After a seven-year career at the North American Electric Reliability Corporation (NERC), Nick Santora, cybersecurity expert, has left the regulatory body and started his own CIP compliance training company, named Curricula.
Based on his years of experience focused on CIP compliance at NERC, Nick saw an opportunity to educate the power industry on mandatory CIP standards in a more productive and effective way, namely by using story-based learning.
- More than 1900 registered entities are legally required to be compliant with CIP Version 5 by April 1, 2016.
- Over 60% of all violations occur within the CIP standards.
- Companies can be fined as much as $1 million dollars a day, per violation, if found non-compliant.
- Curricula is the first solution developed to provide education and training on CIP V5 developed by NERC staff.
Prior to launching Curricula, Nick spent years working with NERC and the Regional Entities developing the compliance and audit approach to the CIP V5 standards. He led several initiatives at NERC, including:
- CIP V5 Transition Program (moving the industry from the current V3 to V5)
- CIP V5 Implementation Study (designed for entities to adopt CIP V5 prior to the effective date)
- NERC Security and Reliability Program (outreach program focused on moving entities to V5)
- BES Cyber Asset Survey (FERC directive to assess industry approach to CIP V5)
“It’s not always about buying the best security appliances, the best firewalls, and the best anti-virus solutions. Your people are the biggest risk to your organization. Without a strong cybersecurity program, you are opening your business up to an enormous risk.” — Nick Santora