Starr McFarland talks privacy: 5 things to know about the new, online IAPP CIPT learning path
Infosec has launched a new IAPP CIPT learning path exploring the intersection of technology, data security and policy. If you’re like Infosec Instructor Starr McFarland, with multiple interests and a desire to protect the public, this might be your perfect path.
“I have two sides,” says Starr; “I really love the techie side, and I love the law side and blending those in this path is fun.” Data privacy is not only fun for Starr, it’s fundamental for preserving our autonomy as individuals living in an ethical society.
To illustrate the importance of privacy and the misuse of data, Starr sites a 2016 internal prominent social media platform study that found that 64% of users who joined extremist groups on their platform did so because the platform itself suggested them.
Privacy is a public concern. Earning a Certified Information Privacy Technologist (CIPT) is a career enhancer, with benefits exceeding the personal and protecting us all. We spoke with Star McFarland about her new learning path, her passion for privacy and her advice for getting into the field.
What is the IAPP CIPT path about, and how does it compare to the CIPP?
Starr: This path prepares you to earn the CIPT, the globally recognized privacy and technology credential from the International Association of Privacy Professionals (IAPP). It’s a good opportunity to take the techie side of things and the law side and see where they connect and how they work together to protect privacy for our users. At the same time, the CIPP path helps you further your organization’s goals and meet its needs.
Along with the CIPT, I also hold the CIPP/US. That certification is more law-heavy, with an overview of the technical side of things because you want to know how those will play into the laws you have to adhere to. CIPT is the opposite of that. It’s more the technical side of things with a little bit of the law. The two complement each other well.
Who is this path for?
Starr: It helps to have a basic understanding of networking, security and the web before taking this path. Still, even if you don’t, this path could apply to Legal professionals and those who are more on the process side of things, who want a better idea of the technology that supports the laws and processes they’re working with.
Privacy engineers and even DevOps could also benefit from this path. They’re probably already going to have the security side rooted, but it will help them see how privacy applies to their roles. Additionally, this path is helpful if you’re in management or at a level where you’re not necessarily hands-on, but you need a broad view of how the tech, data security and policy all work together.
What will students learn in these courses?
Starr: You’ll get a background in privacy theory, a short overview of the legal and privacy governance issues and a broader overview of different technical issues and frameworks. We’ll cover threats and violations, privacy by design, data management strategies, encryption and more.
It’s not so much — this is how you implement these specific security features. It’s more of, these are the security areas that you need to be mindful of, this is a general overview of how encryption works or this is an overview of privacy roles in IT. You’ll also get tips on passing the CIPT exam and practice materials.
What advice do you have for breaking into cybersecurity or best practices for those in the field?
Starr: One answer to that question is, do this! By that I mean, producing and sharing content of value. I got interested in privacy and security, earned a couple of certifications, was contacted by Infosec to create this path and the opportunity has opened doors. I suggest creating something helpful, perhaps even a social media post, that you can provide to others.
More generally, I would say, study as much as you can and find the relevant certifications for the area you want to go into. In particular, the IAPP certifications are well known and sought for privacy.
Why are you so passionate about privacy?
Starr: We’re moving into more of an understanding, generally in our culture, of the effects of the use of data. People are paying more attention for a good reason. I think some of the polarization that we have currently is because we can so granularly observe people and feed them information that reinforces the bubble that they’re already in. Then we don’t even see the other bubbles because everything gets so narrowly focused.
This, to me, is fundamentally the biggest reason that I’m passionate about privacy. It sounds a little extra, but I think that our society depends on privacy and on how we handle our data.