Myth Busters: Practicing Cyber Law is not Just Zeros and Ones

By Justine M. Phillips and Jessica Gross

Cyber is an emerging area of law that is fascinating, challenging and rewarding. Throughout San Diego, cyber attorneys are finding themselves advising clients on issues related to artificial intelligence, cybersecurity, data privacy, eCommerce, information governance, third-party service agreements, and insurance, among other things. As more technologies integrate into our day-to-day lives, there is no question the need for cyber lawyers will continue to grow. But statistics across sectors show a dearth of professionals who can fulfill roles related to data security and information technologies. Without question, part of the shortage stems from misconceptions about this practice area. We are here to demystify the practice, what it means to be a cyber lawyer and hopefully encourage you to venture into cyberspace.

Myth #1: Cyber Lawyers Need to Have a Computer Science Degree or Technical Skills
While attorneys must “have sufficient learning and skill when the legal service is undertaken” [Cal. Rule of Prof. Conduct 1.1(C)], being a competent cyber lawyer does not require a degree in computer science, software engineering or even a technical background. This is just as an attorney practicing medical malpractice does not need to be a doctor. All that matters is that you “acquir[e] sufficient learning and skill before performance is required” (Id.). If you have a natural curiosity about how technological developments affect real-world problems, then learning this area of law and gaining the experience you need to be a competent cyber lawyer will come easily.

To the extent attorneys need to acquire additional expertise, there are many educational opportunities throughout San Diego. Community organizations regularly provide free or low-cost seminars with CLE opportunities, including the San Diego ESI Forum and the San Diego County Bar Association. Other national and industry group resources are increasingly being catered to this profession, providing more and more conferences and workshops on the full gambit of issues in cyber. For example, IAPP Knowledge Net offers privacy and security seminars, as well as InfraGuard San Diego — an FBI-affiliated nonprofit 501(c)(3) dedicated to mitigating criminal and nation-state threats, which also affect private companies and individuals. Finally, there are several certificate programs for those who want to truly pursue expertise, such as CIPP and CISSP certifications.

Myth #2: Cyber is for People with Logical Minds, not People with Creative Minds
People who enjoy challenging and creative work thrive in this area. Matters in cyber often involve crisis management and triage. This is particularly so in the case of responding to a ransomware attack, data breach or fraudulent wire transfer. In such instances, cyber lawyers liaise with in-house counsel, law enforcement, IT and forensic investigators to craft novel solutions to unique threats, all the while managing the varied and sometimes competing view points from stakeholders involved. In this sense, you must be a flexible and adaptive problem-solver to be effective, which are skills most often expressed by creative minds.

Myth #3: Cyber is a Completely New Field Dependent on Novel Legal Concepts
For better or for worse, cyber lawyers continuously find themselves applying well-established laws and legal concepts to problems in cyberspace. For example, trade secret theft today commonly involves a worker exporting computer files onto a USB or through their personal email, as opposed to copying physical files or walking out of the office with company property. But these new circumstances under which trade secret theft may occur do not change the California Uniform Trade Secrets Act or the burden of proof to succeed on such claims. Similarly, vendor management and third-party contracts are involved in many aspects of a cyber law practice. Thus, strong contract drafting skills or experience in transactional law can help a cyber attorney ensure a servicing agreement contains appropriate indemnification clauses and liability limitations. What remains important throughout is gaining a strong understanding of any technological aspects of matters that touch cyber, then creatively applying those considerations to traditional legal concepts.

Conclusion
Cyber law is a growing field that will continue to expand as we increasingly become dependent on technologies in our day-to-day lives. According to a 2017 study sponsored by Herjavec Group, a leading global information security advisory firm, there will be 3.5 million unfilled positions in cybersecurity by 2021. While this number reaches beyond just cyber lawyers, it reflects the reality that many shy away from a career in cyber. At least some of this is because of common misconceptions about the field. But cyber is not just zeros and ones: it is a dynamic area of law that touches both the mundane and sacred aspects of our modern human experience. And in this way, it is one of the most interesting and important practice areas an attorney can pursue.

Jessica Gross is an attorney at Sheppard, Mullin, Richter & Hampton LLP.

Justine M. Phillips is a Partner at Sheppard, Mullin, Richter & Hampton LLP.