GRC Certification Roadmap v1.0: Recommended Training and Certs
Вставка
- Опубліковано 22 тра 2024
- In this video I provide my comprehensive roadmap for obtaining cybersecurity GRC certifications over a 4-5 year period, covering beginner, intermediate, and expert levels. It's based on a blog post here: www.cpatocybersecurity.com/p/...
// MAIN POINTS //
1. The roadmap aims to address common questions about the necessity and value of cybersecurity certifications for GRC.
2. Hiring managers prefer certified candidates
3. The beginner level (year 1) focuses on foundational knowledge
4. Security+ or equivalent is a key certification to obtain in the beginner stage.
5. The intermediate level (years 2-3) splits into elevating fundamentals and terminology, and becoming an independent leader in GRC.
6. Certifications like CCRF, CCRP, and CISA are recommended for the intermediate level.
7. The expert level (years 4-5) includes the CISSP certification, which is broad but shallow in depth.
8. The roadmap is an illustrative example and can be tailored to individual needs and goals.
10. Feedback on the roadmap is welcome. Views expressed are my own.
// REFERENCES //
1. CISSP exam outline: www.isc2.org/certifications/c...
2. NIST, Northrop Grumman Fan www.nist.gov/system/files/doc...
Are you interested in cybersecurity career crossover, getting technical, speaking the language of business, elevating GRC or cyber safety? Check out my blog to get after it! www.cpatocybersecurity.com/
#cybersecurity #career #grc #CareerAdvice #CareerGoals #ProfessionalDevelopment #JobSearch #CareerGrowth - Навчання та стиль
Very Valuable, thank you.
Thanks, great info.
Thanks for watching!
I look forward to crowdsourcing answers to these questions at GRC Study Hall tonight, with Chris Whitlock from the Simply Cyber community. Here's another one I received: "I want to pursue my career in GRC Auditing. But I am confused about the certifications in Auditing. I have knowledge of cybersecurity and penetration testing and also have experience in that. For Auditing we have iso27001 LA but if I go with PECB or BSI, then the certification is costly. But there is one more provider SKILLFRONT, which is cheaper. Can you tell me if I can go with skillfront certification or not."
Good intel!
Glad you think so!
just curious to know why did you not just transfer over into data analytics with your professional background and credentials
Nice video,thanks for the video,after sec and Net+ Comptia and GRC certification,which roadmap Do you suggest for becoming Data loss prevention analyst?
Hey thanks for watching and the question! While I work closely with the InfoSec team for their DLP controls I’ve not performed or hired that type of role before. Have you seen the Simply Cyber community on Discord? I’m sure you’d find more Blue Team people there who would have good experiences and perspectives to share to help you determine a good training path.
I know it's not security, but would having the CCNA cert and a little experience in networking be a not too difficult of a transition to GRC , instead of the networking career path? Sorry if the question is too vague.
Networking is an above average, awesome entry point! Similar to how I used a T-Shaped skill strategy with deep knowledge of system integrity controls with access and change management, your strong domain to get a foothold and add value from day 1 can be networking controls.
Thank you for this wealth of information, I will be using it. I completed my Security+ training in February and afterwards completed a GRC mastery course by Unixguy on youtube. I was looking to take the IT Risk Fundamentals exam by ISACA as it seemed like a cert I qualified for as someone with no IT experience. Do you think it will be worthwhile to pursue?
Great start with Sec+ and a GRC course! Before pursuing the next Education related task in your Career Development Plan, are there Relationship or Experience related goals/stretch assignments you think might be a higher priority? I have a CDP video and template on my blog you’re welcome to check out. Also I’d be happy to continue this discussion to more directly answer your question.
is CISA having more value than CISM ?
It’s ranked higher on Cyberseek but I don’t think it’s a binary question. It depends on the specific job you are targeting and whether you have something else like the CISSP. CISM is very popular for GRC and I had it as a runner up.
is experience in cloud security important?
I think so given the scale and growth of cloud serivces. In Finance a lot of SaaS financial systems need cloud security for SOX Compliance. And although SOC2 is for any Service Organization and not just cloud services, some really important Cloud Service Providers need GRC practitioners for assurance work on both the vendor and customer sides. I had AWS Certified Cloud Practitioner on an early version of GRC Cert Roadmap 1.0. I ended up cutting it though to keep it simple and to not have to add more for Azure or GCP shops etc. If you're interested in more info on "Cloud Native Compliance," definately check out the GRC Engineering youtube channel.
@@cpatocybersecurity since the cisa and iso certs require work ex do you recommend sec+ instead of the cloud certs like sc-900?
No right answer here but some thoughts to consider: writing the CISA or another widely recognized cert can be worthwhile before meeting the experience requirement because: you gain knowledge, demonstrate commitment, show that you can follow through on hard things, get an ATS hit with your resume that says it’s in progress. Cloud training is also great to get a better understanding of the underlying technology that needs assurance.
It really depends on the job you’re targeting. If it’s an Azure shop with a cloud compliance need, Azure cloud certs would go a long way.
@@cpatocybersecurity great! thanks for the clarity!