When looking at the cybersecurity industry from a jobs perspective, there is no denying demand for talent far exceeds supply. In May of 2017, Cybersecurity Ventures estimated “there will be 3.5 million unfilled cybersecurity jobs by 2021.” With so many lingering vacant job requisitions, who will step up with the skills and experience necessary to satiate the explosive need for cybersecurity talent in the United States?
One niche subset of the legal technology community is not only ripe, but actively preparing for a career transition that sets them on a course toward a future in cybersecurity. These are e-discovery professionals. The history of e-discovery, as a microcosm, reflects much of the wildly incongruent supply/demand in today’s cybersecurity career landscape.
As that industry commoditizes, opportunistic experts in electronic discovery are looking at cybersecurity as their next logical career path. Cybersecurity and information protection experts would be wise to respect and self-educate on legal technology trends and talent, specifically the electronic discovery industry, as these communities are headed for a collision that will forever entwine the two disciplines. Here’s how and why e-discovery professionals will affect and permeate the cybersecurity job market.
Legal is driving decision-making
As cybersecurity becomes as much a business problem as it is a technical problem, corporations will begin leaning on legal – both inside and outside counsel – to help steer the decision-making when it comes to cybersecurity investments in process, technology and people.
When a corporation gets sued, the first phone call is to legal counsel. The same has become true of getting breached. Practice groups specializing in data governance or information security are springing up in droves throughout the Am Law 200. Many of these attorneys are coming from enriched backgrounds in e-discovery law and are quite technically oriented. For both opportunistic and intellectually curious reasons, the practice of cybersecurity law has become the hot new way to pivot your legal career.
However, as more and more of these lawyers saturate the legal market, fewer and fewer practicing attorney positions will be available. The remaining nonpracticing attorneys (many of whom come with strong educational pedigree, crisp communication skills, ambition, personality and a desire to make a lot of money) will look to consultant positions in corporations and cybersecurity vendors. These individuals’ ability to bridge the gap between legal and IT will ensure they are sought after as cybersecurity continues to mature and requires more layers of midlevel project and process management.
Conversely, many lawyers have turned to e-discovery sales as a means to match their financial expectations without living the life of a partner-tracked attorney. Those same attorneys who sell ESI are now gunning for jobs in cybersecurity.
ESI sales shifting to cyber
The yearning of legal technology sales talent to sell offerings beyond e-discovery coupled with the rapid consolidation of ESI vendors has caused the beginning of an exodus of business development talent. ESI sales executives are hoarding into areas of tertiary discipline like cybersecurity, artificial intelligence, information governance and protection, the cloud and compliance. These markets have not matured yet in the same way e-discovery has, making them target verticals for transitioning legacy client relationships as well as spawning new ones. With legal advising on more of the decision-making, ESI sales representatives with relationships and influence in legal will become powerful assets for cyber service and software sellers.
In order to own the revenue downstream at times of litigation, e-discovery providers want to get stickier with their corporate clients earlier in their information creation and governance cycles. For discovery consultants and service providers, this means swimming upstream prior to discovery requests to collect, host, process and review documents and data. Over the last few years, e-discovery professionals have moved even farther left in procedural models to consult for and service clients on technology inventory, vulnerability and risk assessment, governance and compliance policy, cloud migration, breach prevention planning and cyberinsurance. If you are in the cyber services business, you are likely to start competing soon with e-discovery service providers.
The stakeholders within corporate procurement groups are often the same buyers for both ESI and infosec. Within corporate America, the C-suite and the general counsel’s office as well as outside counsel are getting involved in the purchasing recommendations and decisions related to cybersecurity and discovery, largely due to the enormous costs associated with both for failure to comply with regulatory, security and other standards. Having tremendous influence and history with legal stakeholders across the Fortune 1000 and Am Law 200, e-discovery sales professionals are forcing their way out of traditional “litigation sales” roles and aiming to control all the revenue associated with managing corporate client risk and data.
Forensic investigation to incidence response
Job availability is decreasing for forensic collections in discovery but growing in incident response. When comparing job responsibilities along the e-discovery (EDRM) and cybersecurity (CSRM) spectrums, forensic collection sits far left in one but far right in the other creating an immediate and applicable overlap between cybersecurity incident responders and discovery forensic investigators. This intersection is where e-discovery forensic professionals are looking to transition their career to cybersecurity.
Many corporations are internally converting forensic examiners into incident responders, largely because of the skill alignments but also because these professionals often already understand the corporate culture, network and location of data. ESI forensic talent is turning to certifying bodies to help them shift quickly to breach remediation work.
Guidance, maker of EnCase, has created the CFSR (Certified Forensic Security Responder) certification program to help forensic investigators transition to cybersecurity and incident response. Nuix, one of the two most widely used e-discovery processing applications, is also pivoting and even appointed cybersecurity expert, lawyer and former U.S. ambassador to Australia Jeffrey Bleich to its board to signal a greater focus on its cybersecurity products.
Forensic collection used to be a major revenue stream for e-discovery providers, but it is less so with increases in self-collection and steep declines in pricing for outsourcing. These players are now looking toward IR as an easy parlay into cyber.
Soon, e-discovery professionals, whether lawyers, forensic examiners, information governance consultants, project managers or sales professionals, will be seeking to fill the insatiable demand for cybersecurity talent. It make take many of them years to gain the skills, experience and certifications necessary to readily compete with the existing pool of talent in information security, but their self-education is already underway and undeniable.