Alexander J. Urbelis
Overview
Alex Urbelis is a consultant in the New York office and a member of the Privacy and Cybersecurity Group. Alex has more than 20 years of experience in the information security community and has varied experience as a Chief Information Security Officer (CISO), Chief Compliance Officer, in-house counsel, and private practice litigator.
Career & Education
- U.S. Army Judge Advocate General's Corps
Research Associate, 2003 - Central Intelligence Agency (CIA)
Graduate Fellow, Office of General Counsel, 2004 - U.S. Court of Appeals for the Armed Forces
Law Clerk, Chief Judge Effron, 2005 – 2007 - Vermont Supreme Court
Judicial Extern for Justice Denise Johnson, 2004
- U.S. Army Judge Advocate General's Corps
- Stony Brook University, B.A., summa cum laude, Phi Beta Kappa, 2000
- Vermont Law School, J.D., magna cum laude, 2005
- New College, Oxford University, B.C.L., 2008
- New York
- District of Columbia
- U.S. Court of Appeals for the Third Circuit
- U.S. District Court for the Southern District of New York
- U.S. District Court for the Eastern District of New York
Professional Activities and Memberships
- Professor of Law, King’s College, London, 2023 - Present
- UL Research Institute Operations Advisory Board, 2023 – Present
- Uniform Law Commission, Deep Fakes Study Committee, 2023 – Present
- Society of Professional Investigators, 2020 – Present
- Uniform Law Commission, Cybercrime Study Committee, 2021 – Present
- Human Rights First, Technology Advisory Board, 2020 – Present
- Speaker Selection Committee, HOPE Conference, 2019 – Present
- Underwriters Laboratories (UL) Security Council, 2017 – Present
- Board of Directors, Internet Society NY Chapter, 2018 – 2019
Alexander's Insights
Client Alert | 5 min read | 12.19.23
FBI Offers Pathway to Request Delay of SEC Cybersecurity Incident Disclosures
Public companies now have a pathway to request a delay in their cybersecurity incident disclosure to the U.S. Securities and Exchange Commission (“SEC”). On December 6, 2023, the Federal Bureau of Investigation (“FBI”) Cyber Division published the “Cyber Victim Requests to Delay Securities and Exchange Commission Public Disclosure Policy Notice” (the “Policy Notice”) in response to the SEC’s finalized disclosure rules (the “Final Rules”). Published on July 26, 2023, the Final Rules established guidelines around cybersecurity risk management, strategy, governance, and incidents for public companies subject to the Securities Exchange Act of 1934. Among several requirements under the Final Rules, companies are required to disclose cybersecurity incidents within four days of a materiality determination by filing an SEC Form 8-K.
Client Alert | 3 min read | 11.08.23
Client Alert | 6 min read | 07.28.23
Five Key Takeaways from the SEC’s Final Cybersecurity Rules for Public Companies
Recognition
- Luxury Law Summit: Service Provider Award, Category: Brand Protection, 2021
- Financial Times: Innovative Lawyer Awards, Finalist, 2020
Alexander's Insights
Client Alert | 5 min read | 12.19.23
FBI Offers Pathway to Request Delay of SEC Cybersecurity Incident Disclosures
Public companies now have a pathway to request a delay in their cybersecurity incident disclosure to the U.S. Securities and Exchange Commission (“SEC”). On December 6, 2023, the Federal Bureau of Investigation (“FBI”) Cyber Division published the “Cyber Victim Requests to Delay Securities and Exchange Commission Public Disclosure Policy Notice” (the “Policy Notice”) in response to the SEC’s finalized disclosure rules (the “Final Rules”). Published on July 26, 2023, the Final Rules established guidelines around cybersecurity risk management, strategy, governance, and incidents for public companies subject to the Securities Exchange Act of 1934. Among several requirements under the Final Rules, companies are required to disclose cybersecurity incidents within four days of a materiality determination by filing an SEC Form 8-K.
Client Alert | 3 min read | 11.08.23
Client Alert | 6 min read | 07.28.23
Five Key Takeaways from the SEC’s Final Cybersecurity Rules for Public Companies
Alexander's Insights
Client Alert | 5 min read | 12.19.23
FBI Offers Pathway to Request Delay of SEC Cybersecurity Incident Disclosures
Public companies now have a pathway to request a delay in their cybersecurity incident disclosure to the U.S. Securities and Exchange Commission (“SEC”). On December 6, 2023, the Federal Bureau of Investigation (“FBI”) Cyber Division published the “Cyber Victim Requests to Delay Securities and Exchange Commission Public Disclosure Policy Notice” (the “Policy Notice”) in response to the SEC’s finalized disclosure rules (the “Final Rules”). Published on July 26, 2023, the Final Rules established guidelines around cybersecurity risk management, strategy, governance, and incidents for public companies subject to the Securities Exchange Act of 1934. Among several requirements under the Final Rules, companies are required to disclose cybersecurity incidents within four days of a materiality determination by filing an SEC Form 8-K.
Client Alert | 3 min read | 11.08.23
Client Alert | 6 min read | 07.28.23
Five Key Takeaways from the SEC’s Final Cybersecurity Rules for Public Companies