Simply Cyber GRC Analyst Masterclass Study Notes: Chapter 4 Risk Work in GRC
Вставка
- Опубліковано 2 лип 2024
- The Simply Cyber GRC Analyst Masterclass equips aspiring and current GRC professionals with crucial risk management skills, methods, and mindsets. In this video I share what I learned in Chapter 4: Risk Work and how it helped me as a practitioner. I also add to the material from my experiences as a GRC Analyst and hiring manager.
// MAIN IDEAS //
- GRC Analysts lack good training options compared to Red and Blue teams in cybersecurity
- Fortunately, GRC Analyst Masterclass by Gerald Auger, PhD has stepped in to fill the void
- Risk management is the heart and center of what a GRC practitioner does
- Quantity of risk work produces quality; put in the reps to absorb information and think critically
- Nobody cares about a GRC analyst's opinion on risk unless it's defensible; avoid willy-nilly statements
- Apply your business acumen to communicate Return on Security Investment (ROSI) to management
- Barrier removed! Rip through Risk Management Framework (RMF)'s first two steps in a week; don't get analysis paralysis
- Traditional vs modern approaches to assess risk
- The course unlocks resume bullets on semi-quantitative risk analysis (NIST SP 800-30) and threat modeling
// CHAPTERS //
00:00:00 Where's the good GRC Analyst training?
00:00:45 Gerald Auger's GRC Analyst Masterclass
00:01:10 GRC Certification Roadmap v1.0
00:02:20 Simply Cyber Discord
00:03:00 Risk is the heard and centre of GRC
00:03:33 Where GRC can make an outsized impact
00:04:00 Quantity produces quality
00:05:15 Making a business case
00:05:49 Winning "Carl's" heart and mind
00:07:30 Methods: NIST Risk Management Framework
00:07:53 Big insight on FIPS-199
00:09:20 Traditional vs Modern Risk Assessment
00:11:31 Resume bullets unlocked
// REFERENCES //
- GRC Analyst Masterclass by Gerald Auger, www.cpatocybersecurity.com/c/sc
- Simply Cyber, NIST Over the Years with Dr. Ron Ross! ua-cam.com/users/livedr1FqdhOzzU
- Simply Cyber Discord server, / discord
- GRC Study Hall with Chris Whitlock, studygrc.com/
- NIST Risk Management Framework (RMF), csrc.nist.gov/projects/risk-m...
- NIST Cybersecuirty Framework (CSF), www.nist.gov/cyberframework
- National Initiative for Cybersecurity Careers and Studies (NICCS) - Risk Management, niccs.cisa.gov/workforce-deve...
- CISSP exam outline, www.isc2.org/certifications/c...
- CISA exam outline, www.isaca.org/credentialing/c...
// FREE GRC SKILLS, METHODS, MINDSET EMAIL COURSE //
This 3 week email course prepares you to break in and add value from day 1
www.cpatocybersecurity.com/c/...
CYBERSECURITY GRC | CAREER CROSSOVER | CERT PREP | Break into Cybersecurity Governance, Risk & Compliance from diverse backgrounds, like Accounting. Already in? Elevate your GRC skills, methods and mindset. www.cpatocybersecurity.com/
Views expressed are my own.
#cybersecurity #career #grc #CareerAdvice #CareerGoals #ProfessionalDevelopment #JobSearch #CareerGrowth - Навчання та стиль
Hey Steve. This is great! Love the work you're doing to empower students to be successful and transform!
Thanks so much! #TeamSC #TeamGRC
Hey Steve, great work and great channel keep up the good work my friend.
Thanks dude!
Great info. I'm a new sub to your channel as I'm looking into transitioning into cybersecurity from a management background.
You said you took Gerrys course over a year ago and I'm also subscribed to his channel. Did you take his course to transition into cybersecurity?
Great stuff and thanks for subscribing! I did a mid-career transition in 2020 and have absolutely benefitted from Simply Cyber training and content since I discovered it. If you’re looking for ideas I have a bunch of 70-20-10 experience-relationships-education Career Development Plan ideas in a template on my blog. Also an email course about breaking in.
@cpatocybersecurity definitely will check that out. I want to transition into GRC.
Thanks again, great info. I've previously purchased the course. Is there a way I can pay for the notes separately?
Thanks for watching and the question! I’m looking for course beta testers and testimonials. Perhaps if you subscribe to my blog and reply to the welcome email it sends, we can figure out a win-win? Or DM on another platform.
@@cpatocybersecurity Done, thanks! I actually subscribed to your blog on May 23 but hadn't checked my email to confirm my email.