Cook Consulting Group LLC

The Leading Legal Experts in
Cybersecurity and Data Privacy


DUNS 080580873

Cook Consulting Group, LLC is a certified Service Disabled Veteran Owned Small Business (SDVOSB) specializing in cybersecurity and data privacy. Companies doing business with federal and state government bodies and agencies can receive credit for employing our services to meet their requirements.

Company founder Bill Cook is regarded as the most experienced cybersecurity attorney in the country. While Cook Consulting Group was certified by the Office of Veterans Affairs in 2017, Cook himself has over 35 years of experience advising and modernizing government entities and private organizations to meet cybersecurity threats and the address the legal risks facing organizations. He has particular expertise in hostile technology, having helped more than 50 companies overcome computer intrusions and liability in the past two years alone.





Bill Cook, Founder & CEO

 Bill Cook

Bill Cook has over 35 years of legal experience in IP litigation, internal investigations, data security, and privacy counseling as a partner in some of the nation’s top law firms, including Reed Smith, McGuireWoods, and Winston & Strawn. He has provided data privacy and security counseling to a wide range of industry sectors: aviation, advertising, automotive, construction, defense contractors, education, energy, entertainment, food service and distribution, finance, government (White House, DOD, GSA, NSA, NSF, FCC and FTC), healthcare, hospitality, information management and security, insurance, internet services, not-for-profit organizations, real estate, retail, utilities (power, gas, and electric), social media enterprises, telecommunications, and transportation.

Cook’s 53 computer intrusion investigations over the past several years have led to compliance and security assessments of specific security controls under state privacy laws and federal SEC, FTC, and HIPAA/HITECH regulations, as well as the PCI data security standard. In this role, he is often called on to evaluate outside forensic reports under the attorney-client privilege. He has handled 18 PCI DSS compliance and intrusion matters since 2006.

He conducts internal corporate investigations involving industrial espionage, malware, ransomware, employee misconduct, computer intrusions, and the advanced persistent threat. As an intellectual property litigator, he handles cases involving trade secrets, copyrights, patents, “malvertising,” privacy rights, social media and unfair competition before federal and state courts and the FTC.

Cook has also served as a federal court-appointed trustee in an international call-sell operation brought by the FTC. He is currently on the U.S. Trustees Privacy Ombudsman Panel.

Internationally, Cook has worked with clients in Canada, the United Kingdom, France, Spain, Brussels, Germany, Italy, and Israel on ISO 27001, PIPEDA, and the EU Data Privacy Act on security compliance. His international investigations have also involved China, Japan, Russia, Bulgaria, Poland, and Saudi Arabia.

Cook has been recognized multiple times as a “Leader in the Field” by Chambers USA and Chambers Global for his security and privacy practice.

He also advises clients on export and import regulations and compliance with the Department of Commerce’s Export Administration Regulations and the State Department’s International Traffic in Arms requirements. He litigates export and import compliance matters, as well as new shipper review designations. He has handled white collar criminal matters for victims and defendants concerning industrial espionage, healthcare fraud, defense contracting fraud, mail fraud, and violations of U.S. export restrictions.

In 2016, Cook was asked by the U.S. Secret Service to serve on the Steering Committee of the Chicago Electronic Crimes Task Force. In that role, he helps advance the collaboration among law enforcement, academia, and the private sector that has been a hallmark of the U.S. Secret Service’s 39 electronic crimes task forces across the country.

Before entering private practice, Cook served as an assistant U.S. attorney in Chicago for 16 years, including 14 years in the Special Prosecutions Unit of that office. He has tried 85 cases as a prosecutor and in private practice. While with the Justice Department, he headed the Computer Fraud & Abuse Task Force in Chicago and served as the Counter-Terrorism and Counter-Espionage Coordinator in the Chicago U.S. Attorney’s Office. He gained in-depth experience with business continuity planning while acting as the Justice Department Liaison for planning to FEMA. In private practice, Cook counsels corporate clients on business continuity planning, using many of the strategies developed in the book he co-authored, “Critical Information Infrastructure Protection and the Law,” published by the National Research Council.

Cook has testified before the U.S. House Judiciary Committee, the FCC, and the National Science Foundation on internet law and liability. He taught internet and web law as an adjunct professor at the University of Illinois Law School, and was a guest lecturer on information security law and liability at Bell Laboratories, Harvard, Yale, Purdue, the University of Illinois, and the University of Salzburg.

Prior to his legal career, Cook served in the U.S. Army Infantry from 1968 to 1970. As an Airborne Ranger, he was deployed as a combat infantry platoon leader with the 25th Infantry Division in the Republic of South Vietnam. He was awarded a Combat Infantry Badge, three Bronze Stars, two Purple Hearts, two Army Commendation Medals and the Vietnamese Cross of Gallantry. Cook is a service-connected disabled veteran because of his experiences in combat in Vietnam.

Our Team

Cook Consulting Group uses a team approach, bringing in other attorneys and computer forensic experts to solve complex technological and cybersecurity issues. We also call upon members of the FBI, U.S. Secret Service, and numerous other relevant state and federal government agencies with whom we have close connections.

Cook Consulting Group operates seamlessly with clients in a collaborative atmosphere, combining our team members’ expertise and clients’ skills to reach a joint product that meets each client’s needs.

Awards & Accolades (sample list)

  •  Nominated by peers for in “Who’s Who Legal in Telecommunications Media & Technology,” Information Technology
  • Named as a “Leader in the Field,” Privacy & Data Security, Chambers USA and Chambers Global, 2008-2012
  • Special Commendation and Special Achievement Awards, U.S. Justice Department
  • Commendation for Computer Fraud Prosecutions and Establishing Chicago FBI/InfraGard Program, Federal Bureau of Investigation
  • U.S. Customs Commissioner’s Award for Export Prosecutions
  • Award for Commerce Commodity Control Litigation, U.S. Department of Commerce
  • Award for Law Enforcement Assistance, U.S. Secret Service

“I have known Bill Cook for many years, back when he testified as an expert on cybersecurity law before the House Judiciary Committee. He is widely regarded as an expert in cybersecurity law.”

Richard Marshall, CEO,
X-Ses Consultants, LLC;
former Director of Global
Cyber Security Management,
Department of Homeland Security


“One cannot give trust or respect. These rare qualities must be earned. My relationship with attorney Bill Cook is built on 16-plus years of wise counsel. I am fortunate because he has become a friend, colleague, and energetic business mentor upon whom I can always depend.”

—Kirk Kreutzig, President,
Spectrum Technologies International, Ltd.

Speaking Engagements & Publications

    Speaking Engagements (sampling — average 12 engagements per year)

    • “Ransomware and How to Insure Against It,” CECTF, December 2016
    • “Current Risk Level, Ransomware, and the Advanced Persistent Threat,” Insurance Industry Forum, December 2016
    • Chicago MCLE Day, Chicago, Illinois, 6 May 2016
    • “A Live Cyber Intrusion Incident Response Exercise,” CSO Magazine Conference, Chicago, Illinois, 17 November 2015
    • “When the HMDA Data Speak, What Will They Say and Who Will Be Listening: The Privacy Implications of the New Home Mortgage Disclosure Act Data Regulations,” CRA & Fair Lending Colloquium 2015, Orlando, Florida, 3 November 2015
    • “Case Study: The Wall’s Been Breached,” Women in Corporate Governance, Washington, D.C., 15 October 2015
    • “Cybersecurity Issues in Social Media,” ACLI Annual Conference, Chicago, Illinois, 13 October 2015
    • “Data Security,” Mortgage Bankers Association, Washington, D.C., 22 September 2015
    • “Exploring the Dark Net: Cyber Extortion and Bounty Programs,” Chicago, Illinois, 26 August 2015

    Publications (sampling from over 300 articles and publications)

    • “Third Circuit Upholds FTC’s Authority in Wyndham Case,” Technology Law Dispatch, 25 August 2015. Co-authors: Paul Bond, Christine Nielsen Czuprynski
    • “9 Steps to Prepare a Data Breach Debrief for the CEO in 30 Minutes,” Technology Law Dispatch, 11 May 2015
    • “The GC’s 30-Minute Breach Drill,” Reed Smith Client Alerts, 11 May 2015



      Areas of Expertise
      and Recent Projects


      Recent Projects

      Assist clients with HIPAA and HITECH security requirements and policies, security assessments, OCR audit preparation, and breach-notification requirements. Work with clients on new mobile and cloud computing initiatives, from contracts to security protocols.

      Prepare cloud computing contracts and security requirements for telecommunications providers, counsel regarding Commerce Department export control and deemed-export issues such as development of technologies and encryption systems.

      Defense Contractors
      Advise contractors on security incident contracting and breach incident response, DOD and SEC security standards, general security regulatory requirements and liability exposures, industrial espionage and trade-secret theft representation, counseling with respect to DOD NISPOM 1-301 breach notification obligations. Work with clients on SCADA system vulnerabilities and the APT.

      Counseling on GLB and SO security requirements, data-breach exposures, and response. Conduct compliance and incident-response training exercises.

      Utilities and Power
      Advise clients on generally applicable security requirements relating to the protection of PII and retail transactions, as well as on NERC security standards. Work with clients on policies to remediate and plan for SCADA vulnerabilities, using classified information provided by federal law enforcement.

      Supply Chain
      Assist clients with protecting the integrity of their supply chains, including examining the security of supply sources and delivery mechanisms to ensure that component parts and services are free from malicious threats, and final products and services can be certified and trusted.

      Conducting privacy and data security liability audits of company intranet and extranet, including evaluation of ramifications of new state employee privacy-protection requirements, as well as an evaluation of Commerce Department export control issues related to international intranet and protection of company trade secrets and proprietary information.

      Areas of Expertise

      Cook and his team possess valuable, in-depth experience in the following areas:

      • Breach notification and representation before regulators
      • Data transfer and representation before regulators
      • eDiscovery issues relating to U.S. and European litigation
      • EU data privacy compliance
      • PIPEDA data privacy compliance
      • Industrial espionage investigations and litigation
      • Intellectual property litigation
      • Trade-secret protection and litigation
      • Bring your own device (BYOD)
      • Cloud computing, contracts, and security
      • Computer intrusion
      • Crisis communications
      • Defense contracting and security
      • Employee data management
      • Employer and employee relations and privacy
      • Encryption policy deployment and export controls
      • Global data transfer
      • Government and criminal investigations
      • HIPAA and HITECH security assessments and audits
      • Identity and credential theft
      • Incident response
      • Mobile data privacy
      • Payment credit-card industry data security standards (PCI DSS)
      • Privacy consulting
      • Regulatory consulting on security standards
      • Safe-harbor provisions
      • Technology export and import controls