Home > Knowledge > Blog

Should Doc Reviewers Consider a Career in Cybersecurity? Short Answer: Yes

Nov 2, 2022

By Sandy Ryan

“So,” a recent job applicant I’ve known for some time asked, “should I consider a career in cybersecurity?”

My palms begin to sweat. As the senior director of recruiting at Level Legal, I should be persuading this document-review candidate to join our crack team. No, of course not! I thought. That’s a terrible idea. You should do doc review for Level Legal instead!

But I just couldn’t lie to her.

“That’s a great idea,” I said. “It’s a helpful compliment to what you already know about document review and a very in-demand field because of data breaches.”

I begin wondering if I’ll still have a job tomorrow.

“I don’t know how to start,” she said.

“Let me look into it,” I said.

This post is the result of my promise and sums up the advice I passed on to my candidate.

My research of the cybersecurity job market confirmed my suspicions: Cybersecurity is a great career choice right now. Jobs are booming and likely will continue to do so.

But to my delight, I learned that doc review and cybersecurity aren’t mutually exclusive. In fact, both can be great plan Bs for lawyers who need an alternative career path, want a change of pace, or feel stuck in their current practice.

The Case for Cybersecurity

Here’s why a career in cybersecurity should be on any doc reviewers’ radar:

  • The need is great. While much of the legal market is slowing down, cybersecurity is accelerating. The number of unfilled jobs in this arena worldwide grew 350 percent between 2013 and 2021. This time last year, around 715,000 jobs were vacant.
  • And so is the payoff. Cybersecurity jobs boast a wide pay range, depending on how much education and training you’re willing to put in. For example, a systems administrator makes around $81,000, while an information technology manager makes north of $138,000. Secure a director or chief security officer role, and you’re looking at several hundred thousand dollars. Of course, you wouldn’t start as a CIO, but your future could look bright.
  • Training is inevitable. Attorneys who think they can avoid all cyber-things will be in for a surprise when mandatory continuing legal education makes it to their states. New York, for example, just implemented a one-credit CLE requirement, which takes effect July 1, 2023. Topics include ethical obligations and professional responsibilities regarding electronic data, protection of confidential or privileged information, client counseling, and funds-related issues. Bloomberg analysts predict other states will soon follow.
  • Potential fulltime careers deserve consideration. If you’re already involved in doc review and like the flexibility it offers, you can leverage that flexibility to pursue a cybersecurity career. Even if you don’t switch careers, knowledge of cybersecurity usually proves an asset in doc review projects.

How to Start

Doc review projects will exist as long as lawyers do. If you’re already staffed on a doc review project, maintain that steady income while you evaluate cybersecurity and obtain any necessary training. Then take these steps:

  • Research entry-level roles. To begin your cyber career, look for entry-level positions, such as security administrator, senior security consultant, or junior cybersecurity analyst. While attorneys with an IT degree or four years’ experience could also shoot for an information assurance analyst position, note these roles require a Certified Information Systems Security Professional (CISSP) certification.

  • Prepare for the next level. Once you have some experience in the field, look for mid-level positions like cyber auditor (good for those working in compliance with IT experience or a related degree), information security analyst (good for mid-level IT professionals), and director of information security, IT project manager/IT security engineer (a more advanced career path), and chief information security officer (the top level). As with entry-level positions, these more senior roles might require additional certification.

  • Obtain certifications. Begin with the CISSP. Certification takes about eight months and costs $749. You’ll need at least five years of experience in various cybersecurity domains, including e-Discovery.

  • Next, consider the Certified Information Systems Auditor (CISA). For more mid-level IT professionals hoping to advance their careers, this option requires at least five years of IT or IS audit, control, security, or assurance experience, and costs between $600 and $800.

Since cybersecurity requires both project management and eDiscovery – your route into the industry – check out certifications in project management or specific eDiscovery platforms like Brainspace and Relativity.

In fact, the more specialized your experience, the more marketable you become. That’s why Level Legal has created a proprietary database of contractors with hyper-specific skillsets, including particular state bars, specific databases, various languages, specialized areas of law (litigation, pharmaceuticals), eDiscovery software, specific document review practice areas such as cybersecurity, and specific doc review skills like 1L, 2L, ITAR, and redaction. This in-depth knowledge helps us pair the right candidates with the right customers.

Seen enough? Then get moving! Begin with a search for relevant contacts in your network who may be able to make connections for you. After all, around 90,000 cybersecurity jobs are open and waiting.

In the meantime, if you’re looking for a steady doc review project at a customer service-minded company, contact us. We’re always looking for great talent.

Sandy Ryan is (still) the senior director of recruiting at Level Legal. She was born a natural eDiscovery recruiter, although she took a circuitous route from the tiny island of Montserrat through the U.S. Army Reserve to become one officially. When she is not overseas with close family, she calls the East Coast home, often opening her home to share Montserrat’s national dish: goat water. Don’t knock it ‘til you try it.

Explore More
Close Modal

Our Framework

Understand.

During this phase, we work to step away from any assumptions and guesses about what our customers needs, and let our research findings inform our decision-making. We learn more about our customers, their problems, wants, and needs, and the environment or context in which they will use the solution we offer.

Our Framework

Define.

During the Define phase, we analyze our research findings from the Understand phase and determine what is the most important problem to solve — and why. This step defines the goal. Then we can give a clear problem statement, describing what our customers’ needs are that we are trying to solve, making sure that we heard and defined their problem correctly.

Our Framework

Solve.

This phase is an important part of the discipline in our process. People often settle for the first solution, but the most obvious solution is often not the right one. During the Solve phase, we brainstorm collaboratively with multiple stakeholders to generate many unique solutions. We then analyze our potential solutions and make choices about which are the best to pursue based on learnings in the Understand phase.

Our Framework

Build & Test.

This phase is critical in developing the right solution to our customers’ problem. An organized approach to testing can help avoid rework and create exceptional outcomes. Starting small and testing the solution, we iterate quickly, before deploying solutions across the entire project.

Our Framework

Act.

During this phase, the hard work of prior phases comes to life in our customers’ best solution. The research, collaboration, and testing performed prior to project kick-off ensure optimal results.

Our Framework

Feedback.

At the project completion, we convene all stakeholders to discuss what went well, what could have been better, and how we might improve going forward. We call these meetings “Retrospectives,” and we perform them internally as a project team, and with our external customers. The Retrospective is one of the most powerful, meaningful tools in our framework.

Next