Its been a while since my last post, but I’m happy to share that I passed my CIPP/US exam on May 23rd!
Out of all the certification exams I’ve taken, this one left me feeling the least confident while taking the exam. I believe those with a legal background might find it more approachable, especially when it comes to interpreting scenario-based questions or recalling the history of privacy laws.
For example, learning about what a hash is in the Security+ helped build the foundation that made it easier to understand their application in more advanced exams like the CySA+ or CISSP, such as in pass-the-hash attacks. I also encounter hashes regularly at work, which helped reinforce the concept over time. In contrast, many of the legal concepts in the CIPP/US felt completely foreign to me. For example, one thing I laughed about with my CISO is how I wasn’t familiar with simple terms like a tort or a plaintiff and I had to Google them. It was like I was learning about hashes all over again.
While I don’t consider myself an expert, I do feel much better equipped to handle privacy-related matters in my current role. With the growing emphasis on data protection and individual ownership of personal information, I believe this certification will only support my long term goal of becoming a CISO.
I highly recommend this certification to anyone currently involved in or planning to move into a privacy-focused role.
