One of Cleveland State University College of Law’s adjunct professors, Jeffrey Biller, holds a full-time position as an Associate Professor of Cyber Law and Policy at the United States Air Force Academy in the CyberWorks program. Jeff is a lawyer and a former member of the Air Force.
Jeff’s unique background places him at the crucial intersection of cybersecurity and national security. This intersection is vital because cybersecurity issues inevitably intersect with national security. Almost every cyber attack has some dimensions related to international law. Jeff’s insights into these intersections are invaluable for understanding the broader implications of cybersecurity.
Now an Adjunct Professor at CSU, Jeff shares his perspective on our cybersecurity program and explains why various roles within cybersecurity could benefit from the specific program we offer.
The Intersection of Cybersecurity and National Security
Jeff’s entry into the field of cybersecurity was somewhat accidental. He started as a lawyer in the Air Force after initially serving as an intelligence officer heavily involved in signals intelligence. The Air Force later sponsored Jeff to obtain a law degree. Upon returning, he began as a prosecutor, handling numerous computer crimes cases. Jeff was drawn to the complexities of computer crimes, not only from a criminal perspective but also regarding the investigative challenges and advising law enforcement on computer crime investigations.
Jeff obtained an advanced legal degree (LL.M.) focusing on cyber issues, particularly from national security and computer crime investigation perspectives. He was then sent back to the Air Force’s intelligence community to advise on cyber and signals issues from a legal standpoint, allowing him to delve deeply into national security. This role involved understanding operational procedures, privacy considerations, and the protection of U.S. persons’ information from a legal perspective.
Jeff then became the head lawyer for the Air Force’s two operational cyberspace wings. These wings handle everything from network operations and maintenance to network defense and offensive cyber operations, directly engaging with other states in cyberspace. After gaining extensive experience, he was asked to teach these issues. He spent the last three years of his active duty at the Naval War College in Newport, Rhode Island, focusing on cyber and outer space issues, exploring the intersection between space and cybersecurity.
Teaching and Research in Cyber Law
After retiring from the Air Force, Jeff joined the Air Force Academy to continue teaching at the undergraduate level and conduct more research on emerging technology and cyber issues. His goal is to ensure the implementation of the best policies and equipment in the military regarding cybersecurity. Jeff has been teaching at the Academy for about five years, in both the law and political science departments. In addition to the cyber law course, he teaches a cybersecurity policy course and international law courses.
Jeff’s primary research areas have been on the international side, particularly the use of cyber capabilities under international law. However, the domestic and international aspects of cybersecurity often intersect, especially in the military, where they handle everything from network operations and criminal prosecutions to intelligence collection and offensive cyber operations. This broad scope makes being a lawyer in military cybersecurity uniquely interesting, offering involvement in a wide range of activities.
Perspectives on the Cybersecurity Program
Teaching cyber law is challenging because cyberspace impacts every aspect of society. When teaching the CSU Cyber Law course, Jeff starts by identifying what we aim to achieve in cyberspace, the values we want to protect, and the benefits of cyberspace that we seek to preserve. He believes it’s crucial to keep these factors at the forefront when evaluating the law. If the law doesn’t align with our national values in cyberspace, it needs to be reconsidered.
The course begins with these foundational questions and a technical refresher. It then explores aspects of cyberspace that challenge our understanding of the law. The course is divided into four sections: criminal jurisdiction in cyberspace, investigations, electronic surveillance and criminal investigation from a national security perspective, and international considerations. Current or emerging topics, such as artificial intelligence, are also incorporated.
All courses in this program address critical practical requirements, offering different perspectives but focusing on the same core issues. This iterative approach ensures that participants get exposed to these laws and learn to think about them from legal and policy perspectives rather than just technical ones.
Legal Program for Non-Lawyers
This program is primarily for non-lawyers, though some lawyers are enrolled. It’s designed to help participants understand and navigate the complexities of cyber law and policy, regardless of their professional backgrounds.
For individuals in compliance or technical roles who want to enter the cybersecurity field without pursuing a JD, a program that emphasizes the legal aspects of cybersecurity can be highly beneficial. This program goes in-depth, offering courses with JD students, which provides a broad perspective on these issues.
For a long time, cybersecurity was viewed primarily as a technical problem to be solved with enough firewalls and network widgets. However, we are now in an age where the importance of integrating both technical and legal perspectives is widely recognized. Understanding legal issues doesn’t require being a lawyer. Non-lawyers regularly advise on legal-related issues, such as compliance. Knowing what to do in the event of a breach is critical.
A program like this provides a comprehensive perspective, beyond just the technical aspects of networking and configuring firewalls. Without understanding the legal side, you’re only getting half the story and risk losing the cybersecurity battle. For those who want to practice law, a JD is the appropriate route. It’s a generalist degree that includes the option to pursue a certificate in cybersecurity, including taking courses like those offered by Brian Ray.
Career Outcomes and Opportunities
The career outcomes for MLS graduates have been diverse. Students come from various backgrounds and have different career goals. Many are already in the IT field, while others are in compliance. They pursue this degree to advance their careers, particularly those aiming for strategic roles on senior teams.
This program offers a 360-degree view, teaching valuable law and policy concepts that are crucial throughout a career, especially as one progresses into strategic roles. Understanding these aspects helps professionals ask intelligent questions, position their organizations proactively, and develop solutions as policies evolve.
Some students with no technical background have moved into compliance roles, particularly in governance, risk, and compliance (GRC). Others have transitioned into technical roles. For those without a technical background, additional certifications may be necessary to get up to speed for technical positions. The program also offers technical courses and alternatives for those with sufficient technical grounding, ensuring they receive a comprehensive education tailored to their needs.
The integration of legal and technical perspectives in cybersecurity education is essential for comprehensive understanding and effective practice. CSU emphasizes these dual aspects to prepare professionals for strategic roles, equipping them with the skills to navigate and address the evolving challenges in the cybersecurity landscape.