Cybersecurity remains a growing field in the legal arena. This field, however, can be difficult for a law student to enter, and I hope my points prove helpful in advising students in their endeavors. Since this is a brief introduction, I cannot cover every topic or detail—though I will write more later. I recommend that you conduct extensive research about the field—numerous articles exist online about how to become a cybersecurity lawyer—and consult with cybersecurity lawyers and IT professionals.
As a cybersecurity lawyer, one can work either as a litigator or advisor. What’s the difference between the two you ask? The lawyer who litigates also advises; however, the lawyer who advises usually does not litigate. At a minimum the advisor may assist a company or law firm with pre-litigation matters. With that said, if you seek to litigate, hone your legal skills in civil/criminal litigation.
You also cannot neglect learning about innovative technology, IT best practices, reviewing IT news, etc. As for cybersecurity news, Krebs on Security provides detailed news coverage on the latest cyber threats, cyber-attacks, and investigative journalism on cyber-related issues.
My suggestions below lean more toward gaining technical knowledge and skills.
- Take IT courses. No, you do not need to major in computer science, information technology, or cybersecurity—though certainly that can help. But at a minimum take a basic networking or cybersecurity course. These courses will aid you in understanding networks from the standpoint of IT professionals. Additionally, you should take law courses on privacy and/or cybersecurity at your law school. Learn the current issues that emerge in the field and case law.
- Take IT training. You should gain hands-on IT experience through IT training. Though a cybersecurity lawyer will probably never configure a router, she should know how routers function. Most IT training tends to be expensive and require large amounts of time, so make sure you possess an unwavering commitment in honing your technical skills as a cybersecurity lawyer. For instance, SANS offers training that can cost over $4,000 for 40 hours’ worth of training! I highly recommend that you research affordable training opportunities in your area. If no IT training exists in your area, then look for virtual training.
- Obtain IT certifications. IT certifications demonstrate a basic knowledge of cybersecurity and computer networks. Studying for a certification will provide you with a conceptual framework of how IT professionals manage security risks and mitigate vulnerabilities. CompTIA offers Security+, Cybersecurity Analyst+, Pentest+, and CompTIA Advanced Security Practitioner. SANS offers certifications and trainings in six areas: cyber defense, industrial control systems, penetration testing, digital forensics and incident management, developer, and management and leadership. This list is not exhaustive. Unfortunately, most of these certifications—with the exception of SANS and a few others—require little, if any hands-on IT training and experience.
As I have already mentioned, I only provided a brief introduction on how to become a cybersecurity lawyer. Follow the path that best suits you. For instance, some individuals may not need an IT certification, and others may find it useful.
I personally recommend gaining as much hands-on IT training as your time and budget allows. I am not suggesting you become an IT expert; most lawyers work alongside IT professionals to achieve the results their clients want.
Gaining hands-on experience, however, can be helpful when having discussions with IT professionals and management. Many IT professionals—management included—grow frustrated of lawyers who claim cybersecurity expertise, to only discover that they possess a rudimentary knowledge of cybersecurity issues. On the other hand, IT professionals enjoy working with lawyers who understand cybersecurity, and seek those lawyers out. I hope you desire to become the latter kind of lawyer. Good luck on your journey!
Leonard Willsis a presidential management fellow in Washington D.C.