guidance for the Virtual Currency Industry Provides Insights into OFAC’s Compliance Expectations that are Useful for Both the Virtual Currency Industry and the Broader Corporate Community

October 19, 2021

The Deadline for EU Standard Contractual Clauses is Here, Are You Ready?

September 27, 2021

European Commission Revises Rules for International Data Transfers

June 16, 2021

Supreme Court Narrows Computer Trespass Law

June 9, 2021

Biden Administration Recalibrates Executive Order Prohibiting Investments in Publicly Traded Securities of Certain Chinese Companies

June 7, 2021

Biden Administration Recalibrates Executive Order Prohibiting Investments in Publicly Traded Securities of Certain Chinese Companies

June 7, 2021

Government Imposes Mandatory Cybersecurity Requirements on Pipeline Operators in Response to Ransomware Attack

June 2, 2021

Biden Executive Order Sets the Table for Industry Cybersecurity Reform

May 17, 2021

Biden Administration Issues New Targeted Economic Sanctions On Russia

April 16, 2021

FCC Lists Certain Chinese Telecom Equipment as National Security Risk

March 17, 2021

Draft EU Adequacy Decision Paves the Way for Smooth EU-UK Data Flows Post-Brexit

March 8, 2021

Reminder: NHTSA Updated Cybersecurity Best Practices—Comments Due by March 15, 2021

March 8, 2021

The CCPA and Belaire Notices: Civil Discovery in California’s New Privacy Era

February 25, 2021

CDA Section 230: Its Past, Present, and Future

February 12, 2021

Commerce Department’s New Technology Supply Chain Rules Leave Many Unanswered Questions

February 2, 2021

Data Security and Privacy Predictions for 2021: 6 Issues to Watch

January 28, 2021

Unfinished Business and Potential New Directions: The Biden Administration Faces Many Decisions in Addressing Trump Administration Measures Targeting China and other National Security Threats

January 20, 2021

Despite Brexit Deal, UK Data Transfers Remain in Limbo

January 4, 2021

Trump Administration Takes Further Actions Targeting China as Term Nears End

December 21, 2020

Staying Ahead of the EU Data-Protection Curve: How Companies Can Ensure Continued Transatlantic Data Transfers

December 1, 2020

Video: Data Security & Privacy in the Age of COVID – A Conversation with Lisa Monaco and John Dermody

November 17, 2020

Treasury Issues New Guidance on Risks of Ransomware Payments

October 9, 2020

Preliminary Injunctions Delay Implementation of Commerce Department Orders Targeting TikTok and WeChat

October 1, 2020

Commerce Department Prohibits Transactions with TikTok and WeChat

September 18, 2020

Law Society of Ireland Gazette: The Second Coming

September 9, 2020

Picking up the Pieces After Schrems II

July 30, 2020

New York Files First Charges Under Data Security Regulation

July 30, 2020

U.S. Government Imposes National Security-Driven Procurement Restrictions on Federal Government Contractors that Will Impact Their Supply Chain

July 24, 2020

Federal Contractors and Their Suppliers are in Limbo Awaiting Fast-Approaching Deadline for Implementation of Section 889 Supply Chain Restrictions

July 7, 2020

Survey of Global Artificial Intelligence Regulation: An Evolving and Varied Landscape

June 17, 2020

Recent Cyber Attacks on Critical Infrastructure Highlight Emerging Cyber Risks in the Water Industry

June 10, 2020 Where Will The Needle Land? COVID-19 Contact Tracing v. Protecting Personal Privacy

June 1, 2020

United States Expands Export Controls Targeting Huawei’s Access to US Technology

May 18, 2020

President Trump Issues Executive Order on Securing the United States Bulk-Power System

May 6, 2020

President Issues Proclamation Limiting Immigrant Travel to the United States

April 28, 2020

FEMA Temporarily Bans Exports of Scarce or Threatened Personal Protective Equipment

April 13, 2020

President Trump Issues Executive Order Creating Telecommunications Assessment Committee

April 10, 2020

CPO Magazine: Here Come 5G IoT Devices: What Is “Reasonable Security”?

April 2, 2020

President Trump Invokes the Defense Production Act

March 20, 2020

Navigating Coronavirus “Shelter-in-Place” Orders Issued by Local Public Health Authorities

March 18, 2020

Coronavirus Task Force Podcast: Former Homeland Security Advisor Lisa Monaco on How Companies Can Manage the Coronavirus Crisis

March 16, 2020

O’Melveny Coronavirus Task Force: Data Security and Privacy Considerations During the COVID-19 Response

March 16, 2020

The European Commission Proposes Artificial Intelligence Regulations That Could Reach Businesses Worldwide

March 13, 2020

Indictment of Chinese Military Hackers for Equifax Breach Highlights Important Data Security Lessons

February 11, 2020

O’Melveny Releases State-by-State Guide to US Data Breach Notification Laws

January 29, 2020

EU Advocate General Opinion Is a Mixed Bag for Companies Engaging in US-EU Data Transfers

January 27, 2020

Supreme Court Leaves the Door Open for Expansive Biometric Privacy Lawsuits

January 23, 2020

What’s Next in Data Security and Privacy? 6 Trends to Watch in 2020

January 21, 2020

In the News

Reuters Legal: O’Melveny’s Dermody on New Cybersecurity Directives For Critical Pipelines

August 3, 2021

Law360: Cybersecurity & Privacy Policy To Watch For Rest Of 2021

July 30, 2021

WTOP NEWS: Nation-state hackers undeterred by US ‘naming and shaming’

July 27, 2021

TechRepublic: The Ransomware Risk Management Calculus is Changing for OT, ICS and Critical Infrastructure

July 22, 2021

Law360: 6 Cybersecurity Events That Have Defined 2021

July 12, 2021

Law360: Biden Taps Obama Counterterror Chief To Lead DOJ Division

May 26, 2021

SC Magazine: Colonial Pipeline attack: What government can do to deter critical infrastructure cybercriminals

May 10, 2021

Law360: SolarWinds Sanctions Far From Last Word On Russian Hacks

April 15, 2021

Law360: COVID Inflamed Damaging Year For Data Breach Victims

March 11, 2021

SC Magazine: As Ransomware Inches from Economic Burden to National Security Threat, Policies may Follow

February 25, 2021

Law360: Biden Admin. To Weigh Risk Of Unleashing Cyberweapons

February 8, 2021

Cybersecurity Dive: GDPR Regulators are Sinking Their Teeth into Violators. 2020’s Fines are Proof.

January 28, 2021

CPO Magazine: Pro-Trump Capitol Riot Posed Potentially Serious Cybersecurity Risks Including Spying and Malware Installation

January 13, 2021

FORTUNE: Pro-Trump rioters could face up to 20 years in prison

January 7, 2021

Law360: How Ransomware Will Continue Wreaking Havoc In 2021

January 3, 2021

Law360: Biden Could Use Obama-Era Tools To Counter Sprawling Hack

December 18, 2020

ClearanceJobs: Per NSA, DoD Networks in the Crosshairs of Chinese State-Sponsored Hackers

October 27, 2020

Roll Call: TikTok ‘Not a Great Look’ for Lawmakers, Security Experts Say

September 30, 2020

Press Releases