Professor Brian Ray, the co-founder and director of the Center for Cybersecurity and Privacy Protection at Cleveland State University College of Law, recently interviewed Kimberly Moses. Professor Moses is a partner at Calfee, Halter, and Griswold LLP, where she serves as the head of the firm’s compliance services practice. She also teaches several courses in the JD program and the online MLS in Cybersecurity and Data Privacy program.

Professor Moses gives some insight into what is needed to succeed in corporate compliance and the advantages of the MLS program in the field.


Corporate Compliance - Kimberly Moses

Corporate compliance is a broad term. However, it applies to all businesses and organizations. It is a program designed to prevent, detect, or remedy illegal and unethical conduct. All organizations should have a corporate program in place, from educational institutions and hospitals to public and private companies. The Department of Justice’s requirements for corporate compliance programs increases yearly regardless of an organization’s size.

As the leader of the compliance services practice of Calfee, Halter, and Griswold LLP, Professor Moses develops and implements corporate compliance programs for her clients. She also serves as a compliance resource for clients who do not have existing compliance programs in place. She advises on varied compliance matters as well as compliance training. However, not all compliance professionals need to be lawyers.

The primary function of a compliance officer is administering an organization’s compliance program. They must ensure that it is being run correctly and that employees are properly trained and aware of their obligations under the program. Even though many compliance officers are not lawyers, they must be familiar with their organization’s legal or regulatory risks. They consult with in-house or outside counsel when specific legal expertise is required.

Another key point is that as a compliance professional, you would need to understand the legal and regulatory requirements that an organization may face and ensure that the organization is complying with those requirements. While it is not necessary to have the depth of understanding that a lawyer might have, you would have to recognize when there is an issue and the steps required to address it.


Several certifications will help nonlawyers in a compliance career. The most prevalent certifications come from the Society of Corporate Compliance and Ethics (SCCE). They are available for lawyers and nonlawyers. In addition, there are certifications in subspecialties such as fraud, healthcare, insurance, and international compliance. These are just a few of the credentials that a company may require.

Equally important are the skills that organizations look for in compliance specialists. These are necessary for compliance professionals to have to be able to carry out the job. Apart from the certifications, organization and effective communication skills are very important. You will need to interact with the board and senior executives regarding compliance issues. Also, when there is an issue, you will need to be able to convince executives, as well as employees, to buy into the compliance program’s responses and actions.  

The MLS at CSU College of Law prepares students to take the certifications exams. One of the Cybersecurity and Data Privacy online program benefits is that the coursework is targeted toward multiple certifications. The privacy-specific courses map to the International Association of Privacy Professionals (IAPP) certificate, and the technical capstone course maps to certified ethical hacking. Having the certifications is advantageous because it shows prospective employers that you are dedicated to and interested in pursuing a particular area or profession.


Professor Kimberly Moses teaches Corporate Compliance I and II. These courses provide a broader view of how the specific areas of cybersecurity, data privacy, law, and technology all fit into a compliance program.

• The Department of Justice sets out several elements that are necessary parts of every corporate compliance program. The Corporate Compliance I course discusses those elements which make up the structure of compliance programs and how they should work.

• Corporate Compliance II is much more substantive and covers areas of cyber risk that organizations may face, namely privacy and data security. There are many laws and regulations that pertain to cyber risks, such as antitrust laws, the False Claims Act, HIPAA, and import and export regulations.

Risk is often the common denominator between lawyers, compliance professionals, and security. A compliance professional needs to be able to identify and manage risk. All of the risks that an organization faces are weighed in terms of magnitude and severity. And then, the impact of the risk is considered and addressed.

The MLS compliance courses enable you to examine a company’s compliance program and understand whether or not it works. You will be able to identify risk areas for particular organizations and apply what you’ve learned to those organizations.


The Cybersecurity and Data Privacy MLS program courses benefit lawyers and non-lawyers by firmly establishing a base in technical and legal aspects. Students will typically start with American Law which provides an overview of the core areas in law. Then later, you’ll learn about legislation and regulation, constitutional law, and criminal law. There is also an emphasis on how those areas are applied to cybersecurity and data privacy.

Legal Writing goes into the specifics of researching, employing, and creating legal materials. You’ll be doing legal analysis with either in-house or outside counsel in a technical role. Legal writing prepares you to understand the compliance laws involved.

Cybersecurity I gets technical fairly quickly but provides a lot of guidance and preparation. Then, Cybersecurity II shows you how to apply the concepts from Cybersecurity I in the context of a project. You’ll learn the technical side of compliance by setting up controls for a complex institution that has to comply with cybersecurity and data privacy laws in multiple areas.

Privacy Law and Management is a specialized course that goes through the major privacy and cybersecurity laws and teaches you how to develop a privacy program.

For additional information about the program and to hear more from Kimberly Moses, please watch our webinar


CSU College of Law’s innovative online Master of Legal Studies (MLS) in Cybersecurity and Data Privacy takes an integrative approach to education, preparing professionals to understand the technical and business dimensions of cybersecurity and privacy as well as current laws and regulations. 

The part-time and fully online program is led by faculty from the Center for Cybersecurity and Privacy Protection at Cleveland State University College of Law and other leading practitioners in the field, with a focus on relevant, real-world experience. Also, the MLS degree is designed for professionals who need to understand the significant legal and business risks posed by cybersecurity and data privacy. Lastly, the program prepares graduates with the knowledge and necessary skills to enter these fast-growing fields and advance to senior positions within organizations.