State of the Industry: e-Discovery and Cybersecurity

The magnitude of the cybersecurity industry's potential is amplified in the day-to-day news media's use of the word “cybersecurity” and the total absence of the term “e-discovery” in their vocabulary. Cybersecurity has become a household name while e-discovery remains a term used by people within its narrow but deep network of industry professionals. Your average American does not know what e-discovery is; does not know what data processing, hosting and production mean; does not know what FRCP, EDRM, or 26f stand for; and perhaps more importantly, they do not care.

Quite to the contrary, everyone knows about cybersecurity. It's a household word made famous by any one of the mainstream media coverages of recent years: Sony, Target, Anthem and, most notably, the DNC hacks. It's a word people now feel affects their lives despite being a concept that has been culturally embedded in our social consciousness for some time. Cybersecurity, unlike e-discovery, is a word first made famous in fiction and now metastasized into reality. (For a video montage to show just how big the disparity is, see, “e-Discovery and Cybersecurity in the News.”)

In 1995, a series of films hit the market that began a wave of cinema to follow focused on characters and stories related to computer security and data and identity theft: The Net, Hackers, Ghost in the Shell and Johnny Mnemonic. More recently, Mr. Robot, a USA Network original series mirroring the Anonymous movement of the early 2000s, shocked the world and won the Golden Globe for Best Drama. The Social Network, the film chronicling Facebook founder Mark Zuckerberg, whose empire was born from a hack of Harvard's student database, won the Academy Award for Best Screenplay. Hollywood has not only made cybersecurity a household name; Hollywood has made cybersecurity sexy. Blackhat, starring Chris Hemsworth, was released in 2015, one year after he was named People Magazine's 2014 “Sexiest Man Alive.” Quite simply, Hollywood has made hacking hot, and this has been a recipe for critical and commercial success in films for over a decade. Reality has finally caught up with fiction, and a career in cybersecurity is not only viable, it's sexy. And sexy careers command a premium.

One film, however, was the first to bring hacking into the national spotlight and actually became the catalyst for the Computer Fraud and Abuse Act of 1986 (CFAA): War Games. In 1983, War Games hit theaters across the United States. It is a story about a high-schooler, played by Matthew Broderick, who finds a “back door” into the military's central computer in which reality is confused with game-playing, possibly starting World War III. The U.S. government quickly passed the anti-hacking law with felony penalties aimed at deterring intrusions into NORAD. Broderick is an actor playing a hacker. Today we often call hackers “threat actors.” War Games as a film and moment in our history asks the classic chicken/egg question: Which came first, cyberfiction or cyberreality?

The War for Talent

It is clear today that the wars of the future will not be fought only by men and women in uniform with guns in hand. They will be fought in the ether online, in an attempt to control the information, manipulation and automation of data and machines.

Take Israel's Unit 8200. This division of the Israeli army is a cybersecurity-centric Intelligence Corps unit and now the largest unit in the Israel Defense Forces, comprising several thousand soldiers. The mandatory military service embedded in Israel's society has established an engine for cybersoldier creation and eventual private sector matriculation, leading to not only a highly protected national infrastructure and defensive intelligence program, but also an economic stimulus and growth plan by educating citizens in the military in the most monetizable skills available in the world today. Some would liken Unit 8200 to the National Security Agency (NSA) stateside, but a clear path and transitional advocacy have yet to fully mature for federal practitioners of cybersecurity. That is all about to change.

There is, right now, a war within the war — the war for talent. Talent in cybersecurity is in extreme demand: The most preciously skilled professionals are sought to join forces with corporations, law firms, government agencies, consulting firms and service providers to combat the attack on the privacy, security and identity of individuals and nation-states.

Cybersecurity professionals will become the soldiers of the future and will be paid handsomely in that capacity. But combat pay only lasts when there is combat, and the demand for warriors of security is now. If you are currently exclusively an e-discovery professional looking for ways to get ahead in your career over the next decade, you are well advised to begin the education and transition toward becoming cybersavvy.

ESI's Shift Toward Cyber

Ten years from now, most if not all e-discovery professionals will either completely convert to cybersecurity careers (including information governance, privacy, compliance, advanced data analytics monitoring, risk management and mitigation, incident response and more, clarified in the Cybersecurity Reference Model (CSRM), or will find themselves dual disciplined in both e-discovery and cybersecurity. While this transition may be slow moving for individuals, it is a trend already happening aggressively with corporations, service providers and legal practices.

Household e-discovery brands such as Nuix, which recently appointed cybersecurity expert, lawyer and former U.S. ambassador to Australia Jeffrey Bleich to its Board to “signal a greater focus on its cybersecurity products,” or kCura, maker of Relativity that has developed a cloud solution in Azure that aims to provide the highest level of security through Microsoft, are shifting their attention toward cybersecurity. My company has already made the pivot, acquiring a cybersecurity-focused staffing firm in 2015 to accelerate our ability to be dual disciplined, and now represents both e-discovery and cybersecurity professionals and opportunities. A primary reason for all these companies' shifting focus is the pursuit of staying challenged, more relevant to their clients and competitive in a saturated e-discovery market, not to mention the undeniable potential for financial acceleration.

Making the pivot toward cybersecurity may seem daunting to e-discovery companies and career-minded individuals alike. Many scanning and coding vendors feared and resisted the transition toward hosting and processing data at the turn of the millennium. An examination of the current state of both the e-discovery and cybersecurity industries will expose similarities and differences between each vertical's evolution, but will also inspire the ambitious, those who subscribe to the idea that the history of one will mirror the future of the other, to action.

Current State Analysis: ESI vs. Cyber

Here is how e-discovery and cybersecurity are different right now.

It's odd to imagine, but e-discovery is actually a much more mature market than cybersecurity. Both markets came of age in different ways. Thanks to Hollywood and the media, the average Joe feels like cybersecurity affects him, while e-discovery is not a word that has personal meaning. The Sony hacks of 2014 mark a moment in time where America's beloved celebrities were exposed and vulnerable.

Once an issue affects our celebrities, it affects everyone. As a result, cybersecurity is part of our culture's social consciousness, and cybersecurity concerns have moved aggressively from social consciousness to corporate consciousness, making cyber today's most talked about and feared threat facing the Fortune 1000 and Am Law 200, not to mention our country. E-discovery moved to corporate consciousness around 2010, but has matured, commoditized and consolidated as an industry. As evidenced by the video montage mentioned above, e-discovery never quite made it to social consciousness.

Another core difference between e-discovery and cybersecurity is the focus on living versus dead data. E-discovery generally aims to examine a body of static data. Cybersecurity, however, is the constant monitoring of live data. If e-discovery is an autopsy, then cybersecurity is open heart surgery, 24 hours a day, 7 days a week, 365 days a year, with new potential viruses attacking the heart all the time. Viruses (i.e., malware) get smarter and so, too, must the surgeons (i.e., the security analysts). The nature of living versus dead data determines the kind of forensic investigation needed, and they are different. It is called forensics for a reason, and this metaphor helps articulate that. Forensics is also an area of overlap, which will be discussed later.

Cybersecurity is something you can get an undergraduate and graduate degree in at a multitude of universities across the country. But there is no e-discovery bachelor's degree program. Bryan University's programs, under the leadership of Bill Hamilton, might be the closest. This makes a big difference in terms of where and how talent is created and each industry's scalability potential.

Cybersecurity has a wealth of educational certifications that maintain accepted standards within the industry: CEH, CISSP, GIACs — the list goes on. E-discovery has only one truly recognized educational certification: ACEDS. Conversely, e-discovery standards of excellence are often determined by vocational certifications from product makers, such as RCA, Nuix, iConect, Xera, LAW, Viewpoint and others. On the other hand, qualifying cyber talent is more focused on the aforementioned educational certifications that are less product-specific.

E-discovery (with the exception of a few firms) never really universally evolved into separate and distinct practice groups within the Am Law 200, but rather became a necessary discipline for all litigators. There are some who chose to distinguish themselves and their practices toward e-discovery experience, but cybersecurity has emerged as a clearly distinct and defined practice. “Cybersecurity,” “data governance” and “privacy” practice groups are springing up all over the Am Law 200 and beyond.

In e-discovery, talent evolved from within law firms first. Paralegals, legal assistants and contract attorneys, then copy shops, realized that a newer, more technical and more lucrative growth was available to them, and an e-discovery community was born. Cyber talent, however, is matriculating mainly from federal agencies, namely the FBI, CIA, AGO and NSA. Law firm and vendor culture is very revenue-focused, while federal culture is more mission-focused. This has made the transition from the federal to private sector challenging for some, particularly in understanding the nuances and demands for business development.

For vendors, cybersecurity is still a highly fractured market, with Cybersecurity Ventures boasting and posting a list in 2017 of the Cyber 500. E-discovery, however, is experiencing massive vendor consolidation. From 2015 to 2016, there were more mergers and acquisitions and more infusion of venture capital or private equity than ever before. This, too, will be explored further.

This final difference might be the most compelling: E-discovery is estimated to be a $17B (US) market by 2020. But the cybersecurity market is estimated to grow to $170B annually by 2020, at a compound annual growth rate (CAGR) of 9.8% from 2015 to 2020. That's 10 times the size of e-discovery.

Conclusion

E-discovery and cybersecurity differ in all these ways, but it is what they have in common that makes e-discovery professionals ripe to evolve into cyber pros and why the history of e-discovery is a predictor of what will happen in the cybersecurity space. We will explore these similarities in the current state of the e-discovery and cybersecurity industries in Part Two.

Jared Coseglia is the founder and CEO of TRU Staffing Partners. A member of the Board of Editors of Cybersecurity Law & Strategy, he has over 13 years of experience representing talent in e-discovery, litigation support, cybersecurity, and broadly throughout legal and technology staffing. He can be reached at [email protected].

When it comes to jobs, the history of e-discovery mirrors the present of cybersecurity. Specifically, the history of e-discovery, as a microcosm, reflects much of the wildly incongruent supply/demand in today's cybersecurity career landscape and is a predictor of future patterns in the cyber marketplace. The commonality of these industries lies in the unique overlap of skills, client base, and collaboration between the professional communities.

There are, however, stark differences between e-discovery and cybersecurity, most notably that cybersecurity, as an avenue of career opportunity and responsibility, is much, much bigger. An examination of the current state of both industries coupled with a deep dive into the history of e-discovery will offer a prophetic look at the likely hiring patterns, job availability, compensation trends, and industry maturation of the cybersecurity vertical over the next decade.

Society, Sex & Security

The magnitude of the cybersecurity industry's potential is amplified in the day-to-day news media's use of the word “cybersecurity” and the total absence of the term “e-discovery” in their vocabulary. Cybersecurity has become a household name while e-discovery remains a term used by people within its narrow but deep network of industry professionals. Your average American does not know what e-discovery is; does not know what data processing, hosting and production mean; does not know what FRCP, EDRM, or 26f stand for; and perhaps more importantly, they do not care.

Quite to the contrary, everyone knows about cybersecurity. It's a household word made famous by any one of the mainstream media coverages of recent years: Sony, Target, Anthem and, most notably, the DNC hacks. It's a word people now feel affects their lives despite being a concept that has been culturally embedded in our social consciousness for some time. Cybersecurity, unlike e-discovery, is a word first made famous in fiction and now metastasized into reality. (For a video montage to show just how big the disparity is, see, “e-Discovery and Cybersecurity in the News.”)

In 1995, a series of films hit the market that began a wave of cinema to follow focused on characters and stories related to computer security and data and identity theft: The Net, Hackers, Ghost in the Shell and Johnny Mnemonic. More recently, Mr. Robot, a USA Network original series mirroring the Anonymous movement of the early 2000s, shocked the world and won the Golden Globe for Best Drama. The Social Network, the film chronicling Facebook founder Mark Zuckerberg, whose empire was born from a hack of Harvard's student database, won the Academy Award for Best Screenplay. Hollywood has not only made cybersecurity a household name; Hollywood has made cybersecurity sexy. Blackhat, starring Chris Hemsworth, was released in 2015, one year after he was named People Magazine's 2014 “Sexiest Man Alive.” Quite simply, Hollywood has made hacking hot, and this has been a recipe for critical and commercial success in films for over a decade. Reality has finally caught up with fiction, and a career in cybersecurity is not only viable, it's sexy. And sexy careers command a premium.

One film, however, was the first to bring hacking into the national spotlight and actually became the catalyst for the Computer Fraud and Abuse Act of 1986 (CFAA): War Games. In 1983, War Games hit theaters across the United States. It is a story about a high-schooler, played by Matthew Broderick, who finds a “back door” into the military's central computer in which reality is confused with game-playing, possibly starting World War III. The U.S. government quickly passed the anti-hacking law with felony penalties aimed at deterring intrusions into NORAD. Broderick is an actor playing a hacker. Today we often call hackers “threat actors.” War Games as a film and moment in our history asks the classic chicken/egg question: Which came first, cyberfiction or cyberreality?

The War for Talent

It is clear today that the wars of the future will not be fought only by men and women in uniform with guns in hand. They will be fought in the ether online, in an attempt to control the information, manipulation and automation of data and machines.

Take Israel's Unit 8200. This division of the Israeli army is a cybersecurity-centric Intelligence Corps unit and now the largest unit in the Israel Defense Forces, comprising several thousand soldiers. The mandatory military service embedded in Israel's society has established an engine for cybersoldier creation and eventual private sector matriculation, leading to not only a highly protected national infrastructure and defensive intelligence program, but also an economic stimulus and growth plan by educating citizens in the military in the most monetizable skills available in the world today. Some would liken Unit 8200 to the National Security Agency (NSA) stateside, but a clear path and transitional advocacy have yet to fully mature for federal practitioners of cybersecurity. That is all about to change.

There is, right now, a war within the war — the war for talent. Talent in cybersecurity is in extreme demand: The most preciously skilled professionals are sought to join forces with corporations, law firms, government agencies, consulting firms and service providers to combat the attack on the privacy, security and identity of individuals and nation-states.

Cybersecurity professionals will become the soldiers of the future and will be paid handsomely in that capacity. But combat pay only lasts when there is combat, and the demand for warriors of security is now. If you are currently exclusively an e-discovery professional looking for ways to get ahead in your career over the next decade, you are well advised to begin the education and transition toward becoming cybersavvy.

ESI's Shift Toward Cyber

Ten years from now, most if not all e-discovery professionals will either completely convert to cybersecurity careers (including information governance, privacy, compliance, advanced data analytics monitoring, risk management and mitigation, incident response and more, clarified in the Cybersecurity Reference Model (CSRM), or will find themselves dual disciplined in both e-discovery and cybersecurity. While this transition may be slow moving for individuals, it is a trend already happening aggressively with corporations, service providers and legal practices.

Household e-discovery brands such as Nuix, which recently appointed cybersecurity expert, lawyer and former U.S. ambassador to Australia Jeffrey Bleich to its Board to “signal a greater focus on its cybersecurity products,” or kCura, maker of Relativity that has developed a cloud solution in Azure that aims to provide the highest level of security through Microsoft, are shifting their attention toward cybersecurity. My company has already made the pivot, acquiring a cybersecurity-focused staffing firm in 2015 to accelerate our ability to be dual disciplined, and now represents both e-discovery and cybersecurity professionals and opportunities. A primary reason for all these companies' shifting focus is the pursuit of staying challenged, more relevant to their clients and competitive in a saturated e-discovery market, not to mention the undeniable potential for financial acceleration.

Making the pivot toward cybersecurity may seem daunting to e-discovery companies and career-minded individuals alike. Many scanning and coding vendors feared and resisted the transition toward hosting and processing data at the turn of the millennium. An examination of the current state of both the e-discovery and cybersecurity industries will expose similarities and differences between each vertical's evolution, but will also inspire the ambitious, those who subscribe to the idea that the history of one will mirror the future of the other, to action.

Current State Analysis: ESI vs. Cyber

Here is how e-discovery and cybersecurity are different right now.

It's odd to imagine, but e-discovery is actually a much more mature market than cybersecurity. Both markets came of age in different ways. Thanks to Hollywood and the media, the average Joe feels like cybersecurity affects him, while e-discovery is not a word that has personal meaning. The Sony hacks of 2014 mark a moment in time where America's beloved celebrities were exposed and vulnerable.

Once an issue affects our celebrities, it affects everyone. As a result, cybersecurity is part of our culture's social consciousness, and cybersecurity concerns have moved aggressively from social consciousness to corporate consciousness, making cyber today's most talked about and feared threat facing the Fortune 1000 and Am Law 200, not to mention our country. E-discovery moved to corporate consciousness around 2010, but has matured, commoditized and consolidated as an industry. As evidenced by the video montage mentioned above, e-discovery never quite made it to social consciousness.

Another core difference between e-discovery and cybersecurity is the focus on living versus dead data. E-discovery generally aims to examine a body of static data. Cybersecurity, however, is the constant monitoring of live data. If e-discovery is an autopsy, then cybersecurity is open heart surgery, 24 hours a day, 7 days a week, 365 days a year, with new potential viruses attacking the heart all the time. Viruses (i.e., malware) get smarter and so, too, must the surgeons (i.e., the security analysts). The nature of living versus dead data determines the kind of forensic investigation needed, and they are different. It is called forensics for a reason, and this metaphor helps articulate that. Forensics is also an area of overlap, which will be discussed later.

Cybersecurity is something you can get an undergraduate and graduate degree in at a multitude of universities across the country. But there is no e-discovery bachelor's degree program. Bryan University's programs, under the leadership of Bill Hamilton, might be the closest. This makes a big difference in terms of where and how talent is created and each industry's scalability potential.

Cybersecurity has a wealth of educational certifications that maintain accepted standards within the industry: CEH, CISSP, GIACs — the list goes on. E-discovery has only one truly recognized educational certification: ACEDS. Conversely, e-discovery standards of excellence are often determined by vocational certifications from product makers, such as RCA, Nuix, iConect, Xera, LAW, Viewpoint and others. On the other hand, qualifying cyber talent is more focused on the aforementioned educational certifications that are less product-specific.

E-discovery (with the exception of a few firms) never really universally evolved into separate and distinct practice groups within the Am Law 200, but rather became a necessary discipline for all litigators. There are some who chose to distinguish themselves and their practices toward e-discovery experience, but cybersecurity has emerged as a clearly distinct and defined practice. “Cybersecurity,” “data governance” and “privacy” practice groups are springing up all over the Am Law 200 and beyond.

In e-discovery, talent evolved from within law firms first. Paralegals, legal assistants and contract attorneys, then copy shops, realized that a newer, more technical and more lucrative growth was available to them, and an e-discovery community was born. Cyber talent, however, is matriculating mainly from federal agencies, namely the FBI, CIA, AGO and NSA. Law firm and vendor culture is very revenue-focused, while federal culture is more mission-focused. This has made the transition from the federal to private sector challenging for some, particularly in understanding the nuances and demands for business development.

For vendors, cybersecurity is still a highly fractured market, with Cybersecurity Ventures boasting and posting a list in 2017 of the Cyber 500. E-discovery, however, is experiencing massive vendor consolidation. From 2015 to 2016, there were more mergers and acquisitions and more infusion of venture capital or private equity than ever before. This, too, will be explored further.

This final difference might be the most compelling: E-discovery is estimated to be a $17B (US) market by 2020. But the cybersecurity market is estimated to grow to $170B annually by 2020, at a compound annual growth rate (CAGR) of 9.8% from 2015 to 2020. That's 10 times the size of e-discovery.

Conclusion

E-discovery and cybersecurity differ in all these ways, but it is what they have in common that makes e-discovery professionals ripe to evolve into cyber pros and why the history of e-discovery is a predictor of what will happen in the cybersecurity space. We will explore these similarities in the current state of the e-discovery and cybersecurity industries in Part Two.

Jared Coseglia is the founder and CEO of TRU Staffing Partners. A member of the Board of Editors of Cybersecurity Law & Strategy, he has over 13 years of experience representing talent in e-discovery, litigation support, cybersecurity, and broadly throughout legal and technology staffing. He can be reached at [email protected].