Few organizations are driving more meaningful change than ISACA for our professions and our careers. I am proud to be a member of ISACA and to serve as the president of the ISACA San Diego Chapter, alongside my valued fellow board members. Certification is a big piece of what ISACA has meant for me in my career; recently, I added my Certified Data Privacy Solutions Engineer (CDPSE) certification, which now accompanies my CISA, CRISC and CISM certifications from ISACA.
ISACA’s decision to develop a technical privacy certification is a welcome addition to the already extensive suite of domain knowledge that is so efficiently addressed by other ISACA certifications. As a CISO, the decision to pursue the CDPSE was straightforward. Few topics have risen to such importance as those of cybersecurity and privacy. As the adage goes, you can have security without privacy, but you cannot have privacy without security. This interrelationship cannot be overstated. The power of the CDPSE is that it effectively brings the two worlds of privacy and security together while not blurring the important lines of distinction between these disciplines. The certification’s emphasis on privacy governance, privacy architecture, and the data lifecycle all complement the important work done by CISOs and chief privacy officers (CPOs) or data protection officers (DPOs). CISOs should actively collaborate and engage with their CPO/DPO counterparts to validate that requisite privacy controls are implemented within their organizations. The CDPSE ensures that this validation is both effective and comprehensive.
Privacy’s role in the enterprise is highlighted by foundational privacy regulations, including the European Union’s General Data Protection Regulation (GDPR), sector-specific regulations here in the US, including the GLBA and HIPAA, and recently enacted state privacy regulations such as the California Consumer Privacy Act (CCPA). In many ways, privacy technology has a whole-of-enterprise impact, with departments such as human resources, sales and marketing, infrastructure and operations, legal and security all required to understand how privacy regulations and responses to them drive technology decisions. The CDPSE positions practitioners to readily evaluate the privacy impacts of these technology decisions.
Privacy engineering is ultimately about implementing privacy-by-design principles, ensuring that sensitive personal data is adequately secured throughout its lifecycle and that the rights of data subjects and consumers are ensured. Failing to take a comprehensive view of privacy and privacy technology exposes organizations to levels of risk that could be existential, where widescale data breaches occur. The body of knowledge associated with the CDPSE certification is integral to reducing these risks and empowering effective, risk-based decisions to support both privacy and the security of the personal data that individuals entrust to our organizations. For CISOs, few things are more important than this trust.
I’m thrilled to see the rapid acceptance of the CDPSE certification and loving how many fellow CDPSE-holders are proudly sharing their newly acquired certifications on LinkedIn. It’s a testament to the community that is ISACA. We’re part of a dynamic, global community of security, privacy, audit, governance and risk management professionals who share and benefit from the collaboration that our community engenders. ISACA has been integral to my career and I remain indebted for the friendships I’ve developed since joining more years ago than I care to admit. I’m grateful that this new certification is positioning me well to meet new challenges in the realm of security and data privacy.