Cody Wamsley, CISSP

Cody Wamsley, CISSP



Cody helps clients navigate complex information security challenges by blending his in-house experience and technical background with forward-thinking policy expertise.

His background as a patent attorney and information security subject matter expert enables him to interface seamlessly with technical security professionals while simultaneously drawing on his management experience to integrate with executives and provide strategic guidance to achieve success.

Cody’s experience includes data breach response, information security policy and program development, third party risk, negotiating and drafting complex technology contracts, providing counsel on technology transactions, and advising on global data security and privacy issues for both startups and large enterprises.  Cody is the GDPR lead for Dorsey's internal compliance and has assisted numerous clients in developing comprehensive GDPR-ready privacy programs.  He has spoken widely on information security issues at industry conferences and on television.

Education & Admissions

George Washington University Law School (LL.M., Intellectual Property Law, 2011)

Arizona State University (Physics, 2009)

University of Kansas School of Law (J.D., 2008)

University of Kansas (B.S., Business Administration, 2004)

University of California, Santa Barbara (Computer Engineering, 2001)


  • United States Patent and Trademark Office
  • Arizona
  • District of Columbia
  • Minnesota


Representative Experience

Cody has represented numerous clients in breach response, development of privacy policies and procedures, and technology transactions that implicate data security issues.

  • Led multiple complete GDPR-compliance initiatives, including privacy & governance, information security, third party privacy & security management, incident response, cross-border transfer, and children's privacy programs for organizations with operations spanning over 180 countries
  • Guided numerous clients through data breach response, including required notifications to affected individuals and regulators
  • Developed internal information security policies for numerous clients, including incident response plans, third party security, encryption standards, access control, BYOD, data retention, business continuity, and privacy policies
  • Negotiated data protection provisions and facilitated information security audits for $1.1B annual revenue financial services deal
  • Negotiated and drafted data protection purchase agreement terms in $120M financial services M&A transaction
  • Served as information security subject matter expert on Digital Payments and Mobile Wallets Product Governance Steering Committee at American Express
  • Privacy lead for Technology Operational Risk organization at American Express
  • Negotiated and drafted customer, vendor, consulting, and partner agreements including: MSA, SLA, SOWs, VAR, SaaS, cloud, outsourcing, IP licensing, and OEM agreements
  • Served as Facility Security Officer (FSO) for classified government transactions
  • Counseled clients on intellectual property issues related to computer technologies, including prosecuting patent and trademark applications, conducting freedom-to-operate evaluations, IP valuation for potential M&A activity or licensing agreements
  • Served as PCI, Fintech, and GDPR subject matter expert both in-house and for clients
  • Represented technology industry members in NIST Cybersecurity Framework drafting workshops
  • Contributor to early development of Structured Threat Information eXpression (STIX) framework and Chief Product Owner for automated threat indicator sharing & response software platform

News & Resources

Select Presentations

  • “Vendor Management or:  How I Learned to Stop Worrying and Love the Third-Party Audit,” Midwest Legal Conference on Privacy & Data Security, Minneapolis, MN, January 2019
  • “Law Firms and Data Security:  Complying With Your Ethical Obligations,” The 2019 New Lawyer Experience, Minneapolis, MN, January 2019
  • “Identity Theft Solutions,” Dorsey Well Ahead Program, Minneapolis, MN, November 2018
  • “Practical Third-Party Information Security Risk Management: More Than Questionnaires, Less Than Full-Blown Audits,” Privacy & Security Forum, Washington, DC, October 2018
  • Information Security CLE Program, Minnesota State Bar Association, Minneapolis, MN, September 2018
  • Opening Speaker & Host, Security Titans, Scottsdale, AZ, February 2018
  • “Incorporating Threat Intelligence into a World-Class Third Party Risk Program,” Anomali Detect 2017, Washington, DC, September 2017
  • “How to Operate a GDPR Compliant Business in The European Community,” ITSP Magazine GDPR Webinar Series, August 2017
  • “Cloud Vendors: Privacy and Security Considerations, Due Diligence for Outsourcing Vendors, Negotiating Vendor Agreements, and Maintaining Compliance When Dealing with a Customer and Cloud Vendors,” ACI Forum on Privacy & Security of Consumer and Employee Information, San Francisco, CA, October 2016
  • “Business to Business Litigation: Vendor Litigation, Service Provider Litigation, and Examining the Ecosystem of Payment Card Breaches,” ACI Forum on Data Breach & Privacy Litigation and Enforcement, New York, NY, September 2016
  • “Information Governance and Data Management,” Post-conference Workshop, ACI Forum on Data Breach & Privacy Litigation and Enforcement, New York, NY, September 2016
  • “Third Party Oversight and Vendor Management,” ACI Forum on Cyber Security and Data Privacy & Protection, Chicago, IL, June 2016
  • “Building a Relationship Between Privacy and Information Security Professionals,” Post-conference Workshop, ACI Forum on Cyber Security and Data Privacy & Protection, Chicago, IL, June 2016
  • “Ransomware 101,” Innovate Pasadena, Pasadena, CA, April 2016
  • “Threat Detection and Hacking Back,” McBride Law Conference, Long Beach, CA, April 2016
  • “Mobile Security Strategy with BYOD,” Arizona Technology Council Cybersecurity Summit, Scottsdale, AZ, May 2015


  • “Flashes of Genius, Toiled Experimentation, and Now Artificial Creation: A Case for Inventive Process Disclosures,” LL.M. thesis, The George Washington University, August 2011
  • “Annual Review of Intellectual Property Law Developments 2009,” American Bar Association, Contributing Author, January 2010
  • “Internet Transmissions: Who Owns the Data and Who Protects It?,” Journal of Internet Law, Author, February 2008

Other Projects

  • Creator, workflow gallery (2015)
  • Creator, STIXITS, card game to teach STIX threat intelligence constructs (2014)

Industries & Practices

Cybersecurity, Privacy & Social Media
Patent Prosecution, Portfolio Strategy & Management
  • Banking & Financial Institutions
  • Cybersecurity, Privacy & Social Media
  • Europe
  • Financial Services Regulatory
  • Intellectual Property Litigation
  • National Security Law
  • Patent Prosecution, Portfolio Strategy & Management
  • Technology
  • Technology Commerce
  • Telecommunications
  • Trademark, Copyright & Advertising

Professional & Civic

Professional Achievements

  • Certified Information Systems Security Professional (CISSP)
  • President, Information Systems Security Association (ISSA) – Phoenix Chapter
  • Member, InfraGard
  • Member, Intellectual Property Section – State Bar of Arizona
  • Member, International Association of Privacy Professionals (IAPP)
  • Section Council Member, Computer and Technology Law Section – Minnesota State Bar Association
  • Expert Contributor, ITSP Magazine


North Star Lawyer

  • MSBA North Star Lawyer, 2018
Cody Wamsley, CISSP