At the IAPP Global Privacy Summit a few weeks ago I heard much talk about privacy engineers, but also a lot of questions about where to find them.
From the precon session on privacy engineering, to Federal Trade Commission (FTC) Chairwoman Edith Ramirez highlighting the need for more technologists at the FTC and other government agencies, there was a lot of interest in privacy engineers.
Companies talked about the need for engineers who have an understanding of both privacy and technology. They are looking for experts who can help them build privacy into their products from the ground up. Rob Sherman, deputy chief privacy officer at Facebook, explained, “It’s critical that we develop experts who not only understand privacy but also how to apply privacy to particular technologies. These are skills that we look for when we hire for our privacy team at Facebook, and that will be essential as we build the privacy profession in the future.”
But while everyone I talked with seemed to agree that privacy engineers are important, there was also a lot of uncertainty about where to find them. This is actually not too surprising since, until recently, there was no place anyone could go to get a degree in privacy engineering. Those who called themselves privacy engineers had learned the skills on the job. This has made it difficult for companies to fill their privacy engineering positions with people who are already familiar with the field.
At Carnegie Mellon, we graduated our first class of Master of Science in Information Technology—Privacy Engineering students last August. Adobe, eBay, Google, LinkedIn and Oracle quickly snapped up our first eight graduates. Some ended up in roles specifically focused on privacy engineering, while others have used their privacy expertise in more traditional software developer roles.
Our privacy-engineering students come to us with technical backgrounds and spend one year at our Pittsburgh, PA, campus taking courses that focus on privacy from legal, policy, technical and user experience perspectives. They attend seminars given by leading privacy researchers as well as by privacy professionals from a variety of companies. They conclude their studies with a summer-long capstone project sponsored by a company or organization. Last summer our students conducted projects for American Express, Facebook and the Future of Privacy Forum. We’re in the process of recruiting sponsors for this summer’s projects right now.
As co-director of the privacy engineering masters program, I’ve found it very easy to explain to companies why our program is needed and to get them interested in recruiting our graduates. The hard part has been to convince young computer science and engineering graduates to spend another year in school to become privacy engineers. (If you know one who might be interested, please put them in touch with me.)
This is not a career path most undergraduates are aware of, and given the large number of well-paying positions for software developers fresh out of college, many recent computer-science graduates are not giving much thought to continuing their education. We need to do more as a privacy profession to promote privacy engineering as an appealing career path both for recent graduates and for software developers and engineers who have spent time in the workforce and are ready to take on new challenges.
If you want to comment on this post, you need to login.