Privacy engineering is booming—and you don’t need a JD to join the movement. In this episode, Amir sits down with Hoang Bao, Global Head of Privacy and Data Privacy Officer at Axon (formerly at Netflix, Google, Twitch), to break down what privacy engineering is, how it overlaps with data governance, and why it’s one of the most accessible and high-impact areas emerging in tech today. Whether you're a software engineer, data professional, or policy nerd, this episode shows you how to pivot into privacy—no legal background necessary.
📌 Key Takeaways:
Privacy engineering is still defining itself—and that's an opportunity.
You don’t need a legal degree to work in privacy, but you do need to understand regulations.
Certifications + champion programs are a great entry point into the field.
The rise of AI and data complexity is accelerating demand for privacy talent.
Diverse paths exist—privacy roles can sit in legal, security, engineering, even marketing.
⏱️ Timestamped Highlights:
[00:01:06] What is privacy engineering? Why there's no universal definition yet.
[00:03:52] Data governance vs. privacy—how they intersect and where they differ.
[00:06:00] How data governance pulled Hoang into privacy nearly 20 years ago.
[00:08:00] The impact of GDPR and global regulations on team growth.
[00:10:13] The historical dominance of legal backgrounds in privacy—and why that’s changing.
[00:13:24] How non-lawyers can break into the field: certifications and community.
[00:17:00] Becoming a “privacy champion” inside your org as a tactical first step.
[00:20:00] Where privacy lives: legal, infosec, engineering, or elsewhere.
[00:21:00] Will the Chief Privacy Officer (CPO) become more common?
[00:22:49] DPO vs. CPO—compliance vs. strategy roles.
[00:24:45] Why people are finally realizing they can become privacy engineers.
Featured Quote
"Even though a legal degree is not necessary, understanding the regulation and the law is important. What I've found that could help folks get that foundation is to think about certification that will give you one foot into the door."
Career Action Items
Immediate Steps:
Research IAPP certifications and privacy regulations (GDPR, CCPA, etc.)
Identify your company's privacy team or who handles privacy functions
Connect with privacy professionals on LinkedIn
Medium-term Goals:
Volunteer as a privacy champion at your current company
Attend privacy engineering meetups and conferences
Build relationships in the privacy community
Long-term Strategy:
Consider formal privacy certification
Look for privacy-adjacent roles in your current organization
Explore opportunities at data-heavy companies
Resources & Links
International Association of Privacy Professionals (IAPP) - iapp.org
Privacy Engineering Advisory Board
GDPR and global privacy regulations research
Why This Matters Now
With AI driving increased focus on data governance and privacy regulations expanding globally, privacy engineering sits at the intersection of technology, law, and business strategy. Companies need professionals who can implement privacy by design, not just react to compliance requirements.
The bottom line: This is your chance to get in early on a field that's about to explode. The community is small enough that networking actually works, companies desperately need help, and you don't need to go back to law school to make the transition.
Ready to explore privacy engineering? Share this episode with someone who's looking for their next career move in tech.