Greetings!
As you may have noticed, over the past year my cadence of posts has decreased. There has been a good reason for this, and in this post I plan to inform you what I have been up to, and what to expect going forward. However, to understand what is coming and why I did what I did, a look at some history may be in order.
A Focus on Data Protection
Prior to Europe’s General Data Protection Regulation (GDPR) entering enforcement, I was responsible for tagging marketing/analytics pixels in my role at the time. As a result of this, I was already keeping track of the various technical changes (such as Safari’s Intelligent Tracking Prevention) that were impacting data collection / data quality.
When the direction came down we had to become ready for GDPR. I was assigned to the project as the engineering resource due to my familiarity with the data collection that was in place. I decided to assist the lawyers and read the entire GDPR text prior to my first meeting with them. This turned out to be a key factor in how fast we could move and I became a sort of translator between the broader technical team and the lawyers. I greatly enjoyed this interaction of law, technology and security, and volunteered to repeat the process the following year as we made ready to comply with California’s Consumer Privacy Act (CCPA).
In late 2018, I started blogging and writing about various privacy, security and legal topics due to my work on these projects. For the rest of my time at that employer, I would be involved in privacy discussions, as well as assist our computer security team with various training exercises, interfacing with the legal team as new concerns arose.
A Desire for More Formal Training
I would, in 2020, eventually switch companies to Further, where I currently work. As part of my day to day here, I am able to leverage my previous experience to assist our clients with data privacy questions. This ranges from explaining various technologies under consideration due to privacy concerns to assisting with consent management and data governance work as well as educational training for clients on related topics.
As the regulatory and technical environment became more complex, I sought to further my training in privacy engineering by completing IAPP’s CIPT and CIPP United States & CIPP Europe exams. This helped close some gaps I had in my knowledge, particularly in newer technology applications, but towards the middle of 2022 I started wondering what I could do next to continue to enhance my knowledge of data protection.
The Path I Selected
I started looking around at different certifications and programs, and would come to realize I had an issue that would make the next step difficult. In the early 2010s, I graduated college with an Associate of Science, in Information Systems Management, which had a concentration in Web Application Development. To this point I had done, I feel, remarkably well with the AS, but a lot of the courses I had interest in were a Masters or equivalent level. Faced with this, I ultimately opted to enroll in a Bachelors program in order to be able to later unlock the coursework I wanted, transferring in the credits from my Associate’s degree.
I wanted to stay in the realm of data protection, and since dedicated privacy courses don’t really exist at the bachelors level, I started looking at pre-law, and cyber security as possible options. After a lot of reflection, and quite a bit of research into both options. I ran an analysis of trends in recent data privacy laws and regulations. I felt a grounding in cyber security would serve me better as an undergrad and enable me to leverage my decade of experience in software development.
Cyber Security may seem a odd choice. Commonly, privacy work is seen as an intersection of security and law. From my view, privacy can exist without law (encryption goes back hundreds of years), but not without security. Further, nearly every new data protection law has the phrase “adequate technical, organizational and administrative safeguards” when it comes to the collection and storage of personal information, but seldom do the laws or their regulations actually define what “good” looks like. I thought this was interesting and would be a good course of study to drill into as a result.
With this decision made, I applied and was accepted to a school and this brings us to the last several months where I have been doing coursework on a range of cyber security topics. I also attempted and completed several certifications from CompTIA and ISC2 to validate I had sufficient understanding of the material I was learning.
In February 2024, I completed my final courses and earned a Bachelors of Science in Cyber Security and Information Assurance. This continues my focus on data protection and opens a few doors for continued education that were previously closed to me, while also enhancing my ability to review technical designs for compliance obligations from more than one lens.
What’s Next
Foremost, my goal is to get back to posting on this blog more regularly for the remainder of this year. The content will continue to focus on privacy topics, with perhaps a bit of an increase in security related material where it makes sense.
Secondarily, I plan to complete a Masters program in Cyber Security and earn a few more certifications that I would like to acquire in the security field. That said, the Masters program I selected is not as demanding as the undergrad curriculum I completed and so I feel I will have more time to support posting in the future through the rest of the year.
At this point, I will either be done with formal education, or seek to enroll in law school in a part-time program. Previously this wasn’t an option for me without relocation and earning a BS degree. However, I now have a BS degree and the American Bar Association has since begun to approve distance learning programs placing this option on the table. Should I opt to pursue this I would endeavor to tailor the education around contract law, cyber security and data privacy / protection topics to whatever extent is possible. I would be very curious to those lawyers who read this blog, your thoughts on the matter and any advice you may have to provide on this possible path.
So in closing, I have a rough path of where I want to go, and what it may take to get there – but I wanted to let you, the reader, know I am not done posting about Privacy and Security topics, and I expect to pick up cadence in the coming weeks.