HCISPP Spotlight: George Chacko

[ This article was originally published here ]

George Chacko HeadshotName: George Chacko
Title: Senior Manager, Information Security
Employer: New York Blood Center
Location: New York, NY, U.S.
Education: State University of New York at Buffalo
Years in cybersecurity and/or privacy: 14
Cybersecurity certifications: CISSP, HCISPP


How did you decide upon a career in healthcare security and/or privacy?

After starting my career in financial services as an information security professional, I knew that the healthcare industry was an area in which experienced resources were needed due to the rise in major breaches of medical records and personal healthcare information. I had many family and friends in different roles in healthcare and I admire the mission and purpose of the industry. I wanted to leverage my experience in information security in the healthcare industry by supporting the mission and vision of an organization.


Why did you decide to pursue your HCISPP?

Although the financial and healthcare industries are very different, the core principles of information security are similar. As I transitioned into my new role in healthcare, I wanted to learn more specifics about the terminology, regulations and principles. Since I had my CISSP, I researched different certifications and learned that the HCISPP offered this content in its knowledge domains and was part of the (ISC)² umbrella of certifications. Being a member of (ISC)² for more than 10 years gave me confidence that the HCISPP would help me to learn these topics.


What is your main role in your organization?

I am responsible for the overall information security program for my organization. One of my main roles is to align the information security strategy for the organization to our business. I report to the chief information officer (CIO) and work with him on these strategic and tactical activities. We work closely to communicate progress and roadblocks to our senior leadership team. I believe this is critical to success because often in other companies, information security works in isolation which impedes the business, instead of empowering them.   


Tell us about a project that you were particularly proud of –

I have been part of many projects, but what I am most proud of is being able to instill information security into the culture of our company. Before me, the organization did not have an IT professional dedicated to information security, so I had the opportunity to build the program from the ground up and to lay a foundation for my organization. I tried to take a methodical approach, focusing on our biggest risks and aligning information security to our business to support them and our critical functions.


What impact has the HCISPP had on your career?

Implementing an information security program in a blood center is unique and different from other industries because hospitals are our major partners, donors are our biggest clients and the foundation for regulations support human life rather than financial thresholds. The HCISPP helped me to bridge the gap between my prior financial service experience and the healthcare industry by helping me to understand new terms and a differing culture. As I prepared for the certification, I took a study course and networked with other certified members which gave me access to resources that I would not have known about otherwise.


What advice would you give to those who are thinking about pursuing health IT security as a career?

The purpose and mission of healthcare organizations are amazing and are very different from other industries. To know that you are supporting an organization that is there to help save lives gives you great perspective. I would advise anyone interested in health IT security to understand the regulations, culture and the customers you are supporting. It is very different from other industries because you are supporting human life. Risk management becomes a very different process as you are making critical decisions for your organization.


For more information about the (ISC)² Healthcare Information Security and Privacy Practitioner certification, download the Ultimate Guide to the HCISPP.