The field of cybersecurity has been growing so quickly that law schools are now offering classes on the topic to fill the growing demand for lawyers with the specialty.
In spring 2016, Loyola Law School Los Angeles began offering a cybersecurity and data privacy law concentration.
“The goal is to teach students and practitioners the skills they need to work in this new, emerging environment,” adjunct professor Robert Kang said. “Our goal is to develop lawyers who can work with businesses to develop good products. In terms of big picture, we have the first comprehensive cybersecurity and data privacy program on the West Coast.”
On the East Coast, Georgetown University is recognized as an early adopter of cybersecurity classes.
The big picture includes working with companies to make sure security concerns are factored in when it comes to privacy, protecting against hacks and setting up a plan to deal with breaches when they do happen. Kang said the school provides a mixture of legal, technology and business management classes.
Meanwhile, at UCLA School of Law, assistant professor Kristen Eichensehr teaches a cybersecurity class. She started teaching the topic four years ago. She said classes on cybersecurity have become important because there are more and more cybersecurity laws.
“It’s a reaction both to developments in the law, and law firms adding cybersecurity groups," Eichensehr said.
Loyola’s program has so far been met with a lot of enthusiasm.
Michael Gold, partner and co-chair of the Cybersecurity and Privacy Group at Jeffer Mangels Butler & Mitchell LLP, called the program “wonderful.” Gold is based in Los Angeles.
Third-year Loyola Law student Jose Trujillo describes himself as a “tech fanatic, especially when it comes to cell phones.” He is also in the process of building his own computer. He has gone through the cybersecurity and data privacy concentration and will be starting a job in cybersecurity in August.
“We’re the only people with this formal training right out of law school,” Trujillo said. “We’re [at] the frontier of it all.”
But right now there may not be enough lawyers to fill the growing field.
“In a lot of law firms, lawyers are learning on the job,” Eichensehr said.
Gold originally focused on corporate and alternative government control issues. He represented customers of large software firms with computer system issues and learned about cybersecurity.
"When I worked on my first breach response nobody used the word cybersecurity yet," he said.
Today that’s changed, Gold said. Firms are becoming more proactive about cybersecurity as threats become more sophisticated.
“It has created a demand for expertise that are not being produced fast enough,” Gold said. “Cybersecurity engineers, analysts, chief information officers, cybersecurity lawyers, privacy lawyers. We’re not producing these players in large enough numbers.”
Eric Goldstein of O’Melveny & Myers LLP came to cybersecurity a different way. He worked as the branch chief for partnerships and engagement at homeland security’s office of cybersecurity and communications.
O’Melveny & Myers LLP has offices around the country. Goldstein is based in Washington D.C.
“Whether you’re a technologist developing a better firewall or a general counsel figuring out measures to protect the company, the end goal is the same. You want to protect your customers, your data and your intellectual property,” Goldstein said.
Gold said young lawyers “can’t do better” than cybersecurity right now, but many aren’t leaving school with the expertise.
“Law schools can do a better job,” Gold said. “It’s not enough to have one class in cybersecurity law because the subject itself is enormous.”