Photo, John W. Woods, Jr.

John W. Woods, Jr.

Baker & McKenzie LLP


John Woods serves as co-head of the Global Cybersecurity practice group and is a partner based in Washington, DC. Over the past decade he has received recognition or ranking in the Legal 500, Chambers Global and USA Guides, Washingtonian Magazine, Corporate Counsel Magazine and BTI Consulting Group.

Practice Focus

Over the past fifteen years Mr. Woods has led the investigative and legal response to some of the largest and most complex cybersecurity incidents and compliance challenges. This has included overseeing the investigation into network intrusions, representing clients in post-incident disputes, and coordinating response activities with law enforcement and other government agencies. He has a particular focus advising on the legal and compliance issues associated with pre-incident cyber resilience projects, data integrity attacks, and operationally impactful malware incidents.

Representative Legal Matters

  • Lead legal advisor to Fortune 20 company on the governance, compliance and legal issues associated with board of directors mandated cyber resilience project.
  • Served as legal advisor and oversaw investigation into SCADA system malware compromise at critical infrastructure provider. Advised on coordination with Department of Homeland Security and Federal Bureau of Investigation.
  • Led the strategic global legal response and investigation for Fortune 500 consumer goods organization victimized by NotPetya malware incident. Announced financial impact on client exceeded USD 125 million.
  • Served as lead investigative counsel and legal advisor to three separate financial institutions over a six-year period involving data manipulation attacks on pre-paid credit cards. Total monetary losses associated with incidents exceeded USD 60 million. Clients were located in the United Kingdom, United States and India/Oman and involved coordination with law enforcement in 27 different jurisdictions.
  • Served as lead counsel in litigation filed against the Federal Trade Commission (FTC) regarding investigation into client data breach. Matter resolved after litigation commenced through the FTC issuing a no action letter.
  • Serve as board counsel to an insurance holding company regulated by the Federal Reserve Board with regard to cybersecurity related legal matters.
  • Conducted FFIEC mandated independent investigation for major financial services company on nature, scope and risk resulting from a network intrusion that resulted in direct financial losses in excess of USD 13 millon.
  • Served as lead counsel for Fortune 250 entity on global cybersecurity assessment. Directed and provided oversight to over 40 network security engineers and assessors from major global consultancy.
  • Acted as special counsel to major retailer and led investigation into network intrusion in which over 45 million credit cards were compromised.
  • Retained by board of directors of transportation critical infrastructure provider to independently investigate management's oversight of cybersecurity related risks.

Professional Honors

  • Recognized in “Best Lawyers for Cybersecurity,” Washingtonian Magazine 2018 
  • Ranked in Litigation: E-Discovery, Chambers Global, 2012 – 2017
  • Ranked in Nationwide Litigation: E-Discovery, Chambers USA, 2010 – 2017
  • Ranked in Cybercrime, Legal 500, 2014
  • Mentioned in Band 1 Practice, Global Data Protection, Chambers Global, 2010 – 2011


  • District of Columbia~United States (1998)
  • Virginia~United States (1996)
  • New Hampshire~United States (1995)


  • University of Virginia School of Law (J.D.) (1995)
  • Colby College (B.A. Government) (1990)


  • English

Chapter author, “Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers,” New York Stock Exchange Publication, 2015

Chapter author, “E-Discovery in Internal Investigations,” Thompson West Treatise entitled "E-Discovery for Corporate Counsel"

Author,“Whether Cyber-Incident Poses 'Material Risk' Needing SEC Disclosure Is Tough Question,” BNA Privacy Law Watch, 30 December 2011