Professional development

I failed IAPP’s CIPP/C certification. Here’s how I recovered

Chris Stevens
August 15, 2022 by
Chris Stevens

Oh my God!” I exclaimed. I had just been notified by the International Association of Privacy Professionals (IAPP) that I had failed its “Certified Information Privacy Professional (CIPP)-Canada (CIPP/C)” certification examination. 

“How could this have happened?” I asked myself. I had passed IAPP’s CIPP/United States Private Sector Law, CIPP/U.S. Government, and its CIPP/Europe certification examinations successfully on the first attempts.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Privacy imposter syndrome

My mind was racing at a hundred miles per hour. I had set a goal of passing all seven of IAPP’s certification examinations within six months. I wanted to prove to myself that I could start a third career as a privacy professional. I had achieved outstanding successes as a civilian and military intelligence professional. If I could complete the certification examinations within six months, I’d achieve my next goal of becoming a privacy professional to support myself financially.

I knew the IAPP certifications were the “gold standard” for becoming a respected and successful privacy professional. The stakes were extremely high because I left a well-paid job in the U.S. government as a senior executive to embark on a career as a privacy professional.

A feeling of failure began to overwhelm me. I was unaccustomed to failure. I had always achieved outstanding success in my personal and professional endeavors. Doubt began to creep into my mind. I had left the security of my government job, and I was now driving for Lyft and Uber to make ends meet until I could find my first privacy job. I was also working as a licensed private investigator (a dismal and soul-draining experience).

I asked myself several frank and honest questions about my preparation for the examination: 

  • What did I do differently this time in preparing for this examination?
  • Had I followed the same preparatory steps I had previously used to prepare for the examination?
  • Had I devoted sufficient time to preparation?

How I passed my other IAPP exams

I had developed a time-tested process for passing the IAPP privacy certifications. The process included:

  • Purchasing the certification examination textbook from IAPP.
  • Visiting the IAPP website and downloading the examination blueprint (EBP). 
  • Reading the textbook twice: 
    • The first time for familiarity.
    • The second time for understanding. 
  • Using the EBP to identify the concepts and topics the examination would cover.
  • Identifying the concepts and topics in the textbook and memorizing them.
  • Review the EBP repeatedly until I knew what IAPP wanted me to know to pass the examination. 
  • Note: It usually took me two to four weeks of continuous, focused study before I knew I was ready to take an IAPP certification examination.

My answers to the questions above hit me with a thud! I had done none of those things. I had ordered the CIPP/Canadian textbook from IAPP. I read it in a single day after it arrived at my home. I had already scheduled the CIPP/C certification examination for the next day after receiving the textbook. I had been full of myself. I had honestly thought that I was “God’s gift to Canadian data protection and privacy!” I was wrong! I quickly realized that I had failed to prepare myself properly for the examination, and my reward had been a resounding failure.

How I recovered and passed my CIPP/C

Realizing the error of my ways, I asked myself, “Do you want this certification? What does it mean to you and your future? Do you want to brush off the dust of failure and try to test a second time or as many times as it takes?”

I answered each question affirmatively, so I paid the retest fee. (Infosec’s IAPP boot camps offer an Exam Pass Guarantee, allowing you a free retake if you fail). I waited the mandatory 30-day wait period before I could retest. I created a study plan and stuck to it. The plan centered on answering the questions I had posed during my post-test failure assessment. I refused to allow my failure to prevent me from obtaining my goals of passing every IAPP certification examination and moving on to a rewarding, long-term career as a privacy professional. 

My reward for my efforts was to retake the CIPP/C and pass the remaining IAPP certification examinations. My efforts allowed me to:

  • Earned the honor and the distinction of becoming an IAPP faculty member.
  • Became an IAPP fellow of information privacy. 
  • Served as privacy instructor for other IAPP official training partners, including the Infosec Institute. 
  • Worked as a privacy consultant for several private and public sector organizations, including the U.S. House of Representatives Office of Cybersecurity.
  • Developed my own privacy training for Cybrary and the Infosec Institute.
  • Today, I serve as the cyber and privacy risk analyst for a large international law firm.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

What is the moral of this story?

  • You can never allow failure to derail your dreams. Failure is a part of life, and we all fail at some point in our lives.
  • When faced with failure, you must push through it and redouble your efforts to achieve success. As Mike Tyson said, “Everybody has a plan until they get punched in the face.” What is your plan for overcoming failure when it “hits you in the face?”
  • Identify your personal and professional goals and develop a roadmap for achieving them. Infosec’s Cybersecurity talent development playbook is a great place to start.
  • Review your goals periodically to determine if any obstacles prevent you from achieving them.
  • Revise your plan as necessary to ensure your success.

 My motto has always been “Carpe Diem!” “Seize the day so you don’t miss out on tomorrow’s opportunities.” What is yours?

Chris Stevens
Chris Stevens

Chris Stevens has spent over thirty-five years as a data protection professional, an information privacy professional, a strategic intelligence manager, and as a Senior National Intelligence Service Senior Executive. Chris possesses all seven of the International Association of Privacy Professionals’ (IAPP) certifications. He is an IAPP Fellow of Information Privacy. Chris is an ISACA “Certified Information Security Manager,” “Certified in Risk and Information Security Controls,” and a “Certified Data Privacy Solutions Engineer” professional. He has assisted numerous organizations in better managing their privacy and risk management programs.