Phillip is a cyber security, technology and privacy lawyer with more than 20 years of combined experience in cyber law, cybercrime, digital forensics and cyber security.

He has advised some of Australia’s and the world’s largest companies (including technology giants) on data protection, cyber resilience, privacy, contractual and regulatory compliance, telecommunications law and technology-related transactions.

Phillip has a unique combination of legal, cyber, regulatory and investigative expertise. His experience includes 18 years as an Australian Federal Police officer (specialising in digital forensics and cybercrime), and as a Senior Manager in Markets Enforcement at ASIC. He was also an Adjunct Professor at Deakin University’s Centre for Cyber Security and Innovation.

Phillip is part of the firm’s Cybersecurity, Privacy & Technology practice, and also works with our Board Advisory & Governance team to help clients and their boards manage cyber risk.

Work highlights

Various multi-national and ASX companies

Legal counsel and breach coach in relation to significant data breach matters, including ransomware, nation-state, supply chain, business email compromise and insider attacks.

Information Commissioner investigations

Privacy counsel for three Australian companies subject to Commissioner Initiated Investigations.

Various multi-nationals

Development of cyber and privacy frameworks, management and board-level incident response plans, cyber due diligence, contractual review, and cyber education and training.

Cyber simulation exercises

Development and delivery of multiple cyber simulation exercises for crisis management teams and boards in the energy, health, mining, retail, financial and hospitality sectors.

Critical infrastructure sector

Clients bound by critical infrastructure regulation, including advising on regulatory compliance and risk management planning. This included clients in the energy, transport, food and grocery, education, health and financial services sectors.

ASIC v RI advice

Proceedings against RI Advice Group Pty Ltd which involved a financial service licensee’s obligation to implement adequate cybersecurity and cyber resilience risk management controls.