skip to main content

ProfessionalsJohn P. Carlin

John  P. Carlin

Tel: +1-202-223-7372
Fax: +1-202-478-2127

Tel: +1-202-223-7372

2001 K Street, NW
Washington, DC 20006-1047
Fax: +1-202-478-2127

New York

1285 Avenue of the Americas
New York, NY 10019-6064


John P. Carlin is co-chair of Paul Weiss’s Investigations Practice Group, co-chair of the Cybersecurity & Data Protection Practice Group and chair of the National Security Practice Group. John is a deeply accomplished litigator who advises industry-leading organizations on matters involving privacy and cybersecurity, crisis management, Committee on Foreign Investment in the United States (CFIUS), sanctions and export control, white collar defense and internal investigations. He has served as a top-level official in both Republican and Democratic administrations, including as the Acting Deputy Attorney General of the United States, as the top national security official for the U.S. Department of Justice, as the Chief of Staff of the FBI and as an experienced Assistant U.S. Attorney. John has been featured or cited as a leading authority on cyber and economic espionage matters by numerous major media outlets, including The New York Times, The Washington Post, The Wall Street Journal, The Los Angeles Times, USA Today, CBS’s 60 Minutes, NBC’s Meet the Press, PBS’s NewsHour, ABC’s Nightline and Good Morning America, NPR, CNN and Vanity Fair, among others.


Appointed Acting Deputy Attorney General and then Principal Associate Deputy Attorney General to Deputy Attorney General Lisa Monaco (January 2021-July 2022), John occupied “one of the most powerful and under-the-radar posts in the Justice Department,” according to The New York Times, advising on major prosecutions and top DOJ priorities, including FBI oversight, cryptocurrency theft and investigations of actors known to have helped Russia evade sanctions. He also played a pivotal role in instituting the DOJ’s current approach to cybersecurity, national security and corporate criminal enforcement.

John also has significant private practice experience advising companies responding to a variety of urgent global, national security and cyber threats. Prior to his time at the DOJ, John chaired an Am Law 100 firm’s global risk and crisis management group, where he advised clients across the technology, healthcare, energy, defense, finance, media, pharmaceutical and telecommunications industries on crisis management, company-crippling cyber incidents, regulatory strategy and CFIUS issues.

John’s private practice experience includes:

  • Breach and ransomware response – advising Fortune 50 and other global companies on ransomware policy and in response to major cyber incidents;
  • Internal investigations – conducting sensitive, complex internal investigations, enabling companies to take informed, strategic action to manage crises, avoid regulatory actions, and limit legal and reputational exposure;
  • Compliance and risk assessment – conducting compliance and risk assessments on behalf of global technology firms, and advising them on cybersecurity incidents and legislative issues;
  • Export controls – conducting investigations and advising on compliance policies and procedures;
  • Sanctions and trade – consulting on the impact of U.S. sanctions policy on major international corporations;
  • Crisis incident simulation – providing various crisis incident simulations and table-top exercises for members of executive teams of international companies;
  • CFIUS strategy – advising major foreign investment companies on their near- and long-term CFIUS strategy, including the implications of recently enacted reform legislation that will significantly affect the way CFIUS reviews are conducted;
  • Cybersecurity training – advising international consulting companies on privacy and data security issues, and providing onsite training exercises to board members and executives; and
  • FARA review – counseling organizations and individuals in sensitive and high-stakes matters relating to the Foreign Agents Registration Act (FARA) and offering extensive practical, risk-based guidance on the law’s applicability, as well as conducting domestic and cross-border FARA investigations.

John has deep experience leading high-profile national security and criminal enforcement matters. He previously served as Assistant Attorney General for the DOJ’s National Security Division, making him the Department’s highest-ranking national security lawyer. In this role, he supervised 400 employees responsible for protecting the nation against terrorism, espionage, cyber and other national security threats. During his tenure, he oversaw the prosecution of the Boston Marathon bomber, the indictment of five Chinese military members on economic espionage charges, and the DOJ’s foreign investment review program, which includes the review of foreign acquisitions through CFIUS, Federal Communications Commission (FCC) reviews and other emerging technology matters and related litigation.

During his most recent tour at the DOJ, John advised U.S. Attorney General Merrick Garland and Deputy Attorney General Lisa Monaco on the department’s most pressing—and visible—criminal prosecutions. Those included cases stemming from the January 6 assault on the U.S. Capitol, and the pursuit of oligarchs and others alleged to have enabled Russia to avoid sanctions.

Prior to that, John served as chief of staff and senior counsel to former FBI Director Robert Mueller, helping lead the FBI’s evolution to meet growing and changing national security threats, including cyber threats. He also served as national coordinator of DOJ’s Computer Hacking and Intellectual Property Program. John began his legal career as an Assistant United States Attorney for the District of Columbia, where he tried more than 40 cases to verdict.


John, who joined the DOJ through the Attorney General’s Honors Program, is a five-time recipient of the DOJ’s Award for Special Achievement; was awarded the National Intelligence Superior Public Service medal by the Director of National Intelligence; and has drawn bipartisan praise. He is also the recipient of the DOJ’s highest award, the Edmund J. Randolph Award, named for the first Attorney General of the United States appointed by President George Washington, which recognizes outstanding contributions to the accomplishments of the Department’s mission. Since returning to private practice, John has been recognized as a leading lawyer by Chambers USA for Privacy & Data Security: Cybersecurity, named to Cybersecurity Docket's “Incident Response 50,” an annual list of the best data breach response lawyers in the industry in 2023 and 2024 and named one of the 500 Leading Global Cyber by Lawdragon in 2024. One of the country’s most sought-after commentators on cyberwarfare prior to his stint at the DOJ, John is co-author of Dawn of the Code War, a sobering analysis of American efforts to defend against cyberattacks by foreign powers. He was an inaugural Fellow of the Harvard Kennedy School’s Belfer Center for Science and International Affairs’ Homeland Security Project, focused on the unique challenges of protecting the American homeland. John is the Founding Chair (now Chair Emeritus and Strategic Advisor) of the Aspen Institute’s Cybersecurity and Technology program, a cross-disciplinary forum for industry, government and media to address emerging digital threats and craft policy solutions.

© 2024 Paul, Weiss, Rifkind, Wharton & Garrison LLP

Privacy Policy