A legal career once seemed like a completely opposite career path from a cybersecurity career. Lawyers studied subjects like political science, history, and communications in undergrad. They likely didn’t see themselves as part of the technology crowd. Times are changing and we’re witnessing demand for a new breed of attorney. The cybersecurity and data privacy attorney.
This represents a once-in-a-generation opportunity for attorneys. After all, in every other legal specialty there is a line of much older lawyers, who have been practicing for decades. However, there is no old guard of attorneys in cybersecurity and data privacy. There are green pastures and a lot of room for ambitious attorneys—who are willing to do some learning—to make a name for themselves.
Cybersecurity teams have plenty of legal concerns for which they need trusted legal advisors. Cyber lawyers don’t need to be technical experts, but they need to be able to keep up with cybersecurity situations and know the common legal concerns. They need to understand the basics of cybersecurity or popular frameworks to be successful as legal advisors.
Lawyers may be able to find cybersecurity opportunities without need for additional certifications. That being said, passing the CompTIA Security+ or GIAC Security Essentials (GSEC) certification would provide all the information needed to hit the ground running and would give attorneys credibility with cybersecurity teams. A lawyer who achieved a Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) certification would be considered exceptional and would make quite a name for themselves in the cybersecurity community.
Data Privacy Legal
Much like cybersecurity, data privacy provides a unique opportunity for ambitious attorneys. Privacy regulation is still very new—if it exists at all—in many jurisdictions. Rest assured though that privacy regulation is coming. It’s a pressing issue that is likely to be legislated in various jurisdictions in the coming years. At a minimum any company which does business with the European Union (EU) needs legal advice on the intricacies and implications of the EU’s General Data Protection Regulation (GDPR).
The International Association of Privacy Professionals (IAPP) provides the go-to certifications for data privacy. Lawyers diving into the space should consider the Certified Information Privacy Professional (CIPP) certification. There are four CIPP concentrations, each focused on a specific region: Asia, Canada, Europe, and the U.S. private-sector. These certifications are designed for lawyers and highly recommended for those exploring the space.
Intersection of Cybersecurity and Privacy
While cybersecurity and data privacy are generally related fields, they intersect in moments of crisis. Cyberattacks resulting in the breach of client data represent moments in which a trained, experienced cybersecurity and privacy attorney is worth her weight in gold. These are fast-paced situations, in which the cyber legal advisor is an active participant.
Expertise in the legal responsibility, implications, and pitfalls related to data breaches will be highly valuable. This isn’t the time for on-the-job training. This is the time to display the knowledge and creativity, which sets you apart from your peers. If you can advise both the cybersecurity teams and business executives in a language they understand, you have a good chance of being a trusted cyber legal advisor.
Future of Cyber Legal
Cybersecurity has become a hot career field in the last few years. According to the 2020 (ISC)² Cybersecurity Workforce Study there’s a global shortage of 3.12 million cybersecurity professionals. Between the skills shortage and the constant barrage of cyberattacks we see in the news, the demand for cybersecurity professionals isn’t likely to abate anytime soon.
Cybersecurity and data privacy is emerging as a growth specialization in the legal field with significant opportunity. It seems unlikely that many senior attorneys will specialize in this niche in the latter stages of their careers. That creates opportunity for industrious attorneys willing to put the work in to learn the technology.
The legal blog Lawfare noted that according to a survey “published in the fall of 2020, almost 50 percent of chief legal officers expect their (already substantial) role in cybersecurity to continue to increase.” Attorneys specializing in cybersecurity and data privacy—who establish themselves as experts—will undoubtedly be in high demand for the foreseeable future.