• United States




Cybersecurity education in the age of acceleration

Mar 15, 20195 mins
CertificationsData and Information SecurityData Breach

The cyber threat landscape demands professional development initiatives.

certification school pencils diversity creative team by evgeny555 getty
Credit: evgeny555 / Getty

This is a story of how a career setback turned out to be a setup for something bigger.

It was the year 2000, and I had just gone through a layoff. I was a network engineer and felt I needed some way to stand out in the crowd. Days later I was at a bookstore looking at technical books when I came upon a CISSP title. What was this?

I opened it and it was a security certification for a Certified Information Systems Security Professional. It was a professional certification – not from a hardware or software vendor, but from an international nonprofit membership association,, the International Information Systems Security Certification Consortium.

As it turns out, my timing was perfect as the dot com boom was starting to wake up. Prior to 2000, network engineers did security…there were no discrete security roles like we have now.

Security was an area that had always really intrigued me. Little did I know the dot com boom would explode and suddenly everything would now be online and available to everyone – including cybercriminals. Since that time, just about everything we put online has been compromised, from Target, to the US government OPM, to hospitals, banks and everything in between.

New opportunities are on the way

I recovered well from my layoff thanks to my CISSP. As it turns out, this credential has been quite very valuable to me and so many others.

I quickly learned that the certification was just the beginning. Once certified you need to obtain your CPEs (Continuing Professional Education credits) to maintain the credential. This seemed like a chore at first but led me to become involved with ISSA (Information Systems Security Association), ISACA (Information Systems Auditors and Controllers Association) and InfraGard (The FBI’s program to guard critical infrastructure).

Signing up for these professional organizations’ chapter boards gave me more CPEs and got me into great conferences like ISACA’s CACS and Infosec World for free. I had no idea just how many new networking and educational opportunities were in store for me, which all started with that CISSP certification.

The age of acceleration is here

It’s now 2019 and I’m almost finished reading an excellent book called “Thank You For Being Late” by Thomas L. Friedman. The author points out just how life changing 2007 was. It was a tripping point in the age of acceleration. Steve Jobs announced that Apple had just reinvented the mobile phone, It had no buttons, it had the best media player, a web browser and yes it was a phone.

Facebook, Twitter and Googles Android OS all showed up about this time. AT&T became the iPhone’s exclusive mobile phone carrier and their wireless network traffic increased 100,000 percent from 2007 to 2014.

Since that time the largest cab company the world has ever known, Uber, owns no cabs. The largest hotelier, AirBnB, owns no hotels.

The age of acceleration is here. But Friedman points in his book how do we manage all of this? The world is globally connected 24 x 7 and its changing everything. Its also adding endless opportunities for state sponsored cyber criminals across the globe.

We need to fill security jobs – now

ISACA recently stated that 58% of all security jobs are unfilled due to shortages of security professionals. A report by Cybersecurity Ventures estimates that over 3 million cybersecurity jobs will be open by 2021. A site called shows the latest data breach statistics since 2013 as 14,717,608,286 data records compromised. That’s over 14 billion records!

With everything online, all these data breaches and a shortage of cybersecurity professionals what is the best course of action? What is being done to correct this problem?

As it turns out ISC2 – the number one global source for certified cybersecurity professionals – has created a Professional Development Institute. This quote from summarizes their mission:

“We’re committed to helping our members learn grow and thrive by providing world class certification programs education and training, and professional development opportunities that inspire a safe and secure cyber world.  With more than 140,000 certified members, we empower professionals who touch every aspect of information security”

All of this is free to ISC2 members

Three new courses are online now:

  1. GDPR for Security Professionals – A Framework for Success
  2. DevSecOps – Integrating Security into DevOps
  3. Building a Strong Security Culture

I believe ISC2’s new institute will be a turning point and set a new standard for professional security certifications. It will make getting CPEs much faster and accelerate learning to keep pace with the current ever-changing cyber threat landscape.

It will also help to attract more people to the profession. ISC2’s Professional Development Institute adds great value to all its certified members and will be a significant contribution to the professionals who secure the worlds business systems. I’m so thankful for that day 17 years ago when I discovered that CISSP book in that bookstore.


A senior security and compliance specialist, George Grachis has over 25 years’ experience in the tech sector. Some of his experience includes over a decade supporting the Space Shuttle program for Computer Sciences Corporation & Grumman Aerospace, security management for CFE Federal Credit Union, IT auditing & consulting for Deloitte and serving as Chief Security Officer for Satcom Direct.

George holds both the CISSP, and CISA certifications. George received the ISSA fellow Designation in 2016 and is currently an active senior board member of ISSA. George has been interviewed by WFTV ABC TV and Fortune Magazine. When not working he enjoys spending time with family & friends, Big Brothers Big Sisters, Playing the Drums, motorcycling, fitness, and writing articles for his blog, Virtual CISO.

The opinions expressed in this blog are those of George Grachis and do not necessarily represent those of IDG Communications Inc. or its parent, subsidiary or affiliated companies.