top of page

My Journey in Attaining Two Professional Certifications, CIPP and CISSP


Much has been written about professional certifications and the arduous preparation involved for exam day. For many people, like myself, studying and test taking are activities which we may have done 10 years or more years ago. In fact, I had taken and passed the state and patent bar exams over a decade ago, and so it had been awhile.

Before joining HIMSS, I was a healthcare and intellectual property attorney in private practice for 10 years. I specialized in transactional matters that involved information technology, health information technology, and intellectual property (i.e., patents, trademarks, copyrights, trade secrets, and confidential know-how). And, before my legal career, I did systems, network, database and web administration for several years.

The Certified Information Privacy Professional (CIPP) and the Certified Information Systems Security Professional (CISSP). I was motivated to take these exams for two reasons:

  1. expanding my knowledge base, and

  2. being able to demonstrably show that I have a solid understanding of information privacy and cybersecurity.

After all, there are many attorneys who practice in the fields of information privacy and cybersecurity. But, relatively few attorneys have the technical knowledge (and experience) needed to attain credentials, such as the CISSP.

The CISSP generally requires at least five-years of direct, full-time experience in at least two of the eight knowledge domains. Given my experience at HIMSS and my background, I decided that these credentials are ones that I needed to attain.

The following account is my first-hand experience in preparing and passing these exams on the first try.

The CIPP and CISSP exams are nowhere near as rigorous as the state bar or patent bar exam.

  • The CIPP for the US Private Sector (CIPP/US) exam is only a 90-question, 2.5-hour multiple choice exam.

  • The official textbook for the CIPP exam is the U.S. Private-sector Privacy: Law and Practice for Information Privacy Profession textbook published by the International Association of Privacy Professionals (the same organization which provides the CIPP certification). The book is pretty slim and is just under 200 pages.