How to Break into Cybersecurity GRC: 3 First Steps (Rant Epilogue Part 1)
Вставка
- Опубліковано 13 жов 2023
- People on Reddit are engaging in the cybersecurity GRC (Governance, Risk & Compliance) careers conversation. My rant part 1 about why GRC is underrated in 48 hours got 92 thousand views, 231 shares, 195 upvotes and 143 comments. If you’ve already joined into that discussion thank you - this is super cool to be bringing newcomers into the conversation. And if you haven’t yet, jump on in.
See if GRC is a good fit for you, either for the long haul or as a temporary rotation to enrich your skills that you bring somewhere else. I’ve found it to be a great place for meaningful work and meaningful relationships - which is what it’s all about, and I think more people can do the same - if as a community, can give candidates a realistic job preview of what GRC is and what it isn’t.
Views expressed are my own. Questions and feedback are welcome.
REFERENCES
Reddit r/cybersecurity discussion: Why careers in cybersecurity GRC are underrated: / why_careers_in_cyberse...
NIST Cybersecurity Framework (CSF) v1.1: www.nist.gov/cyberframework/f...
Forbes, Team Building: Minders, Finders, Grinders by Keenan Beasley
www.forbes.com/sites/keenanbe...
Cybersecurity Cannon Book Reviews, Ohio State University icdt.osu.edu/cybercanon/bookr...
Darknet Diaries darknetdiaries.com/
Risky.Biz risky.biz/
Your Cyber Path Mind Map: / 1236374733563650049
IRRESISTIBLE: How to Land Your Dream Cybersecurity Position, Kip Boyle, Jason Dion: www.udemy.com/course/irresist...
Harvard Business Review, A Simple Way to Map Out Your Career Ambitions by Marc Effron hbr.org/2018/11/a-simple-way-...
Cloud Security Office Hours
www.cloudsecurityofficehours.... - Навчання та стиль
Great! I was waiting for this. I have my sights set on cyber GRC, now to put in the work.
Awesome. Get after it and good luck! I’m open to questions along the way.
Just finished my master’s in cybersecurity with a concentration in IT management after doing the part for GRC in my course, I’m going for that. First video I’ve seen of yours. Love the content. Subscribed!
Congrats on finishing your masters degree and thanks so much for the comment! More to come and feedback welcome.
Currently a commercial fire alarm inspector who deals with major airports along with hospitals among others. I am definitely all in on breaking into the cyber security space and came across GRC as something I can correlate to the job. I do now as doing inspections on fire life. Safety systems for hospitals is somewhat like being an auditor. I'm thankful for your information and I hope I can get on the right path to break into this career field. Thank you.
That is awesome. Sounds like great transferable skills.
Thanks for sharing sir
Thanks for watching and let me know if there are any particular topics of interest for follow up videos.
Thanks. Plus you know how to talk well enough. I love GRc and this is my shortcoming. Lol
Thanks for the comment and great to find more GRC advocates out there!
first-timer.....great to be here!
Thanks for watching and the comment!
My goal is to get inro GRC, thank you.
Thanks for watching and the comment!
It's not fair this guy could dye his hair black and look like he's 20 again if he wanted. Edit: Also great video and a very nice insight from someone I haven't seen before. I think you're going to do great on UA-cam! Sub'd!
Thanks dude!
Thanks for sharing. I have been doing compliance work for a small part of the Australian ISM and feel it's too narrow. I'm looking for better ways to learn and understand GRC better.
What information can you give someone who wants to pursue GRC in the cloud?
Thanks for watching and the question. One idea is to offer to get involved in Supply Chain Risk Management, for example as a reviewer of vendor SOC2 reports.
@@cpatocybersecurity thanks for this advice.
For those of you wondering what cert to get if you dont have the experience to get the cisa certification..... Cant go wrong with getting security plus. As far as federal government is concerned, thats what they look for at a minimum for Cybersecurity jobs. You dont need any experience to sit for that exam. Question.....which jasion dion course did you take that provided you with the mind map?
Agree! Here's the mind map: twitter.com/CyberPathMaker/status/1236374733563650049, and I've taken various Dion Training courses including for Security+ to help me get the CISA. Here's a Your Cyber Path course with Jason Dion and Kip Boyle: www.udemy.com/course/irresistible-cybersecurity/
@cpatocybersecurity thank you sir!
That Google cyber security overview certificate might not be a bad idea either -- as in, get both; the Google cert apparently tracks with the Sec+, is good study, and it offers a Sec+ discount, while being practical including getting your hands dirty a bit with Linux, Python, and SQL, and such.
@@cacogenicist agree! I recall some IT fundamentals type UA-cam videos from Google in I think the 2019-2020 timeframe and found them to very helpful and interesting/enjoyable to watch.
I currently want to pivot into grc cybersecurity.i am a banker right now what certifications can i do
Security+ might be a good target. I just posted a GRC Certification Roadmap video you are welcome to check out. If you have any more questions, just let me know.
Thanks for the information. I just got my security+ certification and have nearly 6 years of experience(Networking, Sys Admin, also got a Cyber Sec Graduate Certificate). I am now planning to break into this field. But I really don't know if there are any jobs that hires someone with 0 audit experience? Because I haven't seen any. In such cases does certs like CISA or any other audit related certs helps? If yes, which one should I pursue? Please help.
Kudos on Security+! In tackling the chicken before the egg problem one approach can be to network, find a mentor and ask for a stretch assignment in an audit or compliance department. If that isn't an option yes something like the CISA cert can help to provide foundational knowledge and demonstrate commitment to this career direction. Your technical background would be a valuable asset to offer to a GRC hiring manager. Simply Cyber has a discord server that might be a helpful resource for networking. I hope that helps and welcome further questions.
@@cpatocybersecurity Thanks for the response. I will try those things you mentioned. Also I will try the discord server.
what are your thoughts on the GRCP and GRCA certs offered by OCEG?
I haven't pursued them myself or seen them in job postings. I do have a colleague with them who I can ask this week and get back to you. Anything that provides candidates an edge to add more value on day 1, shows their ability to follow through on a commitment, and to show passion/interest in GRC sounds good to me.
I skimmed through the 215 page OCEG Red Book and generally liked what I saw. I plan to revist it later on down the road.
One knee-jerk reaction I have at this early impression of the Red Book (for what it's worth) and from talking to my colleague is that a new candidate might get better, more practical value (and brand recognition on a resume) from: (1) something free and established as an industry standard like reading NIST CSF, skimming NIST RMF and NIST 800-53, (2) a more industry standard cert like Security+, (3) This "GRC Masterclass" simplycyber.teachable.com/, or Udemy for Security+, CSF and RMF).
Thank you. Did you colleague say that he feels like these certs benefited his career?
They didn’t remove a specific barrier as he was already in GRC but were helpful to broaden and deepen his understanding of how to run and execute an effective program. Hope that helps and thanks for the questions!
I'm a Chargeback Specialist. I recently became a certified fraud examiner. I want to go into GRC. Pls, do you have any advice for me? I currently lack direction on how to start
Thanks for watching and the comment. Are there any ideas from here that you think you could apply to GRC? danielmiessler.com/p/build-successful-infosec-career/
@@cpatocybersecurity thank you.. I will check the link out
Can i get into grc with out any degree?? Preparing for my security plus exam
Great question and I touch on it around 4 mins 45 seconds into my "Your Cybersecurity Career Plan Video". Cyberseek.org does indicate that a high number of GRC-like job postings ask for a degree, but (1) "it's not how you stand beside your car, it's how you race your car" - Fast and Furious (2) "You are your projects" - Daniel Miessler. Please check out my related video and let me know if you have any other questions. Also kudos going for Security+. That's a great cert for breaking into GRC.