Nathan Salminen

Nathan Salminen

Partner Global Regulatory

Washington, D.C.

+1 202 637 5413

[email protected]

Nathan Salminen

Overview
Experience
Credentials
Insights and events

Nathan Salminen helps clients evaluate and manage privacy and cybersecurity risks and obligations. Nathan’s deep technical background enables him to analyze legal issues that have a technical nexus, such as questions raised by the emergence of artificial intelligence and by cybersecurity incidents.

Nathan helps clients manage cybersecurity risks in the contexts of security incidents, security program development, commercial agreements, tabletop exercises and mergers. He combines technical, legal, and business experience to understand, explain, assess, and mitigate data security risks that span those areas. Nathan has led the efforts of many companies in the financial, defense, energy, technology and other sectors to respond to major cybersecurity incidents, including incidents involving a nation state threat actor and incidents that impacted critical infrastructure or hundreds of millions of data subjects.

Nathan also assists companies that create artificial intelligence products, as well as companies that use those products, in managing the privacy and cybersecurity risks associated with AI technologies. Nathan has led the response to more than two dozen regulatory investigations of artificial intelligence companies globally, assisted clients in developing artificial intelligence policies, and advised companies regarding product development strategies in the AI space.

Before becoming a lawyer, Nathan worked as a software engineer and manager of technical teams for 13 years. He recently updated and focused his technical knowledge by completing one of the most technically demanding penetration testing and ethical hacking certifications: the Offensive Security Certified Professional (OSCP).

Nathan leverages his unique skillset, the firm's global team, and his extensive crisis management experience to help clients stabilize complex situations and find a path to restoring normalcy while minimizing legal risks.

Representative experience

Advised Equifax regarding what was the largest data breach in the world at the time and the audits required by the FTC afterwards by providing advise spanning the legal and technical realms.

Led a prominant artificial intelligence company's response to numerous regulatory investigations.

Managed the investigation and response to a cyber attack on a major global energy company by nation state actors.

Assisted an artificial intelligence company with developing its compliance program and product strategy.

Drafted and negotiated data security terms in vendor agreements for a major technology company.

Oversaw both the technical and the legal aspects of the forensic investigation of an attack on a major university.

Advised a major financial institution regarding legal considerations associated with active cyber defense techniques.

Advised the maker of a major app regarding an attack on that app by nation-state-sponsored attackers and regulatory inquiries related to that attack.

Assisted a company in developing policies and contractual terms regarding the use of artificial intelligence.

Lead a tabletop exercise for a major financial institution.