Access Granted

Cybersecurity Legal Training

By Elia Burgos

As cybersecurity professionals, we see doors as ways to protect assets and data from unauthorized access. But today, I want to talk about the doors cybersecurity legal training can open for you. 

I speak to so many people that are hesitant about choosing a career in cyber because they believe it is all about hacking and complicated technological jargon. But doors to the cybersecurity world can open to spaces other than the mainframe room. Cyber is the field where you can transfer skills acquired through different disciplines because of the variety of industries that require cybersecurity protocols. Take, for instance, the legal field.  

Our lives revolve around how to store, access, and transfer data securely. Governments and private companies are searching for a balance between policing and the free market. The problem is that technology evolves at a faster pace than law. These conditions make for a career with plentiful opportunities on both sides of the spectrum. The government needs people with technological backgrounds to write rules that work well with fast-evolving technology. On the other hand, business needs help with legal compliance expertise.

Companies tend to hire more professionals with cybersecurity technical safeguards backgrounds than cybersecurity compliance experts. According to the list published by IT Governance USA, the top five most in demand jobs in cyber security require an IT background. This tendency creates an imbalance in protecting your assets vs. complying with federal and state regulations. Both can cost you millions of dollars in losses and fines, both are preventable. Companies need to invest in professionals capable of discerning, through thorough risk assessment, where to invest money and resources to achieve that security safeguards/compliance balance. The critical question is, do I need to be a licensed attorney to become cybersecurity compliance professional?

Juris Doctor v.  Masters of Legal Studies

Let’s start by stating that one degree isn’t better than the other. The degree that is appropriate for you will depend on what your goal is. For example, a Juris Doctor is better suited if you want to become a practicing attorney. In contrast, a Master of Legal Studies (MLS)  will furnish you with a robust understanding of the law, but it will not authorize you to practice law. Instead, an MLS will help you understand the US legal system, command diverse legal research sources, and recognize compliance requirements.  

While hiring a licensed attorney might seem the easy answer, chances are your company already has a legal team, an in-house counsel, or an outside legal firm to assist you with your legal needs, such as litigation, contracts, and the likes. Also, it might be counterproductive to have your Chief Counsel acting as your Chief Compliance Officer due to possible conflicts of interest. Finally, the truth is that most cybersecurity and data privacy compliance jobs do not require a licensed attorney to oversee your cybersecurity program.  

Healthcare Compliance Officer

Take, for instance, the Health Insurance Portability and Accountability Act. The healthcare industry is one of those few where the federal government keeps tabs on how Personal Health Information is protected. Add the aggravating factor that the federal law does not preempt harsher laws in some states. The law mandates that they must appoint a HIPAA Compliance Officer no matter how big or small the covered entity is. In smaller entities, one person can perform the functions of Privacy Compliance or Security Officer. HIPAA does not require that the appointed professional be a lawyer. However, it is recommended that the candidate possess a Master’s Degree and knowledge of the HIPAA regulatory landscape.

As reported by ZipRecruiter, “As of May 9, 2022, the average annual pay for a HIPAA Compliance Officer in the United States is $82,971 a year, and there are 4,359+ HIPAA Compliance Officer Jobs across the United States”.   It would be effortless to climb the ladder within your organization to become the HIPAA Compliance Officer by enrolling in our Master’s of Legal Studies. We dedicate an entire course to discussing the intricacies of HIPAA from a legal standpoint. In addition, our Cybersecurity II course will give students the chance to build a cybersecurity program customized to the needs of a healthcare provider, using the HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework.  

Jobs Ancilliary to the Legal Profession

Another career path that would benefit from an MLS in Cybersecurity and Data Privacy Law is all the positions ancillary to the legal profession. For example, paralegals, e-discovery professionals, forensic data investigators, and contract managers are all part of the cyber security workforce that should know how both the legal and network system operates.

From e-discovery paralegals to e-discovery project managers, this profession is the perfect example of how legal education complements the technological background that our MLS can provide you. Most companies are looking for a professional who can advise the legal team on technology options to respond to specific discovery needs. They must also participate in legal proceedings, prepare legal writings and testify.   The required educational background is a postgraduate degree, e.i., an MLS, and technical experience. ZipRecruiter estimates the average salary of an e-discovery professional to be  $75,525 a year, with top earners making $104,500 annually without a practicing attorney’s license. And they are in high demand! There are over 312,989 E-Discovery Jobs announced on ZipRecruiter.

Our Masters of Legal studies will certainly prepare e-discovery professionals with legal skills such as research and legal writing through the Legal Writing course. In addition, lawyers will have unparalleled support as we prepare our students with  IRAC skills to write legal memoranda.

Cyber security Consultants (GRC)

As a Cyber Security Consultant, you will leverage your skills to advise clients about policies and procedures needed to protect their assets, such as having a response plan. Depending on the industry, companies require that the security consultant be experienced in specific laws regulating and must be knowledgeable of the law regulating that industry.  

For instance, consultants for contractors in the defense industrial base  (DIB) will need to be acquainted with the Cyber Security Maturity Model Certification because it is necessary to comply with the requirements of law and contracts. Furthermore, other job postings for this position requested experience in privacy implementation and audits and a solid knowledge of ISO 27701/CCPA/GDPR Privacy frameworks.  

In our Privacy Management and Corporate Compliance courses, students will study the most critical federal, state, and international privacy laws, such as GDPR. In addition, the technical courses will explore the most important cyber security frameworks.

Are you wondering if the cybersecurity legal career is right for you? If salary is an incentive, ZipRecruiter reports that as of May 10, 2022, the average annual pay for a Cyber Security Consultant in the United States is $115,767 a year.   There are over 36,478 Cyber Security Consultant Jobs waiting for you.

Cybersecurity and Communications

When we state that cyber legal training will open many doors, we don’t mean just for IT or legal professionals. A communications team trained in the legal aspects of cyber security is an invaluable asset. A legal education teaches the importance of writing straightforward policies and procedures.   Policies and Procedures, albeit internal, are legal documents that will drive protocols such as incident response. As mentioned in previous articles, having a comprehensive cyber security plan is a compliance requirement in many federal and state laws.    In addition, communications professionals with cyber and legal training will understand the significance of having clear privacy notices to avoid penalties under the FTC’s “unfair or deceptive acts or practices” rule.

The ideal professional will have the ability to communicate security and technical topics to diverse audiences. Our Masters of Legal Studies prepares students with the foundational knowledge of the American Legal System, introducing them to legal terminology. In addition, the Legal Writing course drives through the steps of research, consuming, and analyzing legal information preparing the student to write assertive legal documents.  

Without a doubt, communication is an exciting career. However, complementing it with cyber security and legal knowledge will allow professionals to enter a specialized community. According to Glassdoor, the typical Security Communications Specialist’s salary is $45,502, with top earners making $208,117. 

A Master of Legal Studies (MLS) in Cyber Security and Data Privacy Law: The Key to Your Future.

Industries strive to be at the forefront of technology. However, complying with the law is always a risk factor because tech develops at lightning speed while the law lags. Hiring a professional trained in analyzing the law with operative knowledge of technology that can be two steps ahead of compliance changes is any company’s best bet.  

Our students stem from diverse professional backgrounds. While some have an established legal career, others come from technical knowledge, such as security analysts. A Masters of Legal Studies (MLS) in Cybersecurity and Data Privacy Law from Cleveland State University College of Law, with its comprehensive curriculum, provides students with the skills to build the security safeguards/compliance balance that your company needs to remain compliant and successful.