The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Paula deWitte - Texas A&M University

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

The Need for Legal Education within a Cybersecurity Curriculum

Sep 22, 2021

Download: Video Icon MP4 Video Size: 645.4MB  
Watch on Youtube Watch on YouTube


Anecdotally, most cybersecurity curricula is based on the technical aspects of protecting, defending, and responding to cyber attacks.  While these courses establish a solid foundation in the technical aspects of cybersecurity, what is often missing is establishing a foundation in cybersecurity law. Every individual who puts their hands on a keyboard operates within an uncertain ethical and legal framework. What we do not need is the type of education to produce more lawyers, but rather the type of education to produce more legal-savvy technical workers. Today's tech workers are exposed to more personal information as well as intellectual property – both targets in cyber attacks. They are expected to protect critical infrastructure and design with security "built in." Yet, we do a poor job teaching the legal requirements as well as limitations imposed by law on building in privacy protections.

For the past four years, the speaker has taught Cybersecurity Law & Policy to several hundred computer science and engineering students as well as those from business, architecture, technology management, and government policy. I began this course by conducting a data analytics exercise on the NIST NICE Framework to determine what work roles require legal training. The results were quite surprising as even very technical roles such as Threat Analysis and System Architecture require knowledge of laws, policies,and ethics as they relate to cybersecurity and privacy as well as knowledge of investigations.  The feedback from graduating students who take on cybersecurity roles is that they are uniquely qualified to understand the necessity of compliance within their respective roles.

This presentation will discuss the basis for legal education as well as a roadmap for how to incorporate such legal education within a cybersecurity curriculum to build the workforce necessary for the current cybersecurity environment.

About the Speaker

Paula deWitte
Paula S. deWitte, J.D., Ph.D,. P.E., is an Associate Professor of Practice in the Computer Science and Engineering Department at Texas A&M University, College Station and the Maritime Business Administration Department at Texas A&M University, Galveston where she is building the maritime cybersecurity program. As well, she is an Adjunct Professor of Law at the Texas A&M University Law School, Fort Worth.  She is a licensed attorney (Texas) and a registered patent attorney (USPTO). She holds a Bachelors and Masters from Purdue University where in 2015 she was honored as the Distinguished Alumna in the Department of Mathematics, School of Science.  She obtained her Ph.D. in Computer Science from Texas A&M University (1989) and a law degree from St. Mary's University (2008).  She holds a patent on drilling fluids optimization [US Patent US 8812236 B1]. She teaches Cybersecurity Law, Cybersecurity Risk, and Marine Insurance Law. Her research interests are in those areas as well as in building resilient systems especially in the supply chain.

Ways to Watch


Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!