Editor’s Note: The author of this column is a lawyer at a large law firm.
Cybersecurity is booming — the market is expected to reach $170 billion by 2020 — and that means a growing demand for legal services. Law students are not only enrolling in classes dedicated to cybersecurity, but law schools now offer whole programs dedicated to the field. And of course law firms are responding to the demand for counsel by building or expanding their cyber practices.
Like most smart career moves, I fell into this career by accident and I’ve worked hard at it ever since. I was working as the chief staff counsel for Barack Obama’s first presidential campaign in 2007 when I first encountered “cybersecurity.” We were in the middle of the hot summer primary when I was informed that we had a data breach. That turned out not to be true, but the weeks I spent unearthing the facts and running down issues with law enforcement, our vendors, and our IT staff, were some of my most fascinating. After the campaign ended, I knew that this would be the field I would return to, which I did eagerly with positions in the federal government, civil society, and now in private practice.
My story of lateraling into my legal career in cybersecurity is probably not unique to most lawyers working in the field right now since most of us are too old to be considered digital, much less cybersecurity “natives.” But, however the cybersecurity practice grows, whether through mid-career shifts or law school recruitment, there are too few women lawyers joining the ranks. And that’s a problem — both for women looking to develop interesting careers, and for addressing cyber law and policy challenges with the necessary diversity of perspective.
With only 10 percent of women making up the information security workforce, there is a severe shortage of women in cybersecurity generally, and cyber law specifically. Anne-Marie Slaughter at New America is leading the effort to fix that, and she attributes part of the reason for the gender gap to the stereotype of cybersecurity as a profession for hoodie-wearing techies and macho military wonks, neither of which are inviting to many women nor do they accurately describe the field. Cybersecurity is a broad field involving a wide range of professionals — from sociologists and venture capitalists to bug bounty hunters and policymakers. In the cybersecurity legal field, the lawyers with whom I work are creative problem-solvers with acute attention to detail and deep analytical skills. Technological proficiency and national security expertise, while helpful, is not required, and more importantly can be attained even at a later age. And since cyber law intersects with so many other practice areas — intellectual property, litigation, and trade, just to name a few — there are various entry points to building a cyber practice. There are already too many challenges facing women progressing in their legal careers (see here, here, and here) for false stereotypes to hold us back from good and interesting cybersecurity jobs.
And not only do these stereotypes harm individual careers, they also disserve the cybersecurity challenges we face. One lesson of the last few years is that securing our companies and our families from cyber attacks is not something that will come through military might or security tools alone. Rather, it will take major shifts in law and policy, evolving international norms, and even altering our everyday, individual behaviors. Cybersecurity is something everyone needs to care about, and feel a responsibility for, and if stereotypes exclude women then those problems will be a lot harder to solve. So whether the motivation is bringing women into a hot legal practice or broadening our understanding of what it will take to solve our cyber challenges — reimagining “cybersecurity” as a field that is more than just a lone man behind a computer will benefit us all.