Data privacy careers: Which path is right for you?
People's lives are increasingly moving online. Business is conducted within collaboration tools, transactions are made via e-commerce and social connections persist across a host of social platforms. While the Coronavirus pandemic didn't cause this societal shift, it did play a part in accelerating it. As the volume of data online grows, so does the concern over data privacy.
As a result, out of 194 countries, 128 of them, or 66 percent, have legislation in place for securing the protection of data and privacy, according to the United Nations Conference on Trade and Development. Another 10 percent currently have draft legislation. As the data privacy regulatory environment continues to evolve, organizations are working hard to comply and protect the information they hold, yet they struggle to fully understand how. This is where data privacy professionals come in.
FREE role-guided training plans
Gabe Gumbs is the Chief Innovation Officer for Spirion, a maker of data discovery, classification and protection tools for businesses to improve their data privacy, security and compliance efforts. He spends his days speaking with companies about their data privacy needs and says privacy and data protection are high on the priority list.
"There's certainly an opportunity for those that understand both the law and the technology to make a strong impact on our world," says Gumbs. "There aren't many out there."
Data privacy careers
There's extensive opportunity for someone seeking a data privacy career. LinkedIn offers over 119,000 open positions for "data privacy jobs" currently. There are more than 85,000 opportunities advertised on Glassdoor. One interesting aspect of a career in data privacy is the various paths professionals can take as they advance. For example:
- Data privacy specialists often manage day-to-day compliance tasks, including privacy assessment documentation like Data Protection Impact Assessments (DPIAs) required by GDPR.
- Data privacy managers may work to map organizational data flows, enhance data privacy training and awareness across an organization's business units and employees, and monitor and flag potential privacy risks and provide appropriate resolution.
- Data privacy analysts build solutions and automated controls that support the organization's privacy infrastructure for the more technically inclined.
As CIO, Gumbs and his team take a broad view of data privacy challenges and solve them for their clients with technology. Talking with so many practitioners gives him a unique vantage point that affords him insights on what's occurring within the field of data privacy, both now and what's to come.
Today, too many companies focus on applying controls at one point in the data lifecycle, Gumbs says. They may take particular care when gathering data but not take the same level of care in the middle stages when data is used. "You have to look at each step within the lifecycle of data from the time it's created, used, shared, archived and destroyed and apply the appropriate controls throughout each of those points of the lifecycle."
He also sees an even tighter integration between privacy and security than may be currently realized today. "You can't have privacy without security. I see a convergence of the two as the business functions and the technology functions are inextricably linked."
Data privacy skills a part of other tech jobs
As concern over the protection of data increases, technologists, in general, will also find data privacy skills beneficial — and likely lucrative. Analytics company Burning Glass provides real-time data on in-demand skills. Job postings requesting data privacy knowledge increased for cybersecurity engineers, technology consultants, network engineers, computer systems engineers, business management analysts and others.
Cybersecurity and data privacy are intricately linked, and the rationale behind encouraging data privacy skills comes directly out of the day-to-day. For example, when data crosses one of your data loss prevention technologies when you don't want it to, it's problematic from a security perspective, explains Gumbs. If that data went to a legitimate third-party, but a user has requested you no longer share their data with third parties, you now have a privacy violation.
"We need to be able to automate and orchestrate and understand when an alert such as that triggers," Gumbs says. "So, we take privacy and put it right into the middle of our security operations center (SOC), and we have a security and privacy operations center (SPOC). Long live the data."
Evolving privacy laws are also driving the need for data privacy skills among cybersecurity professionals. In a recent webinar on the topic, privacy is shaping the future of cybersecurity careers: Are you ready? Byron Johnson, channel sales manager at the International Association of Privacy Professionals (IAPP), said, "you may not need to be privacy policy experts, but any cybersecurity or information security professional absolutely should expect privacy to touch their job requirements meaningfully."
Landing a data privacy job
Various certifications will help demonstrate data privacy know-how for those seeking a career in data privacy or other technologists looking to round out their skills. Those with a focus on privacy include:
- CIPP/US and CIPP/E (Certified Information Privacy Professional) to understand the law and regulation based in the U.S. and Europe; the "what" of data protection in the U.S. and abroad.
- CIPM (Certified Information Privacy Manager) for implementing privacy in an organization and the "how" of privacy from a management perspective.
- CIPT (Certified Information Privacy Technologist) for implementing privacy in applications and systems and the "how" of privacy from a technology perspective.
- CDPSE (Certified Data Privacy Solutions Engineer) for IT professionals who work with technology and then store, collect and transports personal information.
Gumbs says his team at Spirion is also working toward the CEH (Certified Ethical Hacker) certification for a hands-on understanding of security principles. But certifications aren't necessarily required, in his opinion. "My approach to building out teams is balancing the overall skill sets. Our entire team this quarter is challenged to pick up their choice and explore," a topic he said.
To learn more about a data privacy career, watch the Cyber Work Podcast: Data privacy careers: GDPR, CCPA and the right to be forgotten with Gabe Gumbs.
What should you learn next?
Sources
- Data Protection and Privacy Legislation Worldwide, United Nations Conference on Trade and Development
- Developing your data privacy skills is key to many technology jobs, DICE
In this Series
- Data privacy careers: Which path is right for you?
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get free resources in your inbox!
Sign up for our newsletter and get free cybersecurity resources in your inbox every week. Prepare for your next cert, learn new skills, increase your salary and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity