Joshua Duvall is a Shareholder in the Washington, D.C. office of Maynard Nexsen and is a member of the firm's Cybersecurity & Privacy Practice Group and Government Solutions Practice Group.

As a member of the Government Solutions Group, Josh is frequently called upon by government contracting executives and industry leaders to navigate their most pressing problems and business opportunities in the complex world of doing business with federal and state governments. Josh regularly counsels and represents civilian and defense contractors in bid protests before the U.S. Government Accountability Office, U.S. Court of Federal Claims, U.S. Court of Appeals for the Federal Circuit, and federal agencies; protests and appeals before the U.S. Small Business Administration (size, status, NAICS); teaming, JV, and subcontract agreements; mergers and acquisitions (M&A); claims and disputes; regulatory matters (FAR, DFARS); construction; federal grants; cybersecurity (CMMC, NIST SP  800-171) and privacy; GSA schedule issues; and other complex matters with a nexus to federal procurement.

As a member of the Cybersecurity & Privacy Group, and former malware (malicious software) analyst and IT systems administrator, Josh is frequently called upon by clients to navigate – and bridge the gap between – complex cybersecurity, technical, business, and legal issues, often in times of crisis, with a focus on data breach incident response and investigations, and related litigation.  As part of his practice, Josh also counsels and represents clients in vendor management, cyber risk management, privacy policies, cyber insurance, regulatory compliance, incident response planning, internal and regulatory investigations, corporate transactions, and class actions and other litigation involving cybersecurity and privacy issues.

Prior to joining Maynard, Josh founded and managed a boutique cybersecurity and government contracts law firm in Washington, D.C., where he counseled and represented small – 8(a), WOSB/EDWOSB, HUBZone, SDVOSB – and mid-size businesses in a variety of government contracts, corporate and business, and cybersecurity matters.

Josh received his J.D. from the George Washington University Law School, where he was a member of The Federal Circuit Bar Journal and Fellow at the Competition Law Center. Prior to practicing law, Josh worked in the IT and cybersecurity space, including as an IT systems administrator and malware analyst.

Josh is a Certified Information Systems Security Professional (CISSP) and is a frequent presenter and author on government contracts and cybersecurity issues.

To stay current with the latest news, insights, and legal analysis in the government contracting space, visit Josh's blog, www.GovConJudicata.com.

Josh lives in Reston, VA with his wife, Shaina, and their daughter, Hannah.

Community & Professional

  • Vice-Chair, Bid Protest Committee, American Bar Association, Section of Public Contract Law
  • Vice-Chair, Membership Committee, American Bar Association, Section of Public Contract Law
  • Member, AFCEA Small Business Committee
  • Member, International Information System Security Certification Consortium (ISC)²
  • Member, National Contract Management Association (NCMA)
  • Member, GovCon Club
  • Founding Member, Leadership GovCon


Speaking Engagements

  • “Debriefings, Bid Protests, and Small Business Regulatory Update” – AFCEA Small Business Committee Webinar
  • “CMMC Legal Landscape” – CMMC Information Institute, Virtual Panel
  • “Bid Protests” – Jennifer Schaus & Associates, GovCon “LIVE” Q&A Café, Virtual Panel
  • “DFARS Part 202 – Definitions of Words and Terms” – J. Schaus & Associates, 2021 DFARS Webinar Series
  • “A Conversation: NIST SP 800-171 DoD Assessments and CMMC” – Blue Ridge GovCon Best Practices Series, Virtual Panel
  • “Government Contracting Law: Your Questions Answered” – AFCEA Small Business Webinar Series, Webinar
  • “CMMC Panel Discussion” – NVSBC Central Florida Chapter, Virtual Panel
  • “Basic Training: Small Business Legal and Regulatory Issues” – National Veteran Small Business Coalition V-VETS'20, Webinar
  • “Getting the Most Out of FAR Part 15 Debriefings” – 2020 HUBZone Small Business Week, Webinar
  • “GAO Bid Protests Explored!” – Glenn Robinson & Blue Ridge Information Systems, GovCon Best Practices Series, Webinar
  • “FAR Part 7 – Acquisition Planning” – J. Schaus & Associates, 2020 FAR Webinar Series
  • “Government Contracts Bid Protests in 2019: Latest Trends, Developments, and Issues Explored!” – The Knowledge Group, Webinar/Course (CLE credits available)
  • “Debriefings and Bid Protests” – 2019 National HUBZone Conference, Chantilly, VA
  • “Pitfalls and Perils of Compliance” – Florida 8(a) Alliance's 2019 Federal Contracting Conference, Orlando, FL
  • “Legal Challenges in Cybersecurity: Data Breaches, Security Assessments, and Cyber Insurance Coverage” – (ISC)² Miami Chapter, Miami, FL
  • “Effective Strategies for Government Contract Debriefings and Bid Protests” – NCMA Mid-Florida Chapter, Orlando, FL
  • “Small Business Primer: Government Contract Debriefings and Bid Protests” – Florida 8(a) Alliance, Webinar"
  • "Data Breaches and Crisis Management Planning” – Compliance Week 2018, Washington, DC
  • “Product Security and Compliance Risks with Emerging Technologies” – Compliance Week 2018, Washington, DC
  • “Mentor-Protégé, Joint Venture, and Teaming Agreements” – NVSBC South Florida Chapter, Doral, FL
  • “Best Practices for Debriefings and Protests” – Florida PTAC at UCF, Orlando, FL
  • “Engagement in Defense Innovation and Technologies” – TiECon Florida, Tampa, FL
  • “Contracts 101: The Basics” – In The Trenches MBA Summit, Webinar
  • “GAO Bid Protests: Small Business Primer” – Federal Publications Seminars, Webinar

Blog Posts


  • State Bar: Florida, Washington, D.C., Maryland 
  • U.S. District Court: Florida (Southern)
  • U.S. Court of Appeals: Federal Circuit
  • U.S. Court of Federal Claims
Jump to Page