James Denaro
This email address is being protected from spambots. You need JavaScript enabled to view it.
voice: +1.202.596.7303

[PGP Key]

PGP Fingerprint: 31AC BACB 1BC7 4128 7929 6C62 04AE 274B CD03 FDAE

signal | redphone: +1.202.596.7303


Georgetown University Law Center, LL.M., National Security Law

Georgia Institute of Technology, B.S., Computer Engineering

Tulane Law School, J.D.

Tufts University, B.A.



Certificate in Advanced Computer Security, Stanford University

Professional Program in Cryptography and Computer Security, MIT

Certificate of Cloud Security Knowledge (CCSK), Cloud Security Alliance

Cisco Certified Entry Network Technician (CCENT)


International Information Systems Security Certification Consortium (ISC)2

FBI InfraGard, Nations Capital Members Alliance

Jim Denaro is resident in the Washington, D.C. office and provides strategic intellectual property services for information security companies.

Jim is a registered patent attorney and advises clients on offensive and defensive applications of intellectual property. Jim has particular expertise in information security and cybersecurity technologies, and is a frequent speaker and writer on the subject. Jim has experience in a broad range of information security technologies including intrusion detection and prevention, botnet investigation, malware discovery and remediation, and symmetric and asymmetric cryptography. Jim also has experience in wireless protocols and devices, VOIP protocols and systems, optical data storage, and ASIC design.

Adversarial Matters
Jim represents clients in adversarial patent matters, including litigation, mediation, and pre-litigation dispute resolution. Jim has experience asserting patents against infringing parties and developing winning strategies through technical tests for proving infringement. Jim also represents clients accused of patent infringement and has successfully defended clients by developing non-infringement arguments and challenging patent validity. Jim has successfully leveraged the reexamination process (ex parte and inter partes) to invalidate asserted patents. He also represents companies in responding to demand letters from patent owners and preparing non-infringement and invalidity opinions with respect to adversely-held intellectual property.

Patent Counseling
Jim provides strategic patent portfolio counseling and review in connection with mergers and acquisitions, intellectual property due diligence, and licensing and transactions.

Information Security Counseling
Jim advises clients on legal issues of particular concern to the information security community, including active defense technologies, government-mandated access (backdoors), export control, exploit development and sales, bug bounty programs, and confidential vulnerability disclosure (Disclosure as a Service).

Jim has completed professional coursework at MIT and Stanford in computer security and cryptography. He also holds current technical certifications in information security from the Cloud Security Alliance and Cisco Systems, and has passed the CISSP examination (pending certification). Jim was formerly with the international law firms of Morrison & Foerster and Perkins Coie before founding CipherLaw.

Jim is a registered patent attorney and is admitted to practice in the District of Columbia, California, Maryland, and Virginia.

Recent Media, Publications, and Presentations

“Your License for Bug Hunting Season” (presentation), AppSec USA, October 2016

“Bug Hunting and the Law: Your Questions Answered” (webinar), Bugcrowd, May 2016

“When a Backdoor Isn’t a Backdoor: Is This Time Different?” (presentation), Suits and Spooks DC, February 2016

“Hacked Toy Company VTech’s TOS Now Says It’s Not Liable for Hacks” (quoted), Motherboard, February 2016

“Companies buy stolen data from criminals to protect users” (quoted), San Francisco Chronicle, January 2016

“Too Much Privacy? Encryption Backdoors and the Call for Regulation” (presentation), IAPP/CSA 2015, September 2015

“Back Doors and Front Doors – Breaking the Unbreakable System” (presentation), Black Hat USA, August 2015

“Licensed to Pwn: The Weaponization and Regulation of Security Research” (moderator), DEF CON 23, August 2015

“Security researchers hit chilling effect of attorney letters” (quoted), Politico, May 2015

“Facilitating Responsible Vulnerability Disclosure” (panelist), Infosecurity Magazine, October 2014

“The Legal Side of Exploit Research, Development, and Sales” (interview), The Loopcast, September 2014

“J.P. Morgan, BofA, Morgan Stanley Targeted by Patent Troll” (quoted), Ignites (Financial Times), September 2014

“How to Disclose an Exploit Without Getting in Trouble” (presentation), DEF CON 22, August 2014

“Financial Engines Hit With Patent Lawsuit” (quoted), Ignites (Financial Times), August 2014

Open Source Responsible Disclosure Framework (mentioned), various media, July 2014

“Fidelity Ends Patent Fight Over Mobile Tech” (quoted), Ignites (Financial Times), May 2014

“Hackback? Claptrap! - An Active Defense Continuum for the Private Sector” (panelist), RSA Conference, February 2014

“Patent Disputes: A Legal Update” (interview), ISMG Network, RSA Conference, February 2014

“AllianceBernstein in Crosshairs of Patent Troll” (quoted), Ignites (Financial Times), February 2014

“Vanguard Settles Patent Infringement Suit” (quoted), Ignites (Financial Times), December 2013

“A Triumph for Patent Trolls, a Defeat for Computer Security” (quoted), Bloomberg Businessweek, November 2013

“Newegg hurtles toward Texas showdown with famed ‘patent troll’” (quoted), Ars Technica, November 2013

"A Surge of Patent Infringement Lawsuits" (quoted), BankInfoSecurity, November 2013

"Hacking and the value of a Zero Day" (interview), Marketplace, American Public Media, October 2013

IsTouchIdHackedYet iPhone 5S bounty (mentioned), various media, September 2013

"Analysis: Despite fears, NSA revelations helping U.S. tech industry" (quoted), Reuters, September 2013

"Patent Troll Targets Fidelity in Infringement Suit" (quoted), Ignites (Financial Times), September 2013

"Five More Banks Sued for Patent Infringement" (quoted), BankInfoSecurity, August 2013

"Contractors Are Now Using Encrypted Calls and Texts for Legal Advice" (quoted), Nextgov, August 2013

“How to Disclose or Sell an Exploit Without Getting in Trouble” (presentation) DEF CON 21, August 2013

"Fight to Curb Patent Trolls Heats Up” (quoted), Ignites (Financial Times), July 2013

"Preparing for Cyber Patent Disputes" (interview), Information Security Media Group, July 2013

"Patent Lawsuits Target Eight Banks" (quoted), BankInfoSecurity, June 2013

"This Week in Law" discussing Digital Rights Management (DRM) and the future of content control (guest), May 2013

"How Spies, Hackers, and the Government Bolster a Booming Software Exploit Market” (quoted), Fast Company, May 2013

"Taking copyright fight to ISPs too punitive, say critics” (quoted), CSO Online, March 2013

"Nasdaq to Settle Patent Lawsuit After Court Defeats” (quoted), Ignites (Financial Times), February 2013

“Technological Innovation and Cybersecurity: The New Paradigm for Financial Institutions” (presentation), Ninth Forum on Financial Information Systems and Cybersecurity, University of Maryland, Smith School of Business, January 2013

"Patent suits target Google, Intel, hundreds more for encrypting web traffic” (quoted), Ars Technica, November 2012

"Meet the Texas Lawyer Suing Hundreds of Companies for Using Basic Web Encryption” (quoted), Forbes, November 2012

"Trademark Spat Pushes Loomis to Change Fund’s Name” (quoted), Ignites (Financial Times), September 2012

"Apple-Samsung Case: Lessons for CISOs” (interview), InfoRiskToday, August 2012

"Feds Seize Websites Tied to Android Apps" (quoted), GovInfoSecurity, August 2012

"ProShares Settles ETF Patent Infringement Lawsuit" (quoted), Ignites (Financial Times), July 2012

"Cybersec Patents: Mitigate the Risks. Steps Organizations Can Take to Avoid Legal Battles" (interview), Information Security Media Group, March 2012

"Vanguard Gets Into Patent Scrap Over Mobile Apps" (quoted), Ignites (Financial Times), February 2012

"Cybersecurity and Patents: What You Need to Know" (interview), Information Security Media Group, February 2012

“Cybersecurity Patents: Strategic Considerations for Financial Institutions” (presentation), Eighth Forum on Financial Information Systems and Cybersecurity, University of Maryland, Smith School of Business, January 2012

“Intellectual Property Strategies for Security Developers” (article), SC Magazine, April 2011