Kate M. Growley

Partner, Crowell Global Advisors Senior Director

Overview

Businesses around the globe rely on Kate M. Growley to navigate their most challenging digital issues, particularly those involving cybersecurity, artificial intelligence, digital infrastructure, and their intersection with national security. Clients seek her guidance on proactive compliance, incident response, internal and government-facing investigations, and policy engagement. With a unique combination of legal, policy, and consulting experience, Kate excels in translating complex technical topics into advice that is practical and informed by risk and business needs.

Kate has extensive experience working with members of the U.S. government contracting community, especially those within the Defense Industrial Base. She has partnered with contractors from every major sector, including technology, manufacturing, health care, and professional services. Kate is an IAPP AI Governance Professional (AIGP) and a Certified Information Privacy Professional for both the U.S. private and government sectors (CIPP/G and CIPP/US). She is also a Registered Practitioner with the U.S. Cybersecurity Maturity Model Certification (CMMC) Cyber Accreditation Body (AB).

Having lived in Greater China for several years, Kate also brings an uncommon understanding of digital and national security requirements from across the Asia Pacific region. She has notable experience with the regulatory environments of Australia, Singapore, Japan, and Greater China—including the growing regulation of data flows between the latter and the United States.

Kate is a partner in the firm’s Washington, D.C., office, as well as a senior director in the firm’s consultancy Crowell Global Advisors, to which she was seconded for several years. She is a founding member of the firm’s Privacy & Cybersecurity Group and part of the firm’s AI Steering Committee. She has been internationally recognized by Chambers and named a “Rising Star” by both Law360 and the American Bar Association (ABA). She has held numerous leadership positions in the ABA’s Public Contract Law and Science & Technology Sections and has been inducted as a lifetime fellow in the American Bar Foundation.

Career & Education

    • Florida State University, B.S., summa cum laude, International Relations
    • University of Virginia School of Law, J.D.
    • Florida State University, B.S., summa cum laude, International Relations
    • University of Virginia School of Law, J.D.
    • Virginia
    • District of Columbia
    • Virginia
    • District of Columbia

Kate's Insights

Webinar | 09.15.25

CMMC Final Rule: What to Know

The Department of Defense (DoD) has released the highly anticipated second final rule for the Cybersecurity Maturity Model Certification Program (CMMC), ushering in its mandatory implementation that begins on November 10. CMMC is a unified assessment model released by the DoD in response to the growing threat of cyberattacks on and data theft from the Defense Industrial Base.  This program requires every DoD contractor that handles sensitive government data to certify compliance with certain cybersecurity controls.  CMMC brings greater scrutiny to contractors’ cybersecurity compliance and greater risks associated with compliance failures. To achieve certification, contractors must prove that their organizations can meet a myriad of security control obligations, a process that can be daunting without familiarity with the policies, procedures, and practices that will be required when the program is finalized....

Kate's Insights

Webinar | 09.15.25

CMMC Final Rule: What to Know

The Department of Defense (DoD) has released the highly anticipated second final rule for the Cybersecurity Maturity Model Certification Program (CMMC), ushering in its mandatory implementation that begins on November 10. CMMC is a unified assessment model released by the DoD in response to the growing threat of cyberattacks on and data theft from the Defense Industrial Base.  This program requires every DoD contractor that handles sensitive government data to certify compliance with certain cybersecurity controls.  CMMC brings greater scrutiny to contractors’ cybersecurity compliance and greater risks associated with compliance failures. To achieve certification, contractors must prove that their organizations can meet a myriad of security control obligations, a process that can be daunting without familiarity with the policies, procedures, and practices that will be required when the program is finalized....