Event notes: Security and Privacy Careers with a Twist
Another event completed, this time specifically related to my current role, the very topical world of Privacy, an on ‘Security and Privacy careers with a twist’. It’s a very interesting time, watching the creation of the various roles relevant to the area, note to mention the skillsets diverging across different disciplines. Coming from a purely technology perspective, I’ve personally got many gaps that is super exciting to learn, develop, integrate into existing skillsets. Very interesting times as always: I plan on writing a lot more on the topic of ‘privacy’, how it’s currently viewed, how it’s currently being deployed in the online space, what I feel is right, what has been misunderstood, and what the unintended consequences have been and will be going forward.
As usual, my raw notes below. I’ll be integrating parts of these notes into some future write-ups so expect to see more through 2019….
* Emerald de Leeuw, CIPP/E, Founder and CEO, EuroComply. Masters in 2012 on GDPR.
* Maria Hyland, Former Security Program Director, IBM. Started a RED team and a Secure Engineering Team.
* Anna Morgan, Head of Legal and Deputy Data Protection Comissioner, Irish Data Protection Commission.
* Maria Murphy, Lecturer in Law, Maynooth University. Privacy Law, information and Data Protection Law. People considering drones and smart cities. Works with Irish council of Civil Liberties. A believer in Technology!
IAPP-EY Annual Privacy Governance Report 2018
IAPP DPO Board Report
Anna, Founder of WISP speaking. Works with Facebook. Started original group in San Fran a few years ago.
Not enough people in Cyber. You can grow those skills. If an interest, go to talks. Go on a course, find a mentor ship. Cyber is audit, soft skills, behaviour analytics, understanding what people will do.
Different profile of people changing. Technical skills becoming more important alongside soft skills.
Reading Legal is very helpful. Legal background but having ability that is required for law is very useful.
Diplomacy is key.
Privacy Engineering also very important going forward.
If people are scared of you, you can’t be DPO.
Resilience needed (and would put at top of list - Anna). Everything is Principles based. Need to be able to stand over what you’ve done. Convince general staff, senior management, etc.
Maria - big topics in cyber? They’re attacking people/staff. Training is key. Security is not an IT function, it’s everyone.
3rd party suppliers also a challenge. (see British Airways).
Companies trying to protect. The perimeter is dead. Mobility has changed it all, IoT, etc.
EY - lots of companies they’re in discussion highlighting pace of change in technology and regulation.
Maria: GDPR is principled based. Need to put meat on the bones: with more guidance. Huge divergence. IAPP doing a lot of good work here.
Ethics and Privacy Engineering. Emerald.
It’s really hard! A code of ethics globally is very hard. Should be discussed at boardroom level.
EU guidelines on trustworthy AI. But it’s only guidelines, even best minds can work out solution.
Likely the future is ethics.
DPC notes: Citizen mobilisation is growing. Individuals far more aware of their rights and a willingness to take on big companies. Orgs will have to change their approach.
DPC challenges: radical transformation since May. Cross border has had big implications.
Audience question: With a tech background, how to pick up the compliance aspect? IAPP, masters, etc.
Privacy lawyer working in tech on Machine Learning and AI. Do an undergrad in CS, then do Privacy. But a problem for girls! What could be done to encourage girls? Bringing teachers into tech industries/companies. A lot of challenge is awareness: teachers didn’t even know. There’s a ‘geek’ perception.
Complex environmental factors.
Privacy-friendly will be important going forward for consumers.