1. Home
  2. |Professionals
  3. |Alexander J. Urbelis

Alexander J. Urbelis

Consultant

Overview

Alex Urbelis is a consultant in the New York office and a member of the Privacy and Cybersecurity Group. Alex has more than 20 years of experience in the information security community and has varied experience as a Chief Information Security Officer (CISO), Chief Compliance Officer, in-house counsel, and private practice litigator.

Alex has a unique skill set that has allowed him to create a bridge between the technical and legal side of cybersecurity. As a result, he is the primary architect of an exclusive DNS (Domain Name Search) monitoring and intelligence platform. Through this intel platform, Alex advises his clients on identified and early-stage indicators of cybersecurity threats and provides counsel on legal actions and technical defensive remedies to neutralize those threats. Alex tracks sophisticated cyber adversaries and advanced persistent threats (APTs) through his intel platform and, notably, detected a state-sponsored cyber intrusion attempt targeting the World Health Organization in March 2020. For combining legal and technical skill sets with public service, the Financial Times selected Alex as a finalist for its Innovative Lawyers awards for pandemic response in 2020.

Prior to joining Crowell & Moring, Alex co-founded an information security, compliance, and related investigative services law firm with a cybersecurity advisory consulting arm. While working as a partner at his firm, Alex took a secondment to serve as Interim CISO of the NFL, where he managed cyber risk, incident response, and directed information security strategy to protect information assets. Before founding his firm, in London, Geneva, and New York, Alex served as Chief Compliance Officer for one of the world’s largest luxury conglomerates, Richemont, handling all aspects of worldwide legal compliance, including anti-bribery and anti-corruption efforts, whistle-blowing matters, internal and external investigations, and ensuring that employees and partners adhered business conduct and corporate social responsibility standards. 

In addition to advising clients on a wide range of data security and privacy matters, Alex has assisted the world’s largest technology companies and non-profit organizations with Internet governance matters and the expansion of the global DNS. He has a deep understanding of Uniform Domain-Name Dispute-Resolution Policy (UDRP) proceedings, Uniform Rapid Suspension (URS) proceedings, and national Dispute Resolution Proceedings (DRPs) to reclaim domain names from threat actors and cybersquatters.

As an appellate lawyer, Alex has represented U.S. service members and civilians in claims for torture compensation before the U.S. Supreme Court and has successfully argued for Convention Against Torture protection for potential deportees in the US Court of Appeals for the Third Circuit.

Career & Education

|
    • U.S. Army Judge Advocate General's Corps
      Research Associate, 2003
    • Central Intelligence Agency (CIA)
      Graduate Fellow, Office of General Counsel, 2004
    • U.S. Court of Appeals for the Armed Forces
      Law Clerk for Chief Judge Effron, 2005-2007
    • Vermont Supreme Court
      Judicial Extern for Justice Denise Johnson, 2004
    • U.S. Army Judge Advocate General's Corps
      Research Associate, 2003
    • Central Intelligence Agency (CIA)
      Graduate Fellow, Office of General Counsel, 2004
    • U.S. Court of Appeals for the Armed Forces
      Law Clerk for Chief Judge Effron, 2005-2007
    • Vermont Supreme Court
      Judicial Extern for Justice Denise Johnson, 2004
    • Stony Brook University, B.A., summa cum laude, Phi Beta Kappa, 2000
    • Vermont Law School, J.D., magna cum laude, 2005
    • New College, Oxford University, B.C.L., 2008
    • Stony Brook University, B.A., summa cum laude, Phi Beta Kappa, 2000
    • Vermont Law School, J.D., magna cum laude, 2005
    • New College, Oxford University, B.C.L., 2008
    • New York
    • District of Columbia
    • U.S. Court of Appeals for the Third Circuit
    • U.S. District Court for the Southern District of New York
    • U.S. District Court for the Eastern District of New York
    • New York
    • District of Columbia
    • U.S. Court of Appeals for the Third Circuit
    • U.S. District Court for the Southern District of New York
    • U.S. District Court for the Eastern District of New York
  • Professional Activities and Memberships

    • Professor of Law, King’s College, London, 2023 - Present
    • UL Research Institute Operations Advisory Board, 2023 – Present
    • Uniform Law Commission, Deep Fakes Study Committee, 2023 – Present
    • Society of Professional Investigators, 2020 – Present
    • Uniform Law Commission, Cybercrime Study Committee, 2021 – Present
    • Human Rights First, Technology Advisory Board, 2020 – Present
    • Speaker Selection Committee, HOPE Conference, 2019 – Present
    • Underwriters Laboratories (UL) Security Council, 2017 – Present
    • Board of Directors, Internet Society NY Chapter, 2018 – 2019

    Professional Activities and Memberships

    • Professor of Law, King’s College, London, 2023 - Present
    • UL Research Institute Operations Advisory Board, 2023 – Present
    • Uniform Law Commission, Deep Fakes Study Committee, 2023 – Present
    • Society of Professional Investigators, 2020 – Present
    • Uniform Law Commission, Cybercrime Study Committee, 2021 – Present
    • Human Rights First, Technology Advisory Board, 2020 – Present
    • Speaker Selection Committee, HOPE Conference, 2019 – Present
    • Underwriters Laboratories (UL) Security Council, 2017 – Present
    • Board of Directors, Internet Society NY Chapter, 2018 – 2019

Alexander's Insights

Client Alert | 5 min read | 12.19.23

FBI Offers Pathway to Request Delay of SEC Cybersecurity Incident Disclosures

Public companies now have a pathway to request a delay in their cybersecurity incident disclosure to the U.S. Securities and Exchange Commission (“SEC”). On December 6, 2023, the Federal Bureau of Investigation (“FBI”) Cyber Division published the “Cyber Victim Requests to Delay Securities and Exchange Commission Public Disclosure Policy Notice” (the “Policy Notice”) in response to the SEC’s finalized disclosure rules (the “Final Rules”). Published on July 26, 2023, the Final Rules established guidelines around cybersecurity risk management, strategy, governance, and incidents for public companies subject to the Securities Exchange Act of 1934. Among several requirements under the Final Rules, companies are required to disclose cybersecurity incidents within four days of a materiality determination by filing an SEC Form 8-K....

Recognition

  • Luxury Law Summit: Service Provider Award, Category: Brand Protection, 2021
  • Financial Times: Innovative Lawyer Awards, Finalist, 2020 

Alexander's Insights

Client Alert | 5 min read | 12.19.23

FBI Offers Pathway to Request Delay of SEC Cybersecurity Incident Disclosures

Public companies now have a pathway to request a delay in their cybersecurity incident disclosure to the U.S. Securities and Exchange Commission (“SEC”). On December 6, 2023, the Federal Bureau of Investigation (“FBI”) Cyber Division published the “Cyber Victim Requests to Delay Securities and Exchange Commission Public Disclosure Policy Notice” (the “Policy Notice”) in response to the SEC’s finalized disclosure rules (the “Final Rules”). Published on July 26, 2023, the Final Rules established guidelines around cybersecurity risk management, strategy, governance, and incidents for public companies subject to the Securities Exchange Act of 1934. Among several requirements under the Final Rules, companies are required to disclose cybersecurity incidents within four days of a materiality determination by filing an SEC Form 8-K....

|

Alexander's Insights

Client Alert | 5 min read | 12.19.23

FBI Offers Pathway to Request Delay of SEC Cybersecurity Incident Disclosures

Public companies now have a pathway to request a delay in their cybersecurity incident disclosure to the U.S. Securities and Exchange Commission (“SEC”). On December 6, 2023, the Federal Bureau of Investigation (“FBI”) Cyber Division published the “Cyber Victim Requests to Delay Securities and Exchange Commission Public Disclosure Policy Notice” (the “Policy Notice”) in response to the SEC’s finalized disclosure rules (the “Final Rules”). Published on July 26, 2023, the Final Rules established guidelines around cybersecurity risk management, strategy, governance, and incidents for public companies subject to the Securities Exchange Act of 1934. Among several requirements under the Final Rules, companies are required to disclose cybersecurity incidents within four days of a materiality determination by filing an SEC Form 8-K....