Cybersecurity professionals of all types are in high demand. From security analysts to pentesters, the need for employees trained and qualified in this field far outstrips the current supply. This skills gap includes those individuals qualified to work in cybersecurity law.
As the frequency and severity of cyber breaches increase, so does the political pressure for legislation to protect personally identifiable information (PII), proprietary information, and intellectual property. The need to understand and adhere to new and changing laws and regulations creates a thriving market for cybersecurity legal expertise. Cybersecurity regulation compliance is crucial to business success.
Working in cybersecurity law will require specialized education. This guide will outline the various options and requirements for those wishing to work in this specialized field of law.
Degree program options for cybersecurity law
There are essentially four graduate degrees that qualify an individual to work on the legal side of cybersecurity. These are an MLS, a J.D., an LL.M., and an S.J.D. These are discussed in order from the least amount of training needed to the most amount of education required below. The main focus of this guide will be the LL.M. degree with a concentration in cybersecurity. It is the most beneficial law degree for students aspiring to become practicing cybersecurity lawyers.
MLS (Master of Legal Studies) is a master’s degree that provides a firm working knowledge of the law and concentrates on compliance, legal research and analysis, risk management, ethics, and professional standards. Earning an MLS does not allow the graduate to practice law. There are, however, many employment opportunities within private corporations for which an MLS is sufficient. Graduates will typically find these opportunities in risk and compliance departments as legal assistants or paralegals.
A Doctor of Jurisprudence (J.D.) program provides students a broad understanding of the law. With a J.D., graduates are permitted to practice law in the United States after passing a state bar examination and obtaining a law license. As the minimum requirement for practicing law, law school J.D. curriculum does not usually include courses specific to cybersecurity law.
A Master of Laws (LL.M.) degree is an internationally recognized post-Juris Doctor (J.D.) law degree. To be awarded an LL.M., US domestic students must already hold a J.D. degree, and international students must have a Bachelor of Laws (LLB) or its equivalent. LL.M. degrees focus on a specific area of the law, providing students with the experiences and expertise to become an expert in that area. Cybersecurity concentration provides law students with a sophisticated understanding of the legal, policy, and technical structures associated with cybersecurity.
Graduating with an LL.M. in Cybersecurity Law and Data Privacy will prepare a student for a job practicing law in the fields of cybersecurity and information privacy, or any area that deals with high-value or confidential information. Lawyers with LL.M. degrees work at law firms, for the government, or as in-house counsel at corporations.
The highest degree offered in the field of law is the Doctor of Juridical Science (S.J.D.). It is equal to the Doctor of Philosophy. The National Association of Legal Professionals states that the S.J.D. is “the most advanced law degree that would follow the earning of the J.D. and LL.M. degrees.” Most schools require an LL.M. before admission to an S.J.D. or a Ph.D. law degree program. Like the Ph.D., the S.J.D. degree generally requires a graded dissertation, orally defended and then often published as a book or series of articles.
Considerations for choosing the right cybersecurity law degree program
Not every law student will have the available time or access to the required financial resources needed to pursue an LL.M. in Cybersecurity. If a student’s situation dictates that they take a progressive approach to their legal studies, they may wish to begin with an MLS. An MLS will often provide the graduate with the opportunity to work in a legal department for and with lawyers that specialize in cybersecurity. This strategy can provide valuable experience, but it should be noted that while there are some part-time and online J.D. and LL.M. programs, many programs require students to attend full-time in-person (when in-person classes are open). Beginning with an MLS presents a danger that additional education will become difficult if life circumstances do not allow the student to attend law school full-time. Going back to school is often more difficult than staying in school.
A common route to a job in cybersecurity law is to obtain a J.D. and pass the state bar exam. This common strategy will allow the graduate to practice law broadly while gaining specific cybersecurity experience in the workplace. After some time in the workplace, a licensed lawyer may petition to take a hiatus from work to return to law school and get an LL.M. or find an online LL.M. option.
The most direct route to becoming a practicing cybersecurity legal specialist is to continue in law school for an additional year after completing a J.D. to get an LL.M. This is the preferred strategy for students that have the available time and financial resources. Education advisors recommend the LL.M. degree, especially for those students wanting to specialize in global cybersecurity law or work in cybersecurity law for an international firm.
The LL.M. is the degree of choice for career advancement and international credibility, particularly in today’s competitive and globally focused legal environment. Early- and mid-career lawyers often pursue the LL.M. when looking to expand their proficiency in a specific area of law, such as cybersecurity.
The final option to consider for cybersecurity law education is obtaining an S.J.D. This degree should be a consideration for students that intend to invest their careers in cybersecurity research or academia.
Cybersecurity law school admission requirements
After completing the requirements for a J.D. degree, students can apply for admission to their law school’s LL.M. program. These are typically one-year programs that require full-time attendance.
The University of Texas at Austin Law School (Texas Law) LL.M. admissions and curriculum requirements are similar to many other law schools. They can be used as a guide to what students may expect in these areas.
Texas Law requires students to complete at least 24 semester hours of credit and keep a minimum grade point average (GPA) of 1.90 to be awarded an LL.M. degree. Students must maintain a GPA of at least 1.80 to continue in the program. Students who fail one class are placed on scholastic probation. A student who fails two courses in a single semester will be dropped from the program, regardless of the student’s GPA.
Cybersecurity law degree curriculum
Texas Law provides an excellent example of the curriculum requirements for an LL.M. degree with a concentration in cybersecurity law. Like many other law schools, Texas Law does not accept transfer credits in the LL.M. Program. Students currently in another LL.M. program may apply to the Texas Law LL.M. Program but must take the required 24 credits.
- Students must complete a total of 24 credit hours in one academic year.
- 12 concentration-specific credit hours.
- A three-credit writing seminar or a two-credit directed research project.
- Constitutional Law for Foreign Lawyers. (This is a requirement for students with a foreign law degree. Students with a background in common law may request a waiver from this requirement.)
- Non-US J.D. students interested in taking a US state bar exam will also be required to take specific bar-required courses to be eligible to sit for the bar exam.
All Texas Law LL.M. in Cybersecurity students must take the following courses:
- Cybersecurity Law & Policy — This course surveys the landscape of legal, policy, and institutional-design issues associated with cybersecurity, ranging from litigation and regulatory matters to hostilities in cyberspace.
- Technology of Cybersecurity, An Introduction for Law and Policy Students – This course provides a tailored introduction to key technical concepts associated with cybersecurity.
- Writing Seminar, Emerging Cybersecurity Legal and Policy Issues — This seminar engages an evolving array of cutting-edge legal and policy issues related to cybersecurity, including a variety of guest speakers.
- International Law of Cyber Conflict — This course explores the application of international law to state-sponsored cyber activities.
- Privacy Law — This course examines U.S. and foreign legal regimes for the protection of information.
The University of Southern California (USC) cites the outcome for their LL.M. in privacy law and cybersecurity degree curriculum as follows:
- Evaluate, manage, and mitigate risk associated with the acquiring, storage/retention, use, sharing, and disposing of data.
- Identify privacy and data protection issues across various sectors.
- Understand the legal aspects of cyber risks in different business sectors, including legal issues with computer hacking crimes, identity theft, internet fraud, malware and phishing offenses, and civil torts.
- Identify threats to cybersecurity and the necessary compliance frameworks for cybersecurity.
- Communicate effectively about privacy and data protection issues.
- Demonstrate solutions to relevant stakeholders such as customers, end-users, suppliers, vendors, regulatory authorities, and others.
Cybersecurity law school tuition
Law school is by no means a low-cost proposition: the overall earning potential and cultural status associated with being a lawyer commands premium tuition rates.
The following list represents the top 10 best law schools as reported by US News & World Report along with their full-time annual tuition.
- Yale University – $66,128
- Stanford University – $64,554
- Harvard University – $67,081
- Columbia University – $72,465
- University of Chicago – $66,651
- New York University – $68,934
- University of Pennsylvania (Carey) – $67,998
- University of Virginia – $63,200
- Northwestern University (Pritzker) – $66,806
- University of California–Berkeley – $52,017
American Bar Association-approved law schools usually require three years of full-time study to earn a J.D. An LL.M. in Cybersecurity degree will take another full year.
Students planning to attend one of the top ten US law schools to earn a J.D. and then an LL.M. in cybersecurity in four years can expect to pay total tuition of over $262,000 on average.
As noted on Nerd Wallet, “Most law school scholarships come from law schools themselves to attract the best candidates. But private awards are available, and taking the time to apply could reduce the amount you borrow for your J.D.”
Cybersecurity law career outlook
While not explicitly required for an LL.M. in cybersecurity law degree, many experts recommend that a job applicant have at least a basic knowledge of cybersecurity principles. Taking undergraduate courses in IT and information security is a good investment for aspiring cybersecurity legal professionals. Obtaining an IT-related certification demonstrates a basic understanding of cybersecurity and computer networks. Studying for the certification will provide students with a conceptual framework of how IT professionals manage security risks and mitigate vulnerabilities.
The US Bureau of Labor Statistics (2019) projects that employment in computer and information technology occupations will grow 12 percent from 2018 to 2028, much faster than the average for all occupations. Research indicates that the global cybersecurity market will increase from $85.3 billion in 2016 to over $187 billion in 2021. A global surge for jobs in the field is expected.
Cybersecurity Ventures predicts there will be 3.5 million cybersecurity job openings by 2021. Many major law firms have begun to establish cybersecurity law practices. Graduates of LL.M. programs will be employable across every industry – both public and private sectors – as consultants, chief security officers for businesses, and government.
The USC Gould School of Law suggests that there are five careers that an LL.M. graduate can pursue. Of those five, Law Firm Partner is most applicable for a cybersecurity concentration. According to PayScale, the median salary for law firm partners in the United States stands at $179,953. Bonuses and profit-sharing agreements can significantly boost wages to more than $400,000 a year.
In late 2017 The National Jurist wrote that for “law firms with fewer than 50 lawyers, the median salary for first-year associates was $90,000, half of what their big law firm counterparts in major markets are making. At firms with more than 700 lawyers, the median starting salary came in at $155,000.”