Noah Coco '26
Staff Editor

On Tuesday, February 13, the National Security Law Forum (NSLF) and the Law, Innovation, Security & Technology Society (LIST) hosted five attorneys from the D.C. office of Morrison Foerster to discuss legal careers in national security and data privacy. The panel was composed of partners Brandon Van Grack, co-chair of Morrison Foerster’s National Security and Global Risk + Crisis Management groups, and James Brower, along with associates Jonathan Babcock ’18, Whitney Lee, and Liv Chap. The group collectively gave the room, full of mostly 1Ls in the midst of private firm search, a broad sense of what a career in national security law might look like.

Van Grack began the discussion by emphasizing the broad scope of the national security law practice group, which encompasses issues ranging from sanctions and export controls to data privacy and cyber incident response, and even to issues of political law like foreign agent registration. This breadth was well-represented on the panel of attorneys, each of whom focused on at least one of these issues. Within these categories, Van Grack noted the one unifying characteristic: “Policy interests ultimately underscore everything.” Although this does not mean that attorneys in private firm national security practices are performing political roles, their practices are nonetheless responsive to current events and regulatory changes. “Whatever a national security issue is evolves over time,” Van Grack noted, as new regulatory regimes emerge and others are replaced.

This dynamic nature of the practice is what drew many of the attorneys on the panel to national security law. Contrary to practices like tax law where the regulatory regime is complex and has developed over a long period of time, national security law changes much more rapidly as it responds to emerging political and technological developments. Incumbency in the practice does not necessarily serve the same advantages as it does in other practice groups. Take artificial intelligence (AI), for instance. Lee noted that the firm has already started to address issues of cyberattacks promulgated through AI-generated deepfakes. This represents an entirely novel question of law in which even new attorneys can become the foremost experts in a relatively short period of time. It is not the case, Lee remarked, that there are partners at the firm with twenty years of experience to catch up with.

It is easy to see how technological advancements contribute to this dynamic, but political regulatory regimes have a nearly identical feature. Van Grack alluded to six new regulatory regimes that were proposed just last month—for example, new regulations on outbound investment similar to those administered by the Committee on Foreign Investment in the United States (CFIUS) for inbound investments. A new regulatory regime means a level playing field for attorneys to learn and become leading experts in an area of law.

Another theme that emerged throughout the discussion was that, although as a regulatory practice national security law does not require much litigation, there is plenty of opportunity to use similar skills in service of advocacy on behalf of clients before government regulatory agencies. Babcock, for instance, regularly advocates for clients in front of CFIUS. Although the advocacy does not take the form of courtroom litigation, he still appreciates the opportunity to use similar research and writing skills in a forum that allows him to advocate for his clients “face-to-face with regulators.” Van Grack made a similar reflection of his own experiences in front of regulators, and he highlighted the opportunity to work with clients to characterize the facts at the center of regulatory actions and to challenge regulator narratives. According to Van Grack, although this form of advocacy does not always require formal legal arguments, it nonetheless requires the same skills and is a rewarding feature of the job.

Finally, several of the attorneys gave insights into the life cycle of a typical matter in their practice groups. Two matters in particular were discussed. The first one was pulled from a recent sanctions violation case that Babcock negotiated with the Department of Treasury. Babcock outlined his team’s response from initial internal investigations and strategizing, through to his engagement and ultimate settlement with the Department of Treasury. The whole process lasted almost three years.

In contrast, Lee gave insights into what a typical cyber incident response might look like, which is likely to develop much more rapidly. The initial response is the most intensive because it often requires coordinating efforts to discover the source and scope of a cyber-attack while also managing relations with clients, regulators, and the media. Van Grack described this early phase as a “fast burn,” followed by weeks or even months of clean-up work once the incident is under control.

The Morrison Foerster attorneys followed up their panel with a happy hour at the Forum Hotel where students had the opportunity to engage with them in person and learn more about each of the attorney’s personal experiences working in national security law.

---
cmz4bx@virginia.edu