Zach Heck lucked into it, but he doesn’t mind one bit. The 2014 Indiana University Maurer School of Law graduate began his career at Faruki Ireland Cox Rhinehart & Dusing in Dayton, Ohio, where he knew he wanted to practice litigation. But something began to happen: Heck found himself litigating an increasing number of cases involving the Fair Credit Reporting Act and other data-related issues. “We saw a need emerge,” Heck said, “and soon we began building a privacy practice, dealing with issues like HIPAA, financial institutions and data breaches.” When a colleague moved to the Dayton office of Taft Stettinius & Hollister, he recruited Heck to come with him. In just a few years, they’ve built up a privacy practice that is responding to some of the most pressing issues of our time.
Heck is one of a growing number of professionals — including a significant number of attorneys — in the cybersecurity and information privacy sectors. A recent Bureau of Labor Statistics report estimated a near 30 percent growth in coming years for information security professionals, far outpacing most other job types. While Indiana University has long recognized the importance of data security and privacy, multiple new initiatives are ensuring that the next generation of chief information security officers, systems analysts, privacy professionals and others will come from our law school.
One of the ways the law school is leading the way is through the university’s new master of science in cybersecurity risk management. That degree program combines the resources of three of IU’s top-ranked schools — the Kelley School of Business, the School of Informatics, Computing, and Engineering and the Maurer School of Law — to provide students with a broad range of courses that prepare them for a world where technologies evolve faster than the laws and policies that govern them. The program’s interdisciplinary approach enables students and practitioners to identify and learn to mitigate cyber threats in their chosen career.
Though still in its infancy, the MS program has become popular. With the ability to earn a graduate degree in two years or less, students are seeing the benefit of joining the program. Currently, more than 50 students are enrolled in the master’s program. The program can be completed on-campus or online, and it includes a capstone project in service of a real-world client.
One of the students in the program is Jose Camacaro Latouche, a device management systems engineer for the university by day, an emerging cybersecurity pro by night. Latouche came to the United States more than a decade ago to pursue a degree in information technology at Broward College in Florida. He knew early on he wanted to work with computers, and the program he completed only increased his interest in doing something that was both challenging and rewarding. Latouche helps ensure the security of devices across Indiana University, including at the law school.
“I was evaluating the possible career paths with my technical skills and my desire for advancement in computer security,” Latouche said, recalling how he ended up in Bloomington. “The forecast for job growth and demand in both information technology and cybersecurity sectors were — and continue to be — exponentially intertwined, so I wanted to solidify my foundation with a master’s degree toward that future.”
Although cybersecurity issues are often mistakenly assumed to be primarily technical, law and policy issues play a critical role. Significant cases and proposed state and federal legislation this year will shape how companies respond to and attempt to mitigate cybersecurity and data privacy risks. And that’s where our law school comes in. Cybersecurity law and policy are beginning to develop, and the demand for cybersecurity professionals with legal training is dramatically increasing in the private and public sectors at the local, national and international levels.
In addition to the MS degree, the law school offers two graduate certificates: one in cybersecurity law and policy and one in information privacy law and policy. These 12-credit-hour certificates are open to everyone from graduate students to established professionals. Should the certificate holder wish to go further, those 12 hours count toward the 30 credit hours required to earn the MS. The law school also offers a dual JD/MS in cybersecurity, one of the first in the nation. We already have a dozen students pursuing either the dual degree or the graduate certificates. These options are well-designed for students who want a rigorous, interdisciplinary education in cybersecurity and information privacy.
For law students, developing a basic knowledge base in those areas is also possible without committing to a dual-degree or certificate program. The law school offers more than a dozen courses and seminars taught by faculty members such as Fred H. Cate, David Fidler, Ian Samuel and Joe Tomain, who are as known as much for their teaching abilities as they are for their research, scholarship and national engagement. Cate is the founding director of the university’s Center for Applied Cybersecurity Research and currently serves as IU’s vice president for research; Fidler is an adjunct senior fellow for cybersecurity with the Council on Foreign Relations; Samuel is one of the country’s rising stars in cybersecurity and the federal courts, hosting the popular First Mondays podcast about the U.S. Supreme Court; and Tomain is a noted First Amendment media and communications scholar.
The law school, and Indiana University more generally, has emerged as a recognized leader in the fields of cybersecurity and information privacy over the past 15 years. The Maurer School of Law is pleased to be playing a key role in the growth of these important new degree programs, and proud that many of our graduates are becoming tomorrow’s leaders in cybersecurity and information privacy.
More information on these programs is available at law.indiana.edu/academics/cyber-certs.•
• Austen L. Parrish is dean and James H. Rudy professor at the Indiana University Maurer School of Law. Opinions expressed are those of the author.