Cybersecurity & Privacy Law Certificate

This summer I decided to challenge myself and take a Cybersecurity & Privacy Law Certificate program at Mitchell Hamline School of Law online. I heard about this certificate program through the Blacks in Technology slack channel and read more about it in their blog post. After doing extensive research on GDPR for a work-related project, I started to get infatuated with privacy law and fell down a rabbit hole of even looking into a dual masters program for Cybersecurity and obtaining a Juris Doctor. When I saw the post about the certificate program I thought maybe it was a sign that this might be the career direction I would like to go in, my plan was to do the certificate program and see if I want to fully commit to taking the LSAT and going to law school.

Disclaimer: I am writing this blog because I could not find any information about Mitchell Hamline’s Cybersecurity and Privacy Law certificate program before enrolling and I hope that this helps anyone interested in the program will find this blog helpful.

About Mitchell Hamline’s Cybersecurity and Privacy Law Certificate:

• Cost $7,500, this program also does not qualify for Federal Financial Aid.
• Anyone can enroll in the program if you live in an eligible state.
• Grading for course is on a Pass/Fail basis, there is a final exam for each course, a 75% is needed to pass the course. Pretty simple and straightforward.

Courses:

• Information and Privacy Law
• Information Governance and Security Risk Management
• Information Technology Systems and Security Controls
• Incident Management and Response
• Liability and Enforcement Authorities

Advice

• Do Not:
• Take on this certificate program if you do not like to read, be prepared to spend a few hours reading through course documents.
• Take this course if you do not have proper time management skills, some courses are only two weeks and that could include eight modules to go through in two weeks, make sure to set aside time in your schedule to dedicate to course work.
• Do:
• Go in with a positive mindset and be ready to learn.
• Ask questions (there are class discussion boards to ask further questions and also instructors are great at responding back to you in a timely fashion).
• If you have the time, do the optional assignments provided in each course it helps with applying and practicing the information you learned.
• If you are already in the Cybersecurity career field I think this is a great program because it expands your knowledge further from a legal angle.
• If you are transitioning to Cybersecurity this is a great course to get introduced into the field.
• I learned a lot about Privacy Law this is a great program to familiarize yourself with what Privacy Law is, especially International Privacy Law.
• The course content talks a lot about incidents from 2014, I would love to see recent data breaches such as Equifax deciphered.

My personal opinions of the courses in the program

Information and Privacy Law

• Out of the five courses that were offered in this program, I can honestly say this was the hardest courses for me to comprehend the information being taught. This course teaches you about the United States federal privacy laws from a commercial perspective. A lot of the information being taught I was not familiar with in detail; I could tell you what GBLA stands for but not who enforces and what sector falls under its jurisdiction. The course also went into a little detail about international privacy laws nothing too in-depth but still good information.
• Course Takeaways:
• I am able to apply privacy laws to different industries.
• I learned about each privacy law for the U.S in-depth; I had the general overview of a privacy law but not the legal do’s and dont’s of each privacy law.
• I can now tell you what national laws regulate the collection and use of personal data, who the laws apply to, what data is regulated, notification requirements and data subjects rights when it comes to their personal data.
• What questions an organization should ask when developing a privacy policy.
• International privacy laws other than the EU’s GDPR.

Information Governance and Security Risk Management

• This course was a lot easier for me because I currently work in governance in Cybersecurity, a lot of the information I practice everyday in my job duties. A great introduction to Cybersecurity overall and showing the importance of data governance. This course also goes into detail about security practices, policies, third party audits and assessments, and security frameworks. Warning: there will be a lot of information to soak in.
• Course Takeaways:
• I learned about security frameworks I do not currently use in my current job industry, I like this because I know I will need this knowledge later on in my career.
• If you are interested in learning how to draft an Information Security Policy and the development process behind policies this course is a perfect introduction.
• Strategies for Third Party/Vendor risks
• Risk assessments (Types of assessments, risk process, and risk decision making).
• Cyber Insurance
• Learning about the System Development Life Cycle process.
• How to build a cybersecurity and security awareness program.

Information Technology Systems and Security Controls

• This was my favorite of the five courses because the learning style was different, instead of a multiple choice final exam, there are discussion posts. The instructor makes sure that you understand the course content you are learning with the discussion posts that are required for the course. The final exam is also a discussion based format for passing, so make sure you really understand the content.
• Course Takeaways
• I liked that the instructor gives you a detailed overview of security models and security controls at the beginning of this course. This information helps with understanding the case studies as the course progresses.
• Be sure to dedicate more time to this course for the case studies because it will help you in the long run for passing.

Incident Management and Response

• This was another course that I found easy because I currently practice Incident Response as apart of my job duties. The course does a great job of walking you through incident response, identifying an incident, being able to decipher an incident vs. a breach and post incident strategies. Warning: there will be a lot of information to soak in.
• Course Takeaways:
• Very very very detailed on incident handling testing and training.
• You will learn about incident response policies, plans, and management.
• Incident Management and Response Lifecycle
• Identifying a risk and a core incident response team.
• Investigating incident and post incident management.
• There is a video lecture about mobile security which I found to be really interesting.

Liability and Enforcement Authorities

• Alright, this was the second hardest course when it comes to course content. This course taught me things I did not know already so that’s probably why I found it so difficult when trying to retain the information. This course goes into detail about dealing with the legal liability organization face after breaches.
• Course Takeaways:
• You will learn about crisis management
• A really good case study is provided for understanding the financial and non-financial losses organizations face after a data breach.
• A guide for business on security to help mitigate data breaches.
• Shareholder liability

Overall a great experience; but I still have not decided on committing to going to law school.