Starr McFarland talks privacy: 5 things to know about the new, online IAPP CIPT learning path
Infosec has launched a new IAPP CIPT learning path exploring the intersection of technology, data security and policy. If you’re like Infosec Instructor Starr McFarland, with multiple interests and a desire to protect the public, this might be your perfect path.
“I have two sides,” says Starr; “I really love the techie side, and I love the law side and blending those in this path is fun.” Data privacy is not only fun for Starr, it’s fundamental for preserving our autonomy as individuals living in an ethical society.
To illustrate the importance of privacy and the misuse of data, Starr sites a 2016 internal prominent social media platform study that found that 64% of users who joined extremist groups on their platform did so because the platform itself suggested them.
Privacy is a public concern. Earning a Certified Information Privacy Technologist (CIPT) is a career enhancer, with benefits exceeding the personal and protecting us all. We spoke with Star McFarland about her new learning path, her passion for privacy and her advice for getting into the field.
Get your free course catalog
What is the IAPP CIPT path about, and how does it compare to the CIPP?
Starr: This path prepares you to earn the CIPT, the globally recognized privacy and technology credential from the International Association of Privacy Professionals (IAPP). It’s a good opportunity to take the techie side of things and the law side and see where they connect and how they work together to protect privacy for our users. At the same time, the CIPP path helps you further your organization’s goals and meet its needs.
Along with the CIPT, I also hold the CIPP/US. That certification is more law-heavy, with an overview of the technical side of things because you want to know how those will play into the laws you have to adhere to. CIPT is the opposite of that. It's more the technical side of things with a little bit of the law. The two complement each other well.
Who is this path for?
Starr: It helps to have a basic understanding of networking, security and the web before taking this path. Still, even if you don't, this path could apply to Legal professionals and those who are more on the process side of things, who want a better idea of the technology that supports the laws and processes they're working with.
Privacy engineers and even DevOps could also benefit from this path. They're probably already going to have the security side rooted, but it will help them see how privacy applies to their roles. Additionally, this path is helpful if you’re in management or at a level where you're not necessarily hands-on, but you need a broad view of how the tech, data security and policy all work together.
What will students learn in these courses?
Starr: You'll get a background in privacy theory, a short overview of the legal and privacy governance issues and a broader overview of different technical issues and frameworks. We'll cover threats and violations, privacy by design, data management strategies, encryption and more.
It's not so much — this is how you implement these specific security features. It's more of, these are the security areas that you need to be mindful of, this is a general overview of how encryption works or this is an overview of privacy roles in IT. You'll also get tips on passing the CIPT exam and practice materials.
What advice do you have for breaking into cybersecurity or best practices for those in the field?
Starr: One answer to that question is, do this! By that I mean, producing and sharing content of value. I got interested in privacy and security, earned a couple of certifications, was contacted by Infosec to create this path and the opportunity has opened doors. I suggest creating something helpful, perhaps even a social media post, that you can provide to others.
More generally, I would say, study as much as you can and find the relevant certifications for the area you want to go into. In particular, the IAPP certifications are well known and sought for privacy.
Why are you so passionate about privacy?
Starr: We're moving into more of an understanding, generally in our culture, of the effects of the use of data. People are paying more attention for a good reason. I think some of the polarization that we have currently is because we can so granularly observe people and feed them information that reinforces the bubble that they're already in. Then we don't even see the other bubbles because everything gets so narrowly focused.
This, to me, is fundamentally the biggest reason that I'm passionate about privacy. It sounds a little extra, but I think that our society depends on privacy and on how we handle our data.
To learn more about the CIPT learning path create your free Infosec Skills account.
- Expert instruction
- Hands-on labs
- Unlimited access
In this Series
- Starr McFarland talks privacy: 5 things to know about the new, online IAPP CIPT learning path
- Is AI cybersecurity in your policies?
- The top security architect interview questions you need to know
- Federal privacy and cybersecurity enforcement — an overview
- U.S. privacy and cybersecurity laws — an overview
- Common misperceptions about PCI DSS: Let’s dispel a few myths
- How PCI DSS acts as an (informal) insurance policy
- Keeping your team fresh: How to prevent employee burnout
- How foundations of U.S. law apply to information security
- Data protection Pandora's Box: Get privacy right the first time, or else
- Privacy dos and don'ts: Privacy policies and the right to transparency
- Data protection vs. data privacy: What’s the difference?
- NIST 800-171: 6 things you need to know about this new learning path
- Working as a data privacy consultant: Cleaning up other people’s mess
- 6 ways that U.S. and EU data privacy laws differ
- Navigating local data privacy standards in a global world
- Building your FedRAMP certification and compliance team
- SOC 3 compliance: Everything your organization needs to know
- SOC 2 compliance: Everything your organization needs to know
- SOC 1 compliance: Everything your organization needs to know
- Overview: Understanding SOC compliance: SOC 1 vs. SOC 2 vs. SOC 3
- How to comply with FCPA regulation – 5 Tips
- ISO 27001 framework: What it is and how to comply
- Why data classification is important for security
- Threat Modeling 101: Getting started with application security threat modeling [2021 update]
- VLAN network segmentation and security- chapter five [updated 2021]
- CCPA vs CalOPPA: Which one applies to you and how to ensure data security compliance
- IT auditing and controls – planning the IT audit [updated 2021]
- Finding security defects early in the SDLC with STRIDE threat modeling [updated 2021]
- Cyber threat analysis [updated 2021]
- Rapid threat model prototyping: Introduction and overview
- Commercial off-the-shelf IoT system solutions: A risk assessment
- A school district's guide for Education Law §2-d compliance
- IT auditing and controls: A look at application controls [updated 2021]
- 6 key elements of a threat model
- Top threat modeling frameworks: STRIDE, OWASP Top 10, MITRE ATT&CK framework and more
- Average IT manager salary in 2021
- Security vs. usability: Pros and cons of risk-based authentication
- Threat modeling: Technical walkthrough and tutorial
- Comparing endpoint security: EPP vs. EDR vs. XDR
- Role and purpose of threat modeling in software development
- 5 changes the CPRA makes to the CCPA that you need to know
- 6 benefits of cyber threat modeling
- What is threat modeling?
- First Safe Harbor, then Privacy Shield: What EU-US data-sharing agreement is next?
- How to make cybersecurity budget cuts without sacrificing security
- How to mitigate security risk in international business environments
- Security theatrics or strategy? Optimizing security budget efficiency and effectiveness
- NY SHIELD Act: Security awareness and training requirements for New York businesses
- Time to update your cybersecurity policy?
- Ultimate guide to international data protection and privacy laws
Management, compliance & auditing
Management, compliance & auditing
The top security architect interview questions you need to know
Management, compliance & auditing
Management, compliance & auditing