I’ve been writing books on information security and security certifications for twenty years and have a large following of professionals who ask me numerous questions. The most common question I receive is, “Which security certification should I pursue next?” to which I reply with questions to compel the questioner to reflect on their talents, passions, and goals. The answer to this question is different for each individual.
I’m writing two books on privacy, CDPSE Certified Data Privacy Solutions Engineer All-In-One Exam Guide and CIPM Certified Information Privacy Manager All-In-One Exam Guide. Having earned both of these certifications, and having spent considerable time in the bowels of these two certifications’ body of required knowledge, I will now briefly describe how these two certifications compare and contrast.
In brief, CIPM is a privacy management certification, targeting managers and leaders who build and manage organization privacy programs. In contrast, CDPSE is a privacy solutions certification, targeting managers and practitioners who manage organization privacy programs and are involved in information security and information technology systems, applications, and tools. These two certifications have considerable overlap, but differ mainly in the emphasis on management and operations for CIPM and technology for CDPSE.
Having been involved in security and privacy programs for over twenty years, I can confidently say that both certifications offer comprehensive coverage of the entire domain of information privacy. Like numerous other certifications in information technology and information security, the CIPM and CDPSE bodies of required knowledge have their quirks. These are no fault of the organizations (IAPP and ISACA, respectively) that built these certification programs, but rather the nature of information protection and management. Many practices and technologies are connected to many others, and there are different ways of relating them to each other. This inelegance, incidentally, is also seen across well-known information security frameworks (ISO/IEC 27001, NIST SP800-53, CIS, NIST CSF, etc.): they are comprehensive, lean in or out of different approaches, and are arranged somewhat differently from one another. Like CIPM and CDPSE, the differences are subtle, and their objectives are similar.
So back to the question: which privacy certification should you earn? If you are a technology-oriented individual, a hands-on IT worker of some kind, then I’d steer you towards the CDPSE. If, however, you are more of a manager or leader, I’d recommend the CIPM. If all things privacy is your jam, I’d recommend you pursue both.
#privacy #cybersecurity #CIPM #IAAP #CDPSE #ISACA
Peter H. Gregory 