Hi All. Long post but I figure more info is better.
I’ve been an attorney in the US for 8 years. I’ve done mostly general civil litigation for a boutique/small firm, and a bit of trial work. I hated the grind in litigation – it’s all about being leveraged for the partners, working 80 hour weeks for pay that hourly comes out to nothing. Two years ago I got out of litigation for a job as a court staff attorney which is all research and writing, low stress, 8-5 only. One of the major drivers was work life balance to raise a family. Pay is $65k a year but I’m in a very high cost of living area so it’s a hard stretch with student loans and child care. (US is the worst for young parents). I like the job but it’s a dead end for the most part.
And here’s the thing. I don’t care about the law anymore. I’m bored of it and want something new and interesting. Also, the legal industry is toxic and grinds people down. Your options are to make a bunch of money working yourself to death, or make less money working yourself slightly less to death. So I’m looking for something better.
I know a government lawyer who got his CIPP and jumped right into a firm making mega bucks ($200k+ a year before bonus). CIPP also seems like a good way into in-house counsel jobs with corporations which is a pretty kushy gig as far as lawyering goes. Cyber security seems super hot right now, and there will probably be some big regulations and new laws coming down the pipe in the next few years. My impression is that to be a lawyer with some infosec knowledge would be highly in demand. The CIPP exam seems doable for me, and aligns with my skillset but….it seems like all it would do is make me a Cybersecurity lawyer and I’m worried that will be more of the same (and still require those long hours and toxic bill bill bill work environment). Also I’m not super thrilled with the idea that my work would probably end up being mostly litigation damage control for companies who negligently let themselves get hacked.
So instead I’ve been looking at Security+ and just a straight up career change into infosec. The idea being that I could still make decent money but without the horrible grind or old school law firm employment model. If nothing else, it seems like there would be more job opportunities with a reasonable work life balance, as opposed to the law where that’s basically non-existent unless you’re in government. Also benefits that seem ubiquitous in tech (work from home, portability of job across state lines, not having to wear a fucking suit everyday) just plain don’t exist in law. My undergrad degree is in finance/marketing so I have no IT or tech background other than being a Millennial who knows how to Google and loves to learn. But my impression is that, if I can pass a few certs like Security+ or CySA+ I would have a decent shot at getting my foot in the door.
I’m looking for some advice or feedback about this career change. I’m not motivated by big bucks as much as I am in maximizing my income per hour spent working. I’m very much a work-to-live person, but that’s antithetical to the legal profession. I find Cybersecurity interesting, and the idea of pentesting and ethical hacking sounds fun…but then again I thought being a trial lawyer sounded fun too. It wasn’t.
Am I wrong that cyber security would offer more work/life balanced opportunities?
Am I naive to think my law degree would provide any leg up if I went full infosec?
Would it be better in your opinion to be a lawyer who knows some infosec, or an infosec professional that knows the law?