IT Law / InfoSec legal field

UnixGuy · November 2014

Not sure where to post this, but does anyone know much about the legal side of IT?

I assume one needs knowledge of both technology and the law.

How's this field like? What qualifications are needed for this kind of work?

Just thinking of ways to branch out of IT and use my IT knowledge somehow...

broli720 · November 2014

This role really falls to lawyers/C-level executives. You may deal with a component here or there in the legal field, but I don't know of any dedicated positions for this. A few fields you could get into with a legal spin are Risk Management or forensics. The CISSP also touches on a few legal topics such as copyright infringement and privacy, so that may be a good place to start if you want to learn more.

the_Grinch · December 2014

I can speak to this from a US regulatory perspective and with lawyers dealing in tech (this being on the prosecution side). In general, there seems to be a lack of lawyers with let's say fair technical knowledge. Add to it that the laws haven't caught up either and you see what a tough spot we are in. That being said, someone with technical knowledge and legal training would do extremely well in any number of areas. I tend to deal with lawyers a few times a month and usually in the capacity of explaining a piece of technology. I happen to work with some very bright lawyers who can follow along very well, but that isn't the case for everyone.

I tend to think that if I could afford it I wouldn't mind going back to school for a JD and become a lawyer. My Director once remarked that if I got a JD I would be taking his job in a few years. I will say don't forget that there are a ton of people with JD's or law degrees who can't find jobs.

moe12 · December 2014

I agree with what "the_Grinch" said. The laws have not caught up to technology yet. Copyright and Forensics work is getting your foot in the door. If you got your JD you could focus on only doing certain types of cases, but that will be tough.

GarudaMin · December 2014

I would say look into CIPP. It may be what you are looking for. At the very least, you gain an understanding of how regulations fit into security in terms of privacy/data protection.

GoodBishop · December 2014

UnixGuy wrote: »

Not sure where to post this, but does anyone know much about the legal side of IT?

I assume one needs knowledge of both technology and the law.

How's this field like? What qualifications are needed for this kind of work?

Just thinking of ways to branch out of IT and use my IT knowledge somehow...

I deal a lot with our legal department, and it's all about privacy and security language in contracts.

It's interesting and boring at the same time. Like one of the posters said, CIPP/US or CIPT or CIPM would be a entry stepping stone here. Ping if you want to know more about those tests.

UnixGuy · December 2014

So to summarize what everyone said...

In terms of qualifications, it's better (in terms of ROI anyway) to get certs like: CIPP CIPT CIPM CISSP....or maybe a JD but as a long term prospect...

I want an exist from the IT field somehow, and I think it'd be nice to build upon my years of experience and qualifications in IT.

Thanks for your responses, keep them coming!

For those who are working in the field, is the payment better than traditional sysadmin job? What about weekends/after hours?

Sunshine0101 · May 2018

I've been a solo trial lawyer for 14 years and I have told my child that she is not allowed to be one. Pay and hours suck and people's lives are in your hands so you work your butt off and do more for them then they do for themselves sometimes. They love you for a moment and then forget about you. I'm moving to tech.

Sunshine0101 · May 2018

. . . and now you know that I'm not in tech as I just replied to a four-year-old post.

LordQarlyn · May 2018

LOL hey don't feel bad you are far from the only one to do so.

And today is a good day to bring tech and law up since, GDPR goes into effect today, and US and non-EU businesses who wish to do business in the EU are going to need GDPR experts badly to help implement compliance at their companies, so for Infosec professionals, it's a good time to become a GDPR expert (actually, a couple years ago would been a better time lol).

Sunshine0101 wrote: »

. . . and now you know that I'm not in tech as I just replied to a four-year-old post.

thedudeabides · May 2018

Despite being an old thread, I think it's still relevant discussion. If someone has a solid tech foundation and can get a JD, I don't think they'd lack for work. JD's with specialized backgrounds such as science or medicine seem to do quite well. I think it would be the same for one with a strong IT background. I absolutely would have went to law school some years ago if I had had the $100k out of pocket. But I wasn't going to borrow for it.

yourtechcareer · May 2018

I'll reply to this old thread too because I see it's relevance

. I think a lot of people getting out of tech school or those that want to break into tech don't realize the different verticals that folks can specialize in, and Legal IT is a big field that needs infosec experts.

Before I was in tech I was an account manager for a few small businesses that did copy, scanning, e-discovery, and forensics for law firms. The e-discovery and forensics portion of the industry took over after the financial collapse in 2008 and copy/scanning went to the wayside. Now, electronic file management and discovery is king. E-Discovery experts are needed for projects to narrow down relevant documents for cases. One example is email. E-discovery specialists need to work software that can narrow down mass amounts of emails to ones relevant to a case and then de-duplicating them so attorneys aren't looking at different versions of the same email thread over and over. Forensics experts are needed for recovering data that has been lost or deleted. I just had a conversation a few weeks ago with a forensics specialist that had to recover some text messages off an older locked iPhone for a legal client. Sounded a lot easier than I expected!

Like folks were saying above, attorneys that specialize in Infosec have a bright future ahead of them. The MSP I work for has an attorney who just passed his CISSP. He is looking forward to a lot of work because of the new GDRP regulations. He can also help conduct cybersecurity risk assessments under the attorney/client privileged umbrella, so if a cybersecurity risk is found at a business, scheduled for a fix at a later date, and the business later has a breach because of that risk and is sued, the risk assessment can't be used against the business showing they knew about the risk.

Romerose321 · May 2018

Hello goodbishop. Please can you share some details as it is not allowing me to PM you. I would like to know the details

NavyMooseCCNA · May 2018

the_Grinch wrote: »

I can speak to this from a US regulatory perspective and with lawyers dealing in tech (this being on the prosecution side). In general, there seems to be a lack of lawyers with let's say fair technical knowledge. Add to it that the laws haven't caught up either and you see what a tough spot we are in. That being said, someone with technical knowledge and legal training would do extremely well in any number of areas. I tend to deal with lawyers a few times a month and usually in the capacity of explaining a piece of technology. I happen to work with some very bright lawyers who can follow along very well, but that isn't the case for everyone.

I tend to think that if I could afford it I wouldn't mind going back to school for a JD and become a lawyer. My Director once remarked that if I got a JD I would be taking his job in a few years. I will say don't forget that there are a ton of people with JD's or law degrees who can't find jobs.

One of my clients is a JD whose undergrad is in Computer Science. He acts like a complete novice with anything remotely technical. Almost like he did a braindump of anything technical. Maybe he finds it too difficult to keep up with both tech and law.

UnixGuy · May 2018

NavyMooseCCNA wrote: »

One of my clients is a JD whose undergrad is in Computer Science. He acts like a complete novice with anything remotely technical. Almost like he did a braindump of anything technical. Maybe he finds it too difficult to keep up with both tech and law.

Or he wants it to be someone else's problem

the_Grinch · May 2018

Ha, yeah there are definitely people out there who did Computer Science because they had enough credits too. I once worked with a State Trooper who had a CompSci degree, which at first had me pretty happy. It only took about 5 minutes of just general bantering for him to say he changed majors several times and by the end that was the degree he would get without taking more time. Adding too that he didn't even want to be in the CyberCrimes unit, but they saw the CompSci degree and wouldn't let him do anything else.

That being said I still believe that someone with proper technical and legal training will do very well. Privacy has made the big jump recently and let's face it there are laws or regulations revolving around just about everything we do. I know my two years of legal training definitely has assisted me in forming arguments and backing myself up on things we needed to do. Today I had a search warrant and as I read through it, it appeared the Detective had wrongly described the device. Called him up only to realize he had put the search warrants in the wrong order and that he did have the proper one in the stack.

TLeTourneau · May 2018

Our IS division has an investigative legal section that is made up of technologists and lawyers that seems to keep fairly busy. There is certainly work there for the right skill set.

IT Law / InfoSec legal field

Comments

'My dear you are ugly, but tomorrow I shall be sober and you will still be ugly' Winston Churchil