Benjamin Wright

Benjamin Wright was a practicing attorney based in Dallas, Texas, focusing on technology law. He served as a Senior Instructor at the SANS Institute, and is the author and sole instructor of LEG523: Law of Data Security and Investigations. Through that course since 2003, Ben has taught thousands of students around the globe. He advised the SANS Security Awareness Program on its products that cover compliance issues, such as GDPR, privacy, and criminal justice. Mr. Wright advised diverse clients, both in the US and outside the US, on privacy, electronic commerce, and data security law.

More About Benjamin


As a young lawyer Ben was fascinated with how law, society, and politics would react to the digital age. He first observed the legal impact of computers when he worked at a law firm negotiating business transactions. He left the firm with a hankering to explore the law of electronic commerce and related topics. At the time, experience with electronic commerce law was limited. Very few lawyers had thought much about it or written about it. Ben wrote books, gave public presentations and attracted clients. Over time, Ben expanded into the law of data security and investigations.

From 1994 – 2000, Ben served as counsel to PenOp, Ltd., maker of a family of electronic signature products. The products drew heavily on cryptography and public key infrastructure (PKI).  Ben’s work included writing white papers, delivering scores of presentations, lobbying governments around the world, commenting on proposed legislation, advising on product design, marketing and technical architecture, and managing software license agreements.  Through his work for PenOp, Wright became widely known as a responsible analyst of information security topics such as PKI, privacy and biometrics.  Although PenOp originated in the UK, they first sought Wright’s services in 1994 based on his unique international reputation.

In September 2003, Ben advised the government of Sri Lanka on the law and policy of e-signatures, e-commerce and public key infrastructure. He spent three weeks in Sri Lanka interviewing experts and officials, drafting legislation, delivering analysis and recommendations and presenting results to government and private sector. This work contributed to the adoption of national legislation in October 2005. The project was funded by the United States Agency for International Development and sponsored under The Competitiveness Initiative in Sri Lanka.

Cyber is a leading-edge field of law, which required Ben to develop fresh, original ideas and solutions. It is full of nuances and opportunities that surprise lawyers and non-lawyers alike.

Cyber law is commonly misunderstood. Many students in the LEG523 course have to discard old assumptions and change the way they think about the topic.

Teaching for SANS gave Ben an opportunity to study myriad issues, develop new ideas and then refine those ideas in collaboration with the knowledgeable students SANS brings to the classroom.  He was extremely practical, providing students the tools and mindset to address the real-world challenges they face as they help their clients and employers manage cyber law risk.

Ben is featured in the book "The Devil Inside the Beltway", the story of the infamous LabMD cyber attack. His uncommon advice to LabMD ultimately steered the company toward its landmark 2018 legal victory over the Federal Trade Commission.

In alignment with what he teaches in the LEG523 course, Ben consulted for tech professional firms, helping them write engagement contracts and otherwise manage their legal liability and right to be paid. Such firms include QSAs, auditors, penetration testers and forensic investigators. He advised diverse enterprises on cyber crises and incidents.

Additionally, Ben was a mentor to law students at the University of North Texas at Dallas College of Law, and served as an industry advisor on cyber security to the Pennsylvania College of Technology. He is also is also a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition.

Ben came from a blue-collar background in the Panhandle of Texas. He is a graduate of the law school at Georgetown University.  In his spare time Ben enjoyed hiking, wading, jogging, sprinting, bicycling and spelunking in the outdoors. He was commonly found slowly walking barefoot up and down a creek somewhere, inspecting every tadpole, blossom, and rock formation.

Listen to Ben speaking in this webcast "Coalfire Penetration Testers Charged with Criminal Trespass"



Data Security Solutions Forum, Nov 2021

The Influence of New Privacy Laws on Cybersecurity Practices, Oct 2021

How Risky Is Cybersecurity Insurance?, RSA 2021, May 2021

Coalfire Penetration Testers Charged with Criminal Trespass, May 2020

The Global Privacy Law Imperative, July 2019

LabMD: The Phony Data Breach, June 2018

Sensitive Data Everywhere: Results of SANS 2017 Data Protection Survey, Sept 2017

Complying with Data Protection Law in a Changing World, June 2017

Lingering Exploits Related to WannaCry Ransomware?, May 2017

Latest on WannaCry Ransomware, May 2017

Complying with the General Data Protection Regulation: A Guide for Security Practitioners, March 2017



Book: The Law of Electronic Commerce

Benjamin's Contributions