Developing a domain ontology with concepts and relationships between them is a challenge, since knowledge engineering is a labor intensive process that can be a bottleneck and is often not scalable. Developing a cyber-security ontology is no exception. A security ontology can improve search for security learning resources that are scattered in different locations in different formats, since it can provide a common controlled vocabulary to annotate the resources with consistent semantics. In this paper, we present a bootstrapping method for developing a cyber-security ontology using both a security textbook index that provides a list of terms in the security domain and an existing security ontology as a scaffold. The bootstrapping approach automatically extracts the textbook index terms (concepts), derives a relationship to a concept in the security ontology for each and classifies them into the existing security ontology. The bootstrapping approach relies on the exact and approximate similarity matching of concepts as well as the category information obtained from external sources such as Wikipedia. The results show feasibility of our method to develop a more comprehensive and scalable cyber-security ontology with rich concepts from a textbook index. We provide criteria used to select a scaffold ontology among existing ontologies. The current approach can be improved by considering synonyms, deep searching in Wikipedia categories, and domain expert validation.