Cybersecurity programs keep pace with technology

Marilyn Odendahl • modendahl@ibj.com

In his practice at Mallor Grodner in Bloomington, attorney D. Michael Allen is seeing more and more cases that have a digital component.

Clients who are victims of cyberattacks, people who have lost money because of an online scam and businesses that want to be sure they are complying with data protection laws have all come to him for guidance. The issues of cybersecurity, digital privacy and data collection were not part of his legal education when he graduated from Indiana University Maurer School of Law in 2000, but as technology has become more pervasive, Allen has had to learn on the job.

To boost his knowledge in this area, Allen also has returned to the classroom and enrolled in the cybersecurity master’s program at his alma mater.

The course is one of a handful of degree and certificate programs focusing on cybersecurity offered by IU Maurer. Law courses mixed with a few computing classes complete the requirement for the certificate program, while the master’s degree draws upon classes in the law, computing and business. Enrollment is open to both law students as well as working professionals.

Joseph Tomain, lecturer at IU Maurer, teaches two sections of information privacy offered in both the certificate and master’s programs.

In his classrooms, Tomain has witnessed how the growth of digital devices and data collection has brought new interest to privacy. Tomain remembered students taking his internet law class in 2009 did not understand the concerns over keeping personal information from public view, but his students today are aware because they see almost daily data breaches and cyberattacks.

Tomain capitalizes on the unique aspect of his course, which is that students can think about the law not only as it exists, but also what it could be in the future. They have the opportunity to decide what the law ought to be, he said.

William Boger III helped craft a cyber law through his work on the federal Cybersecurity Internet Sharing Act of 2015. The senior vice president and chief legislative counsel for the American Bankers Association, Boger recalled the experience as being thrown into the world of technology and struggling to understand information technology professionals.

To gain a footing, he enrolled in the IU Maurer cybersecurity master’s program. He has logged on to the courses from his home on the East Coast and has learned how to walk the talk in his job.

“At the end of the day, I’m not going to be a coder or an IT person or a chief information officer of a company,” Boger said. “But (the program) does help me understand the processes and what those folks do, which helps me represent them.”

About 14 have graduated from the master’s program and six from the joint J.D./cybersecurity master’s program. Another 79 are enrolled in the master’s program and eight in the J.D./M.S. program.

Tomain noted 90% of the graduates have landed jobs associated with their cybersecurity training, such as chief security specialist and information policy analyst. He sees the numbers as evidence the program is giving students an understanding of the complex and constantly changing area of law.

He credited Fred Cate, law professor and vice president for research at IU, and Scott Shackelford, affiliated professor of law, for their work in creating and leading the successful programs. Still, Tomain cautioned, students should be careful of their motivations for enrolling.

“It’s a fun area of the law,” Tomain said, “but it has to be something you want to do and are not just doing because of the job opportunities.”

Chicago attorney Tracey Dillon enrolled in the cybersecurity certificate program because she was looking to take a new path in her legal career. At a law firm, the Purdue University graduate had built a practice in commercial and civil litigation, but she was growing tired.

So, Dillon registered for Tomain’s information privacy course and became corporate counsel for a health care tech company. She confessed she was nervous about returning to the classroom nearly 20 years after graduating from Northern Illinois University College of Law but has become invigorated by her studies.

Tomain videotapes the information privacy classes that he teaches on the Bloomington campus. The cybersecurity students downloading the lecture later see the session as it was filmed live and have a front row seat to the interaction between the professor and law students. Underscoring the rapid change in technology, the students’ required reading is supplemented by news stories, law journal articles and judicial opinions.

Dillon has particularly liked watching the classes and hearing the perspectives of the J.D. students. She enjoys their input but sometimes, she said, she wanted to raise her hand and tell them how the law works in practice as opposed to theory.

Allen has completed about half of the master’s coursework and is just starting the computing and technology bootcamp, an intensive dive into computing, data networking and cybersecurity technologies. Already he has been able to parlay what he has learned into his legal practice.

He recalled being able to recover the money a client had been duped into wiring as part of a phishing attack. Another time, he helped another victim by working with law enforcement across multiple states.

“I’ve had the exposure in class, so I know the legal framework and I’m up to speed when a client comes in the door,” Allen said. “Or I at least know the questions to ask.”

Originally published in Indiana Lawyer.