From law school graduate to information governance advisor
Like most cybersecurity professionals, Adam I. Cohen’s path into the industry was typically atypical. Before his career trajectory catapulted him into a world of computer systems, networks and electronic data, he was a young attorney working with a large law firm in New York.
When he graduated Duke Law School and became a lawyer in the mid 1990s, things like the internet, computers and even cell phones weren’t as common as they are today. But as fate would have it, Adam’s first major case revolved around computer networks. It’s this early case that Adam credits for kicking off his love affair with information technology.
“I fell in love with computers there and then,” said Adam. “It was in the mid 90s and the internet was exploding. All these fascinating legal issues were arising and I got more and more focused on technology.”
After that first computer networking case, Adam served as an information governance advisor on important trade secret cases involving digital forensics and corporate espionage investigations. He also co-authored a legal treatise, Electronic Discovery: Law and Practice, on electronic evidence issues that was cited in several landmark federal court opinions on data privacy and digital forensics.
“The law is always slow to catch up to technical developments,” said Adam. “It was so cool to be a part of cybersecurity law early on and watch it evolve so rapidly.”
The path to cybersecurity
While working at the New York law firm, Adam quickly became the primary litigator for IT-related legal matters. He was duly promoted to partner. Things moved quickly thereafter.
In 2004, Adam started teaching law to help educate the next generation of lawyers about information technology and security — a tradition he continues today at prominent institutions like Georgetown’s Cybersecurity Law Institute, Cardozo Law School and Fordham Law School.
“I love teaching,” said Adam. “Cybersecurity is such an important concept for lawyers to understand. The technical and legal risk issues in business are inseparable. It’s two sides of a coin.”
Driven by his insatiable passion for cybersecurity and his desire to take things to the next level, Adam left the New York firm in 2006 to take a senior role at FTI Consulting. Working in the firm’s technology division, he worked on many high-profile investigations involving electronic evidence like the Major League Baseball investigation into alleged performance-enhancing drug use.
In pursuit of cybersecurity knowledge — and the CISSP
Adam left FTI in 2010 and stepped into a position at Ernst & Young’s Forensic Technology practice. This was an exciting time as cybersecurity issues were front-page news for the first time in history. It was at this time he started studying for his CISSP certification.
“Preparing for and earning my CISSP certification was a major milestone in my career,” said Adam. “With the exception of prior cybersecurity law practice, I had no technical background. Earning my CISSP gave me the confidence and the foundation I needed to speak with technical clients on their level.”
Adam enrolled in Infosec’s CISSP Boot Camp in 2014 to prepare for his upcoming exam. Led by Infosec instructor Ken Magee, the course proved vital to Adam’s certification success.
“I knew Ken previously from his training videos and materials,” said Adam. “I was so excited he taught the course — he prepared us well for the test. I’ve stayed in touch with Ken since and have even had him speak at a few events.”
Later, Adam went on to earn his Certified Cloud Security Professional (CCSP) and Certified Ethical Hacker (CEH) certifications. “I started studying for my CCSP because I recognized at the time cloud computing was taking over the world,” said Adam. “Certs like the CCSP provide a foundation for understanding different cloud platforms like AWS, Azure or Google Cloud.”
Advancing in the cybersecurity space
After leaving Ernst & Young in 2015, Adam helped set up a new practice at Berkeley Research Group. The practice, which helps companies probe cybersecurity breaches, touches on areas ranging from cybersecurity to data privacy. He has also founded Digital Discipline, an independent advisory practice.
Just one short month after being inducted into the Infosec Hall of Fame, Adam joined BakerHostetler’s Digital Risk Advisory and Cybersecurity team where he’ll continue to help individuals and organizations mitigate cybersecurity risk through his legal and cybersecurity counsel.
Onward and forward
Although Adam has achieved a great deal of success during his career, he’s not slowing down any time soon. The fast-moving cybersecurity space is as exciting to Adam now as it’s ever been. He has plans to continue teaching and possibly, even publishing another book on cybersecurity, law and compliance.
“I’m always working on publications to help educate practitioners and enterprise stakeholders on cybersecurity-related issues. When it comes to staying up to date on cybersecurity and law, learning becomes almost a ritual,” said Adam. “I spend hours everyday reading and learning new things. You have to understand the technical and practical part of cybersecurity to really speak authoritatively about cybersecurity and law.”
It’s this passion for cybersecurity, information sharing and dedication to continuous professional development that makes Infosec proud to name Adam a 2020 Infosec Hall of Fame Inductee.