Guest speaker Darren Hayes joined Seattle University’s Kelli Rodriguez Currie to discuss the expanding future of cybersecurity compliance and how Seattle U’s Online Master of Legal Studies program, specifically with a concentration in cybersecurity compliance, primes you for success in this expanding field.
Darren is a leading expert in the field of digital forensics, intelligence, cyber security and IT risk management. He is the Founder and Director of the Pace University Digital Forensics Research Lab and an Associate Professor at Pace in New York. Find him on the Top 10 Computer Forensics Professors list by Forensics Colleges, the author page of multiple books, and sometimes on TV.
Darren worked in financial services for over 13 years before transitioning to teaching and digital forensics. He was motivated by its potential, and powerful usage to find exploited children and human trafficking victims. He both teaches digital forensics and practices it at his own consulting company, where he works on both civil and criminal investigations.
Defining Security and Digital Forensics
When we think about security, we think about taking proactive steps to protect different networks. Security includes everything from your front door Ring Alarm to your online presence. Recent years have seen the emergence of threat intelligence, a facet of security that looks beyond obvious tools and protection systems to investigate digital protections like a ring doorbell – and social media. Employers may use social media to keep tabs on employees; on a larger scale, the sports and entertainment industry might use it to weed out attendees bringing weapons or launching drone attacks. Social media may bring to light sudden criminal activity before more traditional methods.
Digital forensics covers these concerns, led by professionals brought in to investigate network attacks, data breaches, or other technological crimes. They work within the bounds of the legal system to ensure that evidence is securely moved from person to person while meeting compliance standards. Security professionals and incident responders used to be the primary lead on most incidents, including network breaches.
With new privacy legislation (GDPR, CCPA, etc.), however, there has been a leadership shift to newly created positions, such as “Cyber Legal”. These corporate attorneys may have both a law degree and a degree in computer science or information technology. Data Protection Officers (DPOs) also play a leadership role for their designated country or region. Last but not least, compliance obviously plays a crucial role notifying regulatory bodies about what happened, when it happened, and who was impacted when a breach occurs. Last but not least, compliance obviously plays a crucial role notifying regulatory bodies about what happened, when it happened, and who was impacted when a breach occurs.
Increasing Concerns About Risk Management and Cybersecurity
Many states have decided to introduce privacy protections for their citizens. For example, the California Consumer Privacy Act determines that if a company suffers a breach there are certain customer protections but a limit to the amount of information that a company collects on them. Still, there’s only so much good generalized efforts can do. Another much-discussed protection option, cyber insurance, will likely be denied to most companies, and even when granted it won’t cover everything. So, clearly, people are key.
As boards of directors have more concerns over cybersecurity, planning, and response, they bring on more professionals with cybersecurity expertise. These new team members can provide necessary feedback on a company’s cybersecurity trajectory, especially when all eyes are on recent attacks that have brought other companies to their knees.
A number of years ago the FBI reported that there are more than four thousand ransomware attacks daily, so jobs in cybersecurity and incident response are not going away. In fact, there is a lack of job candidates. Even political warfare can include cybersecurity, which opens up still more possibilities. Here lies the importance of people in threat, intelligence, and performing background checks.
Cybersecurity strategies are very important for companies. You may cringe at the price tag associated with investing in security tools, but they guard against potentially multimillion-dollar losses if a hack occurs. Supply chain risk management is also essential. It’s wise to continuously train your employees in the implementation of any preventative strategies, rather than just maintaining old protocols.
What questions might a compliance officer ask to begin improving the company’s protections? First, it’s important not to assume the security team is doing everything perfectly. Consider auditing your security team to ensure that they’re doing the right thing, then continue communicating with that team. Ask yourselves what your company’s “crown jewels” are, meaning the assets that set them apart from the competition, and analyze the efficacy of security measures protecting those assets. Together, determine if you’re prepared for a cyber attack. Some companies even perform tabletop-style exercises simulating an attack, thus identifying risks and putting a corresponding plan in place.
Your Cybersecurity Compliance Future
Darren knows his work in digital forensics has the power to improve, and even save, lives. Preventing human trafficking, the exploition of children, and black-market dealings on the dark web can all start with data and cybersecurity compliance. Being part of the investigative side has helped him identify areas where security can be improved, so he is highly motivated to keep growing his skills.
If you’re interested in a similar career that provides endless job opportunities and the hope of a better world, consider earning an MLS in Compliance and Risk Management from Seattle U. With a concentration in Cybersecurity and Data Privacy, you can become a top candidate for all those job openings! We provide you with a foundational knowledge of the American legal system so you can understand the technical and business dimensions of cybersecurity and privacy, plus current laws and regulations.