Professional development

CCPA and privacy concerns are shaping the future of cybersecurity careers

Megan Sawle
September 21, 2019 by
Megan Sawle

The way people view online privacy is rapidly evolving. Big technology companies, once widely celebrated as innovators, are facing increasing backlash over how data is being protected and shared — plus billion-dollar fines from government organizations. That shift has changed the way organizations of all sizes view privacy, and what they’re looking for when hiring cybersecurity professionals.

In response to the changing landscape, lawmakers in California put the California Consumer Privacy Act (CCPA) into motion, and its far reaching impact will influence cybersecurity careers, said Byron Johnson, Channel Sales Manager at the International Association of Privacy Professionals (IAPP), and Jeff Peters, Product Marketing Manager for Infosec, when they joined us for a recent webinar, “Privacy is shaping the future of cybersecurity careers: Are you ready?

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Here’s what we learned.


1. Privacy laws are changing cybersecurity


“CCPA is the start of an experimentation period in the U.S,” Johnson said. “I think what we’ll see is states choosing their version of CCPA and GDPR and doing it in their own way, and then possibly the federal government looking at the guinea pig states to see what they’re going to do federally.”

That experimentation means cybersecurity professionals should expect continuing changes in the coming years, and those who can keep their skills ahead of those changes will be better positioned for the new types of careers that emerge.


2. Privacy skills apply to many different cybersecurity roles


“You may not need to be privacy policy experts, but any cybersecurity or information security professional absolutely should expect privacy to touch their job requirements meaningfully,” Johnson said. “Changing your mindset from an information security focused one to an information privacy focused one is a challenge, but the IAPP and Infosec are here to help.” 

Johnson recommends the following certifications to help navigate privacy concerns faced by security professionals:

  • CIPP/US and CIPP/E (Certified Information Privacy Professional): Understanding the law and regulation based in the U.S. and Europe; the “what” of data protection in the U.S. and abroad
  • CIPM (Certified Information Privacy Manager): Implementing privacy in an organization; the “how” of privacy from a management perspective
  • CIPT (Certified Information Privacy Technologist): Implementing privacy in applications and systems; the “how” of privacy from a technology perspective


3. The CCPA is expected to have wide-reaching impact


The CCPA is a new law designed to give California residents more control over the use of their data and regulators increased powers to fine organizations that do not comply with the new privacy rules. With California recently becoming the fifth largest economy in the world, the CCPA has been compared to the EU’s General Data Protection Regulation (GDPR) in regards to potential scope. The IAPP estimates that more than half a million companies will be affected just within the U.S. — and there’s the possibility that the CCPA could hasten the creation of a national law. As California goes, the nation tends to follow.

To learn more about how your organization will be affected by the CCPA, check out Infosec’s free CCPA ebook: “California Consumer Privacy Act of 2018: What you need to know.


4. Privacy skills will help you stand out


An increased attention to privacy is shifting the foundations of the cybersecurity industry. Incoming infosec professionals trained with privacy in mind may have a leg up on job opportunities in the field.

“I think a lot of people have approached privacy backwards where they’re cybersecurity experts and now they’re trying to catch up on their privacy,” Peters said. “It’ll be interesting to see some of these new people in cybersecurity — if they come up with privacy and that’s the foundation they’re building their cybersecurity skills on. That is kind of a flip of what we’ve been doing, and could potentially be a big differentiator as you progress in your career.”

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Watch the full webinar to learn more about how privacy certifications may help your cybersecurity career.

Megan Sawle
Megan Sawle

Megan Sawle is a communications and research professional with 10 years of experience in cybersecurity, bioscience and higher education. Megan leads Infosec’s research strategy, leveraging study findings to mature its cybersecurity education offerings and build awareness of cybersecurity diversity and skill shortage challenges. Since joining the team, she’s directed research projects on a wide variety of cybersecurity topics ranging from dark web marketplaces and phishing kits to the Workforce Framework for Cybersecurity (NICE Framework) and the importance of soft skills in cybersecurity roles. Megan is a University of Wisconsin-Stout graduate, an avid equestrian and (very) amateur mycologist.