(On Campus Interviews, Summer Associate positions, Firm Reviews, Tips, ...)
Forum rules
Anonymous Posting

Anonymous posting is only appropriate when you are revealing sensitive employment related information about a firm, job, etc. You may anonymously respond on topic to these threads. Unacceptable uses include: harassing another user, joking around, testing the feature, or other things that are more appropriate in the lounge.

Failure to follow these rules will get you outed, warned, or banned.
Posts: 351
Joined: Wed Jan 07, 2015 4:44 pm


Postby BNA » Sat Nov 18, 2017 4:14 pm

Starting a post-J.D. masters program in cybersecurity from NYU Law and Tandon Engineering, and I'm looking for discussion on information privacy compliance and client advice. Hard to find dedicated practitioners. Most I've talked with spend most of their time in corporate/sec.

Posts: 3894
Joined: Wed Aug 18, 2010 11:07 am

Re: Cybersecurity

Postby haus » Sat Nov 18, 2017 9:09 pm

My gig is mostly been focused on incident response.

This brings me into contact with my orgs privacy team frequently for both operational issues and for planning/policy issues as well.

Posts: 35
Joined: Fri Apr 21, 2017 11:00 am

Re: Cybersecurity

Postby sgd19 » Sat Nov 18, 2017 9:55 pm

Is there a lot of work in this area? Seems like you wait for some crisis to happen and then respond. Or is there more proactive legal work here?

Posts: 3894
Joined: Wed Aug 18, 2010 11:07 am

Re: Cybersecurity

Postby haus » Sat Nov 18, 2017 10:22 pm

sgd19 wrote:Is there a lot of work in this area? Seems like you wait for some crisis to happen and then respond. Or is there more proactive legal work here?

I have been in IT for over a quarter century, the last dozen years I have spent in specifically InfoSec. I have seen growth in the legal tie-ins to both IT and InfoSec. This is especially true in gov and highly regulated industries. The most dramatic is the use of attorneys in breach response teams (often these teams are outside hired hands specializing in incident response... e.g. Stroz Friedberg), more boring, but more predictable are an increase of jobs in policy/procedure for internal work as well as reviewing plans/contracts with external partners/vendors/customers (any groups needing significant data sharing), also I am seeing more interest to have attorneys directly on teams dealing with managing PII/SI (think conforming to law/policy/contracts in storage, movement, and use of, as well as dealing with the the clean-up along side the incident response team when something has been exposed).

User avatar
Posts: 54
Joined: Mon Apr 20, 2009 4:03 am

Re: Cybersecurity

Postby helloscriptkitti » Sat Nov 25, 2017 2:30 am

I worked in Cybersecurity b4 attending a T14 and I'm back in cybersecurity 2 yrs after graduating (long story). There is definitely a lot more overlap between legal and cybersecurity than there was when I first started (in 2004), especially in highly regulated industries like Financial Services and healthcare. I work in healthcare where the HIPAA Privacy and Security regulations are being heavily impacted by the digitization of medical records and services. I'm in a non-legal role and am officially a member of the cybersecurity team (information security risk mgmt), but I interact with the in-house counsels and compliance attys on a constant basis. Because the attys are not technically-inclined, my technical + legal knowledge allows me to serve as an advisor and intermediary between the legal, business and technical teams. Not only am I involved in writing a lot of cybersecurity policies, but I also assist them with contract review from an information security risk perspective and conduct third-party risk assessments on the vendors that the organization contracts with, evaluating them from a technical, legal and business risk perspective. Additionally, in the event of a data breach, I have had to write incident reports and conduct assessments to determine whether the incident or breach warranted reporting to the govt based on HIPAA compliance requirements. This is something that the Compliance Attys would not be able to do on their own because they are more focused on the Privacy aspects of HIPAA (more procedural and policy-based), rather than the security side (more technical).

I can only see the dependencies and overlap between cybersecurity and law continuing to expand at a very rapid pace and across many different disciplines and industries. A lot of those positions will probably be focused on risk management, because let's face it, attempting to minimize risk is pretty much all you can do in the cyber world. It's usually not a matter of if an organization will be attacked, but when.

Lesion of Doom
Posts: 26
Joined: Sun Jun 25, 2017 12:22 am

Re: Cybersecurity

Postby Lesion of Doom » Sat Nov 25, 2017 3:42 am

^ Thank you for that response. I'm very interested in this area and have pursued some coursework to that end — seems to be the Wild West in some respects.

That said, how would you assess the realm market by market? I'm headed to NYC and presume there's less HIPAA-type work available, but I'm curious if the policy side is available there and not only security.

Return to “Legal Employment”

Who is online

The online users are hidden on this forum.