Randy Sabett

Vice Chair of the Privacy & Data Protection, Cooley, LLP
Commissioner for the Commission, Cyber Security for the 44th Presidency

Randy V. Sabett, JD, CISSP, is Vice Chair of the Privacy and Data Protection practice group and a member of the firm’s Technology Transactions Group. He rejoined the Firm in 2014 and is resident in the Washington, DC and Reston offices.

Mr. Sabett counsels clients on a wide range of cutting-edge cybersecurity, privacy, IT licensing, and intellectual property issues, including compliance with relevant international, federal and state laws and regulations, government and industry standards (such as the NIST Cybersecurity Framework and the PCI Data Security Standard), authentication, Public Key Infrastructure (PKI), active defense, federated identity, identity theft, and security breaches. Mr. Sabett helps clients develop strategies to protect their information, including advising companies on developing and maintaining appropriate internal controls to meet privacy and cybersecurity requirements. He also drafts and negotiates a wide variety of technology transaction agreements. Having previously served as an in-house counsel to a Silicon Valley startup, Mr. Sabett employs a pragmatic approach when structuring and negotiating such agreements.

Mr. Sabett served as a Commissioner for the Commission on Cyber Security for the 44th Presidency. He has been recognized as a leader in Privacy & Data Security in the 2007 – 2015 editions of Chambers USA: America’s Leading Lawyers for Business and is listed in the International Who’s Who of Business Lawyers. He also was named the Information Security Professional of the Year by the Information Systems Security Association (ISSA) for 2013 and was previously named as one of the “Top 50 Under 45” by the American Lawyer’s IP Law & Business magazine. He was also recognized as a leading lawyer in the 2015 US edition Legal 500 for Media, Technology and Telecoms – Technology Transactions, and as a “Top Lawyer” in the area of cybersecurity by Washingtonian Magazine.

Prior to rejoining Cooley, Mr. Sabett was Counsel at ZwillGen, a boutique law firm focused on cybersecurity, and before that a partner at SNR Denton. He also served as Senior Technology Counsel for a Silicon Valley information security company. Additionally, Mr. Sabett has several years of engineering experience in the information security marketplace and has worked in active noise cancellation, as well as having served with the National Security Agency as a crypto engineer. He holds two U.S. patents, one in the area of information security (U.S. Patent No. 6,981,149) and the other in the area of active noise cancellation (U.S. Patent No. 5,440,642).

Mr. Sabett is on the Board of Directors for the Georgetown Cybersecurity Law Institute and the Board of Directors for the Northern Virginia Chapter of the Information Systems Security Association (ISSA). He is also a member of the Section of Science and Technology Law of the American Bar Association, where he has served as both the Co-Chair and the Co-Vice Chair of the Information Security Committee. In addition, Mr. Sabett is a member of the International Association of Privacy Professionals (IAPP).

Selected Publications & Media Appearances

  • Author, “Sabett’s Brief,” ISSA Journal monthly column (2008-present)
  • Co-author, “Adequate Attribution: A Framework for Developing a National Policy for Private Sector Use of Active Defense,” University of Maryland, Francis King Carey School of Law, Journal of Business and Technology Law, Vol. 8, Issue 1 (2013)
  • Co-author, “The ABA Cybersecurity Handbook: A Resource for Attorneys, Law Firms and Business Professionals,” American Bar Association (2013)
  • Appearance on C-SPAN’s “Washington Journal,” Cyber Security and Federal Policy (April 2011)
  • Co-author, “The Third-Party Assurance Model: A Legal Framework for Federated Identity Management,” Jurimetrics, Vol. 50, No. 4 (Summer 2010)
  • Appearance on “PBS NewsHour” with Jim Lehrer, “Cyber Attacks on U.S. Government Put Digital Security in Spotlight” (July 2009)
  • Author, “Widgets, Gadgets, and Badges: Oh My! The New Privacy Concern,” BNA Privacy and Security Report (2008)
  • Author, “Metadata: Savior or Pariah?” Council of Bars and Law Societies of Europe (2006)
  • Contributing author, “Encyclopedia of Cryptography and Security,” Springer Publishing (2005)
  • Author, “If You Build It, They Will Come: Secure Federated Identity,” Colorado Lawyer, Vol. 33, No. 10; p. 41 (2004)
  • Co-author, “X.509 PKI Certificate Policy and Certification Practices Framework,” [RFC 3647] (2003)
  • Author, “Internet Creates Potential for Infosec Liability,” BNA Electronic and Commerce Law Report, Vol. 7, No. 24 (2002)
  • Author, “Financial Services PKI Policy and Practices Framework,” ANSI X9.79, American Bankers Association (2001)
  • Author, “The Effects of Technology Convergence and PKI on the Practice of Law,” University of Baltimore IP Law Journal (1999)
  • Co-author, “Key Recovery in a Public Key Infrastructure,” Jurimetrics, Vol. 38, No. 3 (1998)
  • Author, “Digital Signatures Could Be Next Step in Integrity of Electronic Commerce,” The Daily Record (1997)
  • Author, “International Harmonization in Electronic Commerce and EDI: A Proposed First Step Toward Signing on the Digital Dotted Line,” The American University Law Review, Vol. 46, No. 2 (1996)

Selected Activities & Speaking Engagements

  • MACH37 / AOL / Marsh & McLennan Joint Panel, “Cyber Risk and the Insurance Challenge” (October 2015)
  • AALA Annual Meeting, “Advanced Technologies and Telematics: Legal and Legislative Challenges for Commercial Fleets” (September 2015)
  • CTBT: Science and Technology 2015, “Citizen Networks: The Promise of Technological Innovation” (June 2015)
  • AHIP 2015 Institute, “Cyber Security and Privacy: Creating a Secure Environment in a Big Data World” (June 2015)
  • PLI 16th Annual Institute on Privacy and Data Security Law, “The Latest Developments in Cybersecurity Law” (May 2015)
  • NACD Strategy & Risk Forum, “Detecting & Deterring Fraud: The Next Generation of Risks and Responses” (May 2015)
  • 2015 RSA Conference, “Managing Expectations: The S.E.C. & F.T.C. Target InfoSEC Compliance” (April 2015)
  • 4th Annual BCLT Privacy Law Forum, “Data Security: Are There (Legal) Solutions?” (March 2015)
  • TTP Workshop, “Technology Transfer to Practice (TTP) in NSF and DHS Funded Cybersecurity Research” (February 2015)
  • 2015 ISSA CISO Forum, “Top Ten Things Management and Boards Need to Know About Cybersecurity” (January 2015)
  • ACUTA Winter Seminar, “FERPA & Beyond: Privacy & Data Security Issues for Distance Learning” (January 2015)
  • Internet of Things World, “IoT Market Lab 1 – Health & Wellness” (June 2014)
  • Practising Law Institute’s Privacy and Data Security Law Institute, “The Latest Developments in Cybersecurity” (May 2014)
  • Panel: Georgetown Cybersecurity Law Institute, “Offensive Cyber Operations or Cyber Self-Defense: A Simulation” (May 2014)
  • Law Seminars International’s The Cloud and Big Data 2014, “Big Data: Current Legal Issues in Data Collection and Analytics” (April 2014)
  • 2014 RSA Conference, “Hackback? Claptrap! – An Active Defense Continuum for the Private Sector” (February 2014)
  • Panel: Suits & Spooks, “Security Town Hall: A Debate on Balancing National Security Versus Privacy Rights” (February 2014)
  • Annual Guest Lecturer, “Intellectual Property and Information Security,” for Avi Rubin’s course Security and Privacy in Computing, Information Security Institute, Johns Hopkins University, Baltimore, MD
  • ISSA Annual Meeting, “Walking Into a Minefield: The Legal Pros and Cons of Active Defense” (October 2013)
  • AFCEA International Conference, “Pushing the Active Defense Barrier – How Far Can We Go?” (June 2013)
  • Panel: Georgetown Cybersecurity Law Institute, “Legislative & Case Law Update” (May 2013)
  • Keynote: University of Maryland Cybersecurity Center Symposium 2013, “Electronic Countermeasures – The Controversy Over Active Cyber Defense” (May 2013)
  • 2013 RSA Conference, “Tracking Employees via Mobile Devices – Legal…or Not?” (February 2013)
  • Bisnow Cybersecurity Event (with Rep. Dan Lundgren) (June 2012)
  • University of Maryland Law School, “Cybersecurity: Safeguarding Information in a Digital Age” (March 2012)
  • 2012 RSA Conference, “Fraud and Data Exfiltration: Defending Against the Mobile Explosion” (February 2012)
  • Transglobal Secure Collaboration Programme (TSCP), Presentation at the Hague (October 2011)
  • NACHA MEGA Conference, “For Payments, Best Offense is a Multi-Tiered Defense” (October 2011)
  • InfoSec World 2011, “E-Discovery Best Practices” and “Legal Considerations in the Cloud” (April 2011)
  • ITSEF/SINET, “Other Transactions (OT) Authority: Use of Technology Investment Agreements to Accelerate Cyber Technology into the U.S. Government” (March 2011)
  • IAPP Global Privacy Summit, “Privacy vs. Security: Achieving Balance” (March 2011)
  • 2011 RSA Conference, “BYOD: Bring Your Own Device – Security & Mobile Computing” (February 2011)
  • AlwaysOn Conference, moderator of “Transactions 2.0” panel (July 2010)
  • IAPP Global Privacy Summit, “Processing Confidential Data in a Multinational Environment” (April 2010)
  • 2010 RSA Conference (March 2010)
  • Keynote for The Master’s Conference (October 2009)
  • TechAmerica, “Identity Management Vision” Breakfast Briefing (September 2009)
  • ISSA Web Conference Live Broadcast, “The Truth about Securing Mobile Devices” (August 2009)
  • 2009 RSA Conference (April 2009)
  • I-4 Forum 65, “Legal Issues in the Cloud” (November 2008)
  • ITAA Indent Event, “Authentication Challenges for the New Administration” (October 2008)
  • IDC Security Summit 2008, “Managing a Data Breach: What Every CISO Needs to Know” (September 2008)
  • ITAA, “E-Authentication: When PIN and Password Aren’t Enough” (June 2008)
  • 2008 Defending Cyberspace Symposium, Ronald Reagan International Trade Center (May 2008)
  • 2008 RSA Conference (four different sessions) (April 2008)
  • InfoSec World 2008, “E-Discovery Best Practices” (March 2008)
  • 2007 RSA Conference Europe, “Securing Aerospace and Defense Collaboration – Identity Federation” (October 2007)
  • International Trade Administration, “Identity Management & International Business Roundtable” (September 2007)


  • University of Baltimore School of Law
    JD, 1996
  • Syracuse University
    BS, 1985

Bar Admissions

  • District of Columbia
  • Maryland
  • U.S. Patent and Trademark Office
  • Virginia


  • American Bar Association – Section of Science and Technology Law
  • Georgetown Cybersecurity Law Institute
  • Information Systems Security Association
  • International Association of Privacy Professionals