My Journey in Attaining Two Professional Certifications, CIPP and CISSP

Studying for healthcare certification

Much has been written about professional certifications and the arduous preparation involved for exam day. For many people, like myself, studying and test taking are activities which we may have done 10 or more years ago. I had taken and passed the state and patent bar exams over a decade ago, so it had been awhile. 

Before joining HIMSS, I was a healthcare and intellectual property attorney in private practice for 10 years. I specialized in transactional matters that involved information technology, health information technology and intellectual property (i.e., patents, trademarks, copyrights, trade secrets and confidential know-how). Prior to my legal career, I did systems, network, database and web administration for several years.

RELATED: HIMSS Certifications: What You Need to Know

Two Certifications

I was motivated to take the Certified Information Privacy Professional (CIPP) and the Certified Information Systems Security Professional (CISSP) exams for two reasons:

  1. Expanding my knowledge base
  2. Being able to demonstrably show that I have a solid understanding of information privacy and cybersecurity

After all, there are many attorneys who practice in the fields of information privacy and cybersecurity. But relatively few attorneys have the technical knowledge (and experience) needed to attain credentials, such as the CISSP.

The CISSP generally requires at least five years of direct, full-time experience in at least two of the eight knowledge domains. Given my experience at HIMSS and my background, I decided that these credentials are ones that I needed to attain.

Passing on the First Try

The following account is my first-hand experience in preparing and passing these exams on the first try.

The CIPP and CISSP exams are nowhere near as rigorous as the state bar or patent bar exam:

  • The CIPP for the U.S. Private Sector (CIPP/US) exam is only a 90-question, two-and-a-half hour multiple choice exam.
  • The CISSP exam is only a 250-question, six-hour multiple choice and innovation question exam (i.e., drag and drop and hotspot questions).

No Magic Formula

There's no magic formula to prepare for exams, such as CIPP and CISSP. Some people may say not to read the official books at all to prepare for the exams and that one’s professional experience is all that is needed to pass the CIPP and CISSP exams. Still others may say that all you need to pass these exams is a “boot camp” type of course.

There is no “silver bullet” for exam preparation. Additionally, the time it takes to prepare for these exams can significantly vary from individual to individual. I studied for seven weeks each for the CIPP and CISSP exams and figured my own way of working through the material and mastering it.

Mastering the Materials for the CIPP Exam

For the CIPP exam, I studied the official CIPP/U.S. textbook, which had a lot of cases, laws and regulations from the U.S. and around the world (such as Europe and Asia). I also studied the supplemental CIPP/U.S. textbook.

Much of the information was interesting and some of it was easy to understand (such as the Federal Trade Commission’s (FTC) enforcement authority under the FTC Act Section 5 for unfair or deceptive trade practices and HIPAA).

By studying the material for the CIPP exam, I gained a lot more depth and dimensions to my knowledge about information privacy. Put another way, I felt as if I were working on a jigsaw puzzle and that the puzzle was finally coming together. The supplemental CIPP/U.S. textbook was useful for two reasons:

  1. Some concepts were simply, but clearly explained
  2. Multiple choice questions were useful in testing my knowledge of what I had studied; I also took some simulated multiple choice questions from a popular test engine

Mastering the Materials for the CISSP Exam

For the CISSP exam, without a doubt, the materials are much more voluminous and much more technical. Interestingly, the official CISSP textbook does cover intellectual property law and HIPAA — although, this is a relatively small portion of the textbook.

A lot of cybersecurity professionals do not cover all eight knowledge domains, and so, the breadth and depth of the material may be challenging for some. I found studying from the official textbook helpful.

Much like my experience in studying for the CIPP, I found that the material in the textbook helped me put information I already had in context. But, I learned some new things too, such as multipartite viruses.

I supplemented my review with test questions from the CISSP Study Guide. I again tested my knowledge with a popular test engine. Finally, I took a CISSP boot camp class and sat for the CISSP exam during the last day of the class.

Value of the CIPP and CISSP Credentials

I find value in the CIPP and CISSP credentials every day. Throughout my various professional roles in law, information technology, and now in health IT, I have always had to use multiple domains of knowledge.

In fact, even with an exam as broad as the CISSP with its eight domains of knowledge, I found, and still find, that I use knowledge that spans across all of those domains in my day-to-day work in the field. As a result, I have no regrets in my journey to become a holder of the CIPP and CISSP credentials.

I hope that this blog post inspires others to take the plunge and reap the rewards of becoming a certified professional.

Originally published November 18, 2016, updated July 20, 2018