From policy to practical: learning about cybersecurity and privacy

After years on the public policy side of privacy and data protection, I decided that before embarking on any sort of certification (CIPM, I got my eye on you) I wanted to solidify my understanding of these topics. While I’m very familiar with the policy side, I worried that my practical knowledge was lacking so, I signed up for a course from UDLAP Jenkins Graduate School on Cybersecurity and Data Protection.

?It all seemed well until the first class when the coordinator, nonchalantly, stated:” those who are lawyers will struggle a bit in the first section, while those who are engineers will struggle a bit more in the second half when we go over the legal aspects.”

A thought flashed through my mind: “Well, I’m neither. This should be interesting.”

I felt intimidated but, I had already paid the first installment and if there is anything that I am, more than determined, it’s cheap. Several months later, just past the midterm, I’ve?realized the following:

1. I already know a lot of this…

For the record, there’s a lot I did not know, yet, surprisingly, a lot I did. It turns out, that random bits that I’ve picked up over the years, actually connect and have given me a fairly solid base to build upon. Turns out obsessive research, copious notes, and a good memory goes a long way.

2. It’s all rather logical ( albeit confusing)

The practical side of cybersecurity and privacy has always intimidated me as concepts like “architecture” or “governance models”, seemed incredibly complex. Yet, as I’ve gone deeper, I’ve realized that much of it is based on applying structures, processes, and learning from previous experiences. It’s all very logical. Yes, it’s hard and complex, but not impossible and out of reach.

3.?Struggling is a part of the learning process

Truth is, I’ve struggled. There are several aspects of the NIST/ ISO 27,000 (and other technical cybersecurity concepts) where I’ve had to read a document several times to even begin to understand. I’ve come to accept that this is okay for where I am right now. It’s like when I started college when I was suddenly bombarded with new terminology that I had to always be double-checking to make sure I was grasping its meaning, but slowly and surely, things begin to build up and make sense.?Granted, while I do have a solid base to go on but, I have to get used to the fact that at this stage, there is a lot more that I don’t know than what I do.

4. Passion is crucial?

A lot of what I already know, I first came across not because of work or my Master’s thesis but, rather because I went down the rabbit hole of a particular topic, often without a clear goal. As I go deeper into the application side of cybersecurity and data privacy space, I’m discovering that my interest in these topics is what is helping me as my thirst for a better comprehension of these topics is pushing me to go the extra mile and helping me get a better understanding of this space.