In response to the changing landscape, lawmakers in California put the California Consumer Privacy Act (CCPA) into motion, and its far reaching impact will influence cybersecurity careers, said Byron Johnson, Channel Sales Manager at the International Association of Privacy Professionals (IAPP), and Jeff Peters, Product Marketing Manager for Infosec, when they joined us for a recent webinar, “Privacy is shaping the future of cybersecurity careers: Are you ready?” Here’s what we learned.
1. Privacy laws are changing cybersecurity
“CCPA is the start of an experimentation period in the U.S,” Johnson said. “I think what we’ll see is states choosing their version of CCPA and GDPR and doing it in their own way, and then possibly the federal government looking at the guinea pig states to see what they’re going to do federally.” That experimentation means cybersecurity professionals should expect continuing changes in the coming years, and those who can keep their skills ahead of those changes will be better positioned for the new types of careers that emerge. How will the CCPA privacy law affect cybersecurity?
2. Privacy skills apply to many different cybersecurity roles
“You may not need to be privacy policy experts, but any cybersecurity or information security professional absolutely should expect privacy to touch their job requirements meaningfully,” Johnson said. “Changing your mindset from an information security focused one to an information privacy focused one is a challenge, but the IAPP and Infosec are here to help.” Johnson recommends the following certifications to help navigate privacy concerns faced by security professionals:
CIPP/US and CIPP/E (Certified Information Privacy Professional): Understanding the law and regulation based in the U.S. and Europe; the “what” of data protection in the U.S. and abroad CIPM (Certified Information Privacy Manager): Implementing privacy in an organization; the “how” of privacy from a management perspective CIPT (Certified Information Privacy Technologist): Implementing privacy in applications and systems; the “how” of privacy from a technology perspective
3. The CCPA is expected to have wide-reaching impact
The CCPA is a new law designed to give California residents more control over the use of their data and regulators increased powers to fine organizations that do not comply with the new privacy rules. With California recently becoming the fifth largest economy in the world, the CCPA has been compared to the EU’s General Data Protection Regulation (GDPR) in regards to potential scope. The IAPP estimates that more than half a million companies will be affected just within the U.S. — and there’s the possibility that the CCPA could hasten the creation of a national law. As California goes, the nation tends to follow. To learn more about how your organization will be affected by the CCPA, check out Infosec’s free CCPA ebook: “California Consumer Privacy Act of 2018: What you need to know.”
4. Privacy skills will help you stand out
An increased attention to privacy is shifting the foundations of the cybersecurity industry. Incoming infosec professionals trained with privacy in mind may have a leg up on job opportunities in the field. “I think a lot of people have approached privacy backwards where they’re cybersecurity experts and now they’re trying to catch up on their privacy,” Peters said. “It’ll be interesting to see some of these new people in cybersecurity — if they come up with privacy and that’s the foundation they’re building their cybersecurity skills on. That is kind of a flip of what we’ve been doing, and could potentially be a big differentiator as you progress in your career.” Watch the full webinar to learn more about how privacy certifications may help your cybersecurity career.