Brian has nearly two decades of technical and legal experience in the network security, privacy, and cybersecurity industries. Most recently, he served as assistant general counsel, Global Privacy Product at Meta, where he led legal functions affecting applications and services used by over 3.6 billion monthly active users. His responsibilities included directing privacy and product legal guidance for the FTC Consent Order Privacy Review functions, such as Artificial Intelligence Privacy Review, Universal Risk Register, and Material Risk Rubrik. He also provided legal guidance for global security controls, focusing on Incident Response, Audit, Investigations, and Emerging Threats functions.
Brian’s law firm experience includes positions at several major law firms, where he counseled clients on product counseling, compliance with state, federal, and international privacy laws, cybersecurity and incident response, data protection, intellectual property, and technology transactions. His leadership roles include serving as a civilian advisor to the U.S. Marine Corps for Cyber Security and Information Technology Infrastructure and as a member of former California Governor Brown’s Cybersecurity Taskforce.
Brian holds professional certifications as a Fellow of Information Privacy, Certified Information Systems Security Professional, and Certificate in Investment Performance Measurement. He is licensed to practice law in California.
Education
- University of Southern California Law School, J.D.
- University of Colorado at Boulder, M.S., interdisciplinary telecommunications
- University of Colorado at Boulder, B.S., computer science
Senior Privacy & Security Advisor
Virtual | 470.832.5574
marc.loewenthal@troutman.com
Marc has over 25 years of experience in providing consulting, legal, and audit services on privacy and cybersecurity matters, including senior-level positions at PricewaterhouseCoopers, Varo Money, Promontory Financial Group, and LPL Financial. He leads many of our FTC audits, develops information security and privacy policies and procedures, and advises on vendor management/business process outsourcing functions, anti-money laundering and anti-fraud, business continuity and disaster recovery. Marc also has experience in creating and overseeing enterprise risk management programs, including inaugurating corporate-wide risk assessments, managing state and federal government relations, and managing mortgage compliance. He has created asset management programs for distressed financial institutions. Marc is licensed to practice in Ohio and Texas.
Publications
- Co-author, “FTC Releases 2023 Privacy and Data Security Update,” Troutman Pepper, April 4, 2024.
- Co-author, “Cookies and Online Tracking of Health Signals: An OCR Prescription for Potential Peril,” Troutman Pepper, May 4, 2023.
Education
- Case Western Reserve University School of Law, J.D.
- Franklin and Marshall College, AB
Michael “Mac” McCullough is an innovative and entrepreneurial GRC advisor, data strategist, ethicist, and risk and privacy leader. Mac has over 25 years of experience in data risk, governance, privacy, and project management. He is particularly adept at building and aligning people, processes, and technologies to deliver world-class, risk-based, business-oriented compliance frameworks. Mac has a long history helping companies navigate and respond to regulator inquiries globally, including consent order compliance and assessments. Mac is a recognized thought leader in the privacy and tech communities, often networking with and advising peers, senior leaders, directors, trade organizations, civil society, and civil service leaders. Before joining the firm, he was chief privacy officer and GRC leader at Macy’s, and before that helped lead IBM’s privacy, data breach response, and other business models. He is a Certified Data Privacy Solutions Engineer.
Publications
- Co-author, “2023 Privacy Year in Review,” Troutman Pepper, February 1, 2024.
Speaking Engagements
- Speaker, “International Privacy Law – India, China, Japan, Brazil,” Georgia Bar Association 38th Annual Privacy & Technology Law Conference, March 4, 2024.
Education
- George Washington University Law School, J.D.
Jean Pawluk
Senior Privacy & Security Advisor
New York | 212.704.6239
jean.pawluk@troutman.com
Jean has extensive experience in the high tech, telecom, and financial industries with a career in cybersecurity spanning more than 35 years. She served as the Chief Architect at Visa International from 2003-2010, where she focused on security, as well as Chief Enterprise Architect at Equifax. Jean is a co-founder of both the Bace Cybersecurity Institute and the Cloud Security Alliance. She has been a software and hardware developer, one of the first chief architects in Silicon Valley, a Chief Information Security Officer several times over, and is now an executive consultant and business advisor.
Jean is a speaker, college lecturer, researcher on various emerging technologies, and active in several standards working groups. Her current research is centered around the intersection of emerging technologies and security, specifically examining their utilization and potential misuse. She has earned professional certifications as a Certified Information Systems Security Professional from ISC2 and Certified Information Security Manager from ISACA.
Ruki Smith
Senior Privacy & Security Advisor
New York | 212.704.6149
ruki.smith@troutman.com
Ruki focuses her practice on privacy and cybersecurity with an emphasis on global compliance. She has conducted global privacy and security program assessments across multiple industries, including high-tech, social media, retail, education, pharmaceutical, health, real estate and financial services; and advises clients on a broad spectrum of regulatory, transactional, and compliance issues.
Previously, Ruki served as Meta’s Associate General Counsel for Legal Privacy Compliance. In this role, she built Meta’s privacy program to comply with applicable law, advised stakeholders on FTC order compliance, and advised on incidents, FTC certifications, internal and external privacy complaints, Privacy Red Team initiatives, change management, privacy risk assessments, and privacy issues.
Prior to joining Meta, Ruki was the Global Head of Privacy at WeWork and worked on the privacy and cybersecurity teams at Paul Hastings and Booz Allen Hamilton. Ruki is licensed to practice in New York, California, Texas, and the District of Columbia.
Education
- SMU Dedman School of Law, J.D.
- Southern Methodist University, BBA