Thank you! Its crazy, I just woke up and while washing up to get ready for the day I was thinking to myself, "I wish there was some free training/certs for cyber security" and before i could even go to go google to check your video popped up as a suggestion 🤔😊
Thank you for this video, this is amazing. Saved to review and take all the courses. I'm coming from a medical field with no prior knowledge and not particularly interested in the technical aspects so GRC pathway is for me
I'm glad that you enjoyed the video! Keep in mind that you can't completely avoid understanding the fundamentals of how technologies work just by pursuing GRC. The major difference between "technical" and "non-technical" areas is the depth and type of knowledge that you need. I recommend grabbing my free eBook ( jongood.com/getstarted/ ) to understand the foundational knowledge that's expected for anybody in this career field.
Hey Jon! I’m looking to break into tech .. I come from a healthcare background would you suggest a boot camp ? I’d like to go into GRC but some people say it’s so hard to break into it with a job. I did see your program which is a lot cheaper than a bootcamp
Thanks for sharing this video. I've landed a cybersecurity internship for this coming May and I'm trying to familiarize myself with roles within cybersecurity and start getting a headstart on what going to be expected of me.
Glad it was helpful! Internships are a great way to get more exposure to the career field where you won't face the same kind of stress as a full time role.
Thanks for sharing your knowledge brother I just got accepted to UCLA and I’m starting in a month but really geeking out on all your content to be ahead of the game. I’ll be checking out NIST and just go from there GRC seems like the path I’ll be going for, I’m happy I did research before starting school because I thought cybersecurity was just one thing in general 😅
Thank you so much for this video! I was trying to see what I should take to go into GRC after earning the CompTIA Sec+ cert and this answered my question.
I am current student in the cybersecurity and I found myself I really fit into the GRC domain, maybe I need to spend more time to break into my first step into the market.
It's a great time to get into GRC! Remember, you need a solid foundation before you can start specializing in any area of this career field, which is why my eBook's roadmap is so helpful. ( jongood.com/getstarted/ )
I'm giving the GRC coursera course a look and while it's not as good as my MS, it is a decent course. I recently started my first contract position in GRC and engineering, so I'm using it to brush up. The important thing is that this course DOES cover the mindset inconsistencies that you'll often find or face in CSec when dealing across departments. Unfortunately, overcoming objections or assumptions is a big part of working between IT or engineering, and other depts.
Success in this career field absolutely depends on your ability to sell a security culture and adoption of improved security. Is it difficult? Yes...Is it rewarding? Yes!
Thanks for this. I am in a PCI DSS training, and I expect to have secured a very good paying role by early fall. I am going through audit "scoping" now. Not exciting and very detail oriented. If you cannot handle micro-detailed work, look for another area of cybersecurity to pursue. I'm more settled and mature now. The only "excitement" I require from a work role is the pay scale. I'll get excited elsewhere.
@@JonGoodCyber , no not at all. I am 70 years young, and this will be my fourth career, after being a stockbroker, insurance and annuity sales seller, an international airline service worker and now I am up for the GRC challenge. I am not interested in retirement. It's boring and your brain goes to pot. No thanks.
@@cerebralax, self-paced because a class with live training has been unaffordable to me. A live training is best, but one must get in where they fit in. The training suffered a setback because the man who put the course together realized he missed including several particularly important soft skill components that he swears makes all the difference in getting a higher paying GRC role. To install the extra stuff, everyone's progress had to be reset to zero! I will not reveal the name of the training or the trainer because it is disrespectful to Jon. And it doesn't matter anyway, because the training has been closed to new students for around two months. When it is reopened, I predict it will be lots more expensive because of all the positive results that students will report and will be used as testimonials.
Thank you for your in-depth explanation of GRC I really want to get started and land a job within the next two months but don't where to start. Also, I have zero money to start so, my back is against the wall please help.
I recommend visiting my Getting Started page ( jongood.com/getstarted/ ) where I've provided a lot of resources to help you. Also, if money is really a struggle right now, you might consider getting a part time job of some sort either to continue helping support you while you progress, or to help fund additional learning as you can. Free resources are "OK" but they rarely are going to give you everything that you need and typically they take longer to acquire more information.
Hey Jon, I have a question, if I work as a SOC Analyst and the company I work for uses NIST, SOC 2 and GLBA (just as example) although I’m not in the GRC, can I still put that on my resume if I understand the concepts of the frameworks? Like, include on my resume that I worked under the guidelines of those standards, assist on the creation and updates of playbooks/procedures, As long as I understand what those frameworks are and how they fit in the business even though I wasn’t the one who worked as GRC analyst directly?
Nearly every technology job, especially anything in security, is going to have responsibilities that are tied to standards like the ones that you've mentioned. That means you don't need to have a GRC title to be involved in those activities or to list them on your resume. Like anything where you have limited experience/exposure though, you should be cautious about not overinflating what you've done because that will be discovered in an interview.
Also I have extensive knowledge, experience, and passion when it comes to physical security especially pertaining to hospitals, healt care and inpatient psychiatric facilities as well as a pretty good handle on hopital, healthcare, and inpatient psychiatric institutions operations...as well familiarity and experience with HIPAA
As mentioned in my response to your other comment, I recommend grabbing my free eBook ( jongood.com/getstarted/ ), which includes a roadmap that anybody trying to get into cybersecurity should follow and additional important information. You need to build your foundational knowledge and skills first before you can effectively specialize.
Hey Jon, I have been working as a IT assurance auditor for 2 years at big 4 KPMG and I want to transition into GRC. What skills do I need to have a brush up on, and what are some more things I can add to my resume to make me more marketable?
I tell everybody working in this career field or trying to break into it that they first need to know everything I've included in my eBook's roadmap ( jongood.com/getstarted/ ). It's very common for people to have gaps in knowledge that will hold them back, so we first have to address that. Once you've satisfied the roadmap, start looking at the training that I've provided in this video and the description. Finally, start reading frameworks like ISO 27001 and NIST RMF and understand them. GRC isn't like other areas of Cybersecurity where you can spin up a lab and practice a lot of the stuff...it's about understanding the frameworks and then ultimately getting into a job with a real environment where you can continue to develop your understanding and skills in the application of GRC. Of course, all that comes after having a solid understanding of technology.
Hey Jon thanks for the info and videos. I’m interested in this type of work but am coming from a totally different industry/education backround. Studied criminal justice, but I am planning on getting into it/cyber. Planning on doing this training, googles cyber and CompTia and hopefully land a decent gig
You're welcome! I definitely recommend grabbing my free eBook ( jongood.com/getstarted/ ) where I provide a roadmap of skills and certifications to pursue.
@JonGoodCyber Thanks for the response. I think am looking for something specific. I feel like am stuck and I want to grow into probably more technical aspects of GRC to appear more valuable. Let me know what the next step is?
First, I recommend grabbing my free eBook ( jongood.com/getstarted/ ) and checking out the included roadmap. It's not uncommon for people in general, let alone in GRC, to have fundamental knowledge gaps that must be resolved as soon as possible. Next, I encourage you to complete some of the free training I've provided in this video and get a deeper understanding of at least 1-2 GRC frameworks (NIST, ISO 27001, SOC 2, HIPAA, etc.). As good as you feel like you know the frameworks from your day job, you probably don't know them to the level that really makes you stand out, and that will help you understand other technical areas where you can expand your knowledge. Third, I highly encourage you to sign up for Career Coaching at Cyber Training Pro ( www.cybertrainingpro.com/p/career-coaching ) to strategize on specific situations you're facing and how to adjust for those and fast-track your journey. Additionally, most resumes aren't nearly as good as they can be for a lot of reasons, and we can definitely help with that.
I recommend beginning with my Getting Started page ( jongood.com/getstarted/ ) and following the roadmap in my free eBook first. You need to build your foundation before you can move onto something more specific.
I recommend visiting my Getting Started page ( jongood.com/getstarted/ ) and grabbing my free eBook. One of the common misconceptions is that with GRC requiring less technical ability, you can skip over a lot of the fundamentals, which is definitely inaccurate.
More knowledge is certainly beneficial but keep in mind that these add onto what you already know, so you still need a solid foundation of knowledge/skills of things like networks, operating systems, etc.
Good question! Keep in mind that resources like this, and especially free resources in general, are more for your personal growth in knowledge as a professional, but they aren't going to be the difference maker in your ability to get hired.
You don't need to learn every training option, as it's more about consistency and improving over time. That said, it's situationally dependent, so there are always exceptions.
Q: I have a VA Voc Rehab (VRE) appointment coming up in about 10 days...What non free training options would you recommend for remote learning opportunities to prepare me and make me more employable in GRC and auditing? Also I am taking Isc2 freeccert cybersecurity training and prepping for exam soon and I am taking Cybersecurity Analyst and Business Analyst free training from Withyouwithme and I have signed up for the NIST Framework training
I have an Associates in cardiovascular technology specializing in vascular ultrasound but I have about a six year gap in my resume...not worked in six years.. due to injuries and Gulf War exposure....hence desire for a more cerebral and sedentary field
I recommend grabbing my free eBook ( jongood.com/getstarted/ ), which includes a roadmap that anybody trying to get into Cybersecurity should follow and additional important information.
Remember, these training options alone aren't going to turn you into a subject matter expert in GRC and you still need a solid foundation of skills and knowledge.
Honestly, there's not a lot of good options out there besides the official training for the CGRC. Maybe I'm missing something but I don't even see a way to get the official training materials like a study guide book unless you attend their course. Historically, it's been very focused on the NIST RMF when it was called the CAP, so understanding that is probably a good start at least.
Q: I'm currently in my final semester, AAs Information Technology-Security track. And planned on pursuing employment in a GRC role. 'SimplyCyber' offers an GRC Analyst Masterclass Course which was very economical for college students or someone with a limited budget. These free resources are fantastic. In your opinion should I start with the options you've given in this video then begin Gerald Auger Masterclass course? Because my college curriculum didn't give GRC that much focus. It was geared towards pen-testing and SOC analyst roles. Great video as always.
Keep in mind that just because something is free or low-cost, doesn't mean that employers actually value it or ask for it. GRC is one area where you can't really practice without being in a job that requires it. Your best resource would be to start reading through a framework, for example NIST RMF, and becoming comfortable with it. At the end of the day, understanding the framework is the core task in GRC and you aren't going to get there unless you read it, but certainly more knowledge in general won't hurt you. Also, it's important to understand that going into GRC doesn't mean you can't or shouldn't pursue certifications or other training as you still need a solid understanding of the fundamentals.
Opinion as far as what regarding PCI DSS? PCI DSS is a potential standard that might have to be implemented as part of a GRC program if you handle credit card transactions, but they aren't different areas or something, which I believe is what you are thinking.
I’m not sure if you mean two jobs within the same company or external jobs. It’s possible you might wear multiple hats in an organization but as far as external jobs, it would be fairly difficult if not against an employment agreement at least for multiple “full time” jobs.
I’m just telling you how it is…companies don’t like employees working for multiple companies and even more so if it’s in a similar area or for a competitor.
There are no barriers to taking the training options, but if you don't have a solid foundation, you're unlikely to get much value from taking them. Additionally, having experience will help understand the material and have context for how it's applied in the real world.
@@Sassysaash I recommend visiting my Getting Started page ( jongood.com/getstarted/ ) if you haven't yet, where I've provided a bunch of resources to begin your journey!
The best place to start is my Getting Started page ( jongood.com/getstarted/ ) that will walk you through what you need to know and learn with resources.
@@JonGoodCyber I really like your content. If possible please do make some videos on Threat Hunting and Vulnerability management alongside the popular SIEM like IBM X Force, CrowdStrike or ArcSight. I would love to see some learning resources from your end.
@@sambhavjain6929 I'm open to all kinds of cybersecurity content. That said, the content I make is driven by the interest I receive, so if it gets enough interest, it can certainly make the list! Of course, that's assuming that I can get access to the tools or technologies being requested.
What about it? This video is to provide free training resources. Also, the CCAK is a few years old at this point (released in 2021) and barely shows up in job postings.
No cert is enough to land a job, it's a fact in IT that you will have to face. The cert might get you an interview but that's it. Just like in any other industry position, you have to talk your way into being hired. It's not different in IT. I know it's not what you want to hear, but I hope this helps. Good luck out there.
People ask the question all the time on whether x cert is going to get you a job. In short like it’s said above, no cert will get you a job and you’ll need to get creative on a way to actually set up an environment to start showing you have actually used some of the knowledge you learned in the cert. That way in an interview, you can showcase or explain the work you’ve done in your own time and that will put you ahead of some (but not all candidates with a year or two of experience) candidates for entry level jobs. If you can’t get experience, go as far as you can on your own and give yourself that hands in experience with tools and technology
There's some good information in these responses. The fact is that BTL1 is an entry level certification for a Security Operations Center (SOC) job, but not for the actual career field as it assumes you already a solid foundation of knowledge. I recommend following the roadmap in my free eBook ( jongood.com/getstarted/ ) to build that foundation and only then start looking at certifications like BTL1. Certainly you can apply to jobs the entire time but the skills and certifications in the roadmap are going to be expected to show you are up to speed on what you need to know going into a position. Then of course you need a solid resume and to interview well.
Thank you for watching! The purpose of this video was to provide free training options with perspective on how they might be useful, not to give you a detailed walkthrough of the individual options and their content.
@@JonGoodCyber Yes, you have a lot of good information in your video and I learned a lot of good stuff. Lots of good information and I am planning on going into the GRC route. However, please note that in your first few minutes of your video, you do a lot of hand waving and I wish you could put diagrams (or even cartoons) in its place. In any case, thanks for doing the video.
Rude comments... I wonder if it's the images, gesticulations or the information that we are here for, regardless, thanks for dishing out so much info, your video was wholesome and awesome all at once. Kindly drop more videos on what else one would need to learn before applying for jobs, thanks a million.
@jonGoodCyber. Thank you for the video. This is a great video to start a career for someone who is starting in GRC domain. Thank you very much again which is more informative.
Thank you! Its crazy, I just woke up and while washing up to get ready for the day I was thinking to myself, "I wish there was some free training/certs for cyber security" and before i could even go to go google to check your video popped up as a suggestion 🤔😊
You're so welcome and I'm glad that you found the video!
Ok, I read and watched the video which provided all the info! Thanks so much!
Glad it was helpful!
Thank you for this video, this is amazing. Saved to review and take all the courses.
I'm coming from a medical field with no prior knowledge and not particularly interested in the technical aspects so GRC pathway is for me
I'm glad that you enjoyed the video! Keep in mind that you can't completely avoid understanding the fundamentals of how technologies work just by pursuing GRC. The major difference between "technical" and "non-technical" areas is the depth and type of knowledge that you need. I recommend grabbing my free eBook ( jongood.com/getstarted/ ) to understand the foundational knowledge that's expected for anybody in this career field.
Hey Jon!
I’m looking to break into tech .. I come from a healthcare background would you suggest a boot camp ? I’d like to go into GRC but some people say it’s so hard to break into it with a job. I did see your program which is a lot cheaper than a bootcamp
Thanks for sharing this video. I've landed a cybersecurity internship for this coming May and I'm trying to familiarize myself with roles within cybersecurity and start getting a headstart on what going to be expected of me.
Glad it was helpful! Internships are a great way to get more exposure to the career field where you won't face the same kind of stress as a full time role.
Thanks for sharing your knowledge brother I just got accepted to UCLA and I’m starting in a month but really geeking out on all your content to be ahead of the game.
I’ll be checking out NIST and just go from there GRC seems like the path I’ll be going for, I’m happy I did research before starting school because I thought cybersecurity was just one thing in general 😅
Awesome and thank you for sharing! I'm glad that you found the content helpful and good luck in your journey!
Thank you so much for this video! I was trying to see what I should take to go into GRC after earning the CompTIA Sec+ cert and this answered my question.
Glad it was helpful!
I am current student in the cybersecurity and I found myself I really fit into the GRC domain, maybe I need to spend more time to break into my first step into the market.
It's a great time to get into GRC! Remember, you need a solid foundation before you can start specializing in any area of this career field, which is why my eBook's roadmap is so helpful. ( jongood.com/getstarted/ )
I'm giving the GRC coursera course a look and while it's not as good as my MS, it is a decent course. I recently started my first contract position in GRC and engineering, so I'm using it to brush up.
The important thing is that this course DOES cover the mindset inconsistencies that you'll often find or face in CSec when dealing across departments. Unfortunately, overcoming objections or assumptions is a big part of working between IT or engineering, and other depts.
Success in this career field absolutely depends on your ability to sell a security culture and adoption of improved security. Is it difficult? Yes...Is it rewarding? Yes!
Thanks for this. I am in a PCI DSS training, and I expect to have secured a very good paying role by early fall. I am going through audit "scoping" now. Not exciting and very detail oriented. If you cannot handle micro-detailed work, look for another area of cybersecurity to pursue. I'm more settled and mature now. The only "excitement" I require from a work role is the pay scale. I'll get excited elsewhere.
Awesome...do you have a background in audit or GRC/cyber? PCI DSS is certainly a very popular standard for companies handling payments.
@@JonGoodCyber , no not at all. I am 70 years young, and this will be my fourth career, after being a stockbroker, insurance and annuity sales seller, an international airline service worker and now I am up for the GRC challenge. I am not interested in retirement. It's boring and your brain goes to pot. No thanks.
How are you getting your PCI DSS training? Self-paced or joined a class.
@@cerebralax, self-paced because a class with live training has been unaffordable to me. A live training is best, but one must get in where they fit in. The training suffered a setback because the man who put the course together realized he missed including several particularly important soft skill components that he swears makes all the difference in getting a higher paying GRC role.
To install the extra stuff, everyone's progress had to be reset to zero! I will not reveal the name of the training or the trainer because it is disrespectful to Jon. And it doesn't matter anyway, because the training has been closed to new students for around two months. When it is reopened, I predict it will be lots more expensive because of all the positive results that students will report and will be used as testimonials.
Great video!!! I think GRC is up my alley to break into the industry..
Awesome stuff and glad that you are excited about it!
Thank you Jon for this video.
You're welcome!
Q: Can I work as a cyber security even if I'm not a graduate of Information Technology or any computer-related college education?
There is no formal education requirement in most cases but it might help you become a more competitive candidate.
Thank you for your in-depth explanation of GRC I really want to get started and land a job within the next two months but don't where to start. Also, I have zero money to start so, my back is against the wall please help.
I recommend visiting my Getting Started page ( jongood.com/getstarted/ ) where I've provided a lot of resources to help you. Also, if money is really a struggle right now, you might consider getting a part time job of some sort either to continue helping support you while you progress, or to help fund additional learning as you can. Free resources are "OK" but they rarely are going to give you everything that you need and typically they take longer to acquire more information.
Hey Jon, I have a question, if I work as a SOC Analyst and the company I work for uses NIST, SOC 2 and GLBA (just as example) although I’m not in the GRC, can I still put that on my resume if I understand the concepts of the frameworks? Like, include on my resume that I worked under the guidelines of those standards, assist on the creation and updates of playbooks/procedures, As long as I understand what those frameworks are and how they fit in the business even though I wasn’t the one who worked as GRC analyst directly?
Nearly every technology job, especially anything in security, is going to have responsibilities that are tied to standards like the ones that you've mentioned. That means you don't need to have a GRC title to be involved in those activities or to list them on your resume. Like anything where you have limited experience/exposure though, you should be cautious about not overinflating what you've done because that will be discovered in an interview.
@@JonGoodCyber perfect! Maybe just saying that I have understanding of the concepts sounds better and I think would be enough then. Thank you so much.
Also I have extensive knowledge, experience, and passion when it comes to physical security especially pertaining to hospitals, healt care and inpatient psychiatric facilities as well as a pretty good handle on hopital, healthcare, and inpatient psychiatric institutions operations...as well familiarity and experience with HIPAA
As mentioned in my response to your other comment, I recommend grabbing my free eBook ( jongood.com/getstarted/ ), which includes a roadmap that anybody trying to get into cybersecurity should follow and additional important information. You need to build your foundational knowledge and skills first before you can effectively specialize.
THANK YOU, for this information
You are so welcome!
Hey Jon, I have been working as a IT assurance auditor for 2 years at big 4 KPMG and I want to transition into GRC. What skills do I need to have a brush up on, and what are some more things I can add to my resume to make me more marketable?
I tell everybody working in this career field or trying to break into it that they first need to know everything I've included in my eBook's roadmap ( jongood.com/getstarted/ ). It's very common for people to have gaps in knowledge that will hold them back, so we first have to address that. Once you've satisfied the roadmap, start looking at the training that I've provided in this video and the description. Finally, start reading frameworks like ISO 27001 and NIST RMF and understand them. GRC isn't like other areas of Cybersecurity where you can spin up a lab and practice a lot of the stuff...it's about understanding the frameworks and then ultimately getting into a job with a real environment where you can continue to develop your understanding and skills in the application of GRC. Of course, all that comes after having a solid understanding of technology.
Hey Jon thanks for the info and videos.
I’m interested in this type of work but am coming from a totally different industry/education backround.
Studied criminal justice, but I am planning on getting into it/cyber. Planning on doing this training, googles cyber and CompTia and hopefully land a decent gig
You're welcome! I definitely recommend grabbing my free eBook ( jongood.com/getstarted/ ) where I provide a roadmap of skills and certifications to pursue.
@@JonGoodCyber perfect I will do that thank you much!!
Q: Am currently a GRC analyst and been working for a while now. Am looking to scale up and am wondering if you could help.
Certainly I can help. Are you looking for guidance on something specific or just in general how to grow your GRC career?
@JonGoodCyber Thanks for the response. I think am looking for something specific. I feel like am stuck and I want to grow into probably more technical aspects of GRC to appear more valuable. Let me know what the next step is?
First, I recommend grabbing my free eBook ( jongood.com/getstarted/ ) and checking out the included roadmap. It's not uncommon for people in general, let alone in GRC, to have fundamental knowledge gaps that must be resolved as soon as possible. Next, I encourage you to complete some of the free training I've provided in this video and get a deeper understanding of at least 1-2 GRC frameworks (NIST, ISO 27001, SOC 2, HIPAA, etc.). As good as you feel like you know the frameworks from your day job, you probably don't know them to the level that really makes you stand out, and that will help you understand other technical areas where you can expand your knowledge. Third, I highly encourage you to sign up for Career Coaching at Cyber Training Pro ( www.cybertrainingpro.com/p/career-coaching ) to strategize on specific situations you're facing and how to adjust for those and fast-track your journey. Additionally, most resumes aren't nearly as good as they can be for a lot of reasons, and we can definitely help with that.
@@JonGoodCyber Perfect, sounds. will get started with material recommended but talk to you soon as I sign up the coaching class
I'm completely new to tech. How do I get started?
I'll like to study GRC. However, I am still a beginner.
I recommend beginning with my Getting Started page ( jongood.com/getstarted/ ) and following the roadmap in my free eBook first. You need to build your foundation before you can move onto something more specific.
@@JonGoodCyber thank you so much for this insight. I am very grateful.
Hi I finished the Google coursa cybersecurity about a month now and I like to get into grc roll what would I do as a new comer in the field
I recommend visiting my Getting Started page ( jongood.com/getstarted/ ) and grabbing my free eBook. One of the common misconceptions is that with GRC requiring less technical ability, you can skip over a lot of the fundamentals, which is definitely inaccurate.
Thank you.
You're welcome!
Hi mate thanks for the video. do you suggest doing all of these ? thanks sean
also im from the UK is NIST important to learn still
More knowledge is certainly beneficial but keep in mind that these add onto what you already know, so you still need a solid foundation of knowledge/skills of things like networks, operating systems, etc.
The platforms that you mentioned, are employers hiring people that are usurping this platforms? Especially, the free ones?
Good question! Keep in mind that resources like this, and especially free resources in general, are more for your personal growth in knowledge as a professional, but they aren't going to be the difference maker in your ability to get hired.
@@JonGoodCyber Thank you for your expertise!
Would you say it's advisable to learn all the training options available, or is that overkill?
You don't need to learn every training option, as it's more about consistency and improving over time. That said, it's situationally dependent, so there are always exceptions.
Q: I have a VA Voc Rehab (VRE) appointment coming up in about 10 days...What non free training options would you recommend for remote learning opportunities to prepare me and make me more employable in GRC and auditing?
Also I am taking Isc2 freeccert cybersecurity training and prepping for exam soon and I am taking Cybersecurity Analyst and Business Analyst free training from Withyouwithme and I have signed up for the NIST Framework training
I have an Associates in cardiovascular technology specializing in vascular ultrasound but I have about a six year gap in my resume...not worked in six years.. due to injuries and Gulf War exposure....hence desire for a more cerebral and sedentary field
I recommend grabbing my free eBook ( jongood.com/getstarted/ ), which includes a roadmap that anybody trying to get into Cybersecurity should follow and additional important information.
@@titaniumbowlingball4258 Is there any requirement for the Withyouinmind free cybersecurity training?
I’m studying for my security + with professor messer and now I would like to work towards becoming a GRC analyst, any suggestions, thank you.
Remember, these training options alone aren't going to turn you into a subject matter expert in GRC and you still need a solid foundation of skills and knowledge.
Great content
Thank you for the support!
Q: Well detailed explanation. Thanks for the information provided. What training will you recommend for ISC2 CGRC certification?
Honestly, there's not a lot of good options out there besides the official training for the CGRC. Maybe I'm missing something but I don't even see a way to get the official training materials like a study guide book unless you attend their course. Historically, it's been very focused on the NIST RMF when it was called the CAP, so understanding that is probably a good start at least.
Q: I'm currently in my final semester, AAs Information Technology-Security track. And planned on pursuing employment in a GRC role. 'SimplyCyber' offers an GRC Analyst Masterclass Course which was very economical for college students or someone with a limited budget. These free resources are fantastic. In your opinion should I start with the options you've given in this video then begin Gerald Auger Masterclass course? Because my college curriculum didn't give GRC that much focus. It was geared towards pen-testing and SOC analyst roles.
Great video as always.
Keep in mind that just because something is free or low-cost, doesn't mean that employers actually value it or ask for it. GRC is one area where you can't really practice without being in a job that requires it. Your best resource would be to start reading through a framework, for example NIST RMF, and becoming comfortable with it. At the end of the day, understanding the framework is the core task in GRC and you aren't going to get there unless you read it, but certainly more knowledge in general won't hurt you. Also, it's important to understand that going into GRC doesn't mean you can't or shouldn't pursue certifications or other training as you still need a solid understanding of the fundamentals.
Hello what is your opinion on pci dss do you have a video? And do you have a video comparing pci dss vs grc?
Opinion as far as what regarding PCI DSS? PCI DSS is a potential standard that might have to be implemented as part of a GRC program if you handle credit card transactions, but they aren't different areas or something, which I believe is what you are thinking.
Ok cool! Thank you. Now is it possible to stack them (work 2 jobs at the same time)?
I’m not sure if you mean two jobs within the same company or external jobs. It’s possible you might wear multiple hats in an organization but as far as external jobs, it would be fairly difficult if not against an employment agreement at least for multiple “full time” jobs.
@@JonGoodCyber well work for one company remotely and work for another remotely.
I’m just telling you how it is…companies don’t like employees working for multiple companies and even more so if it’s in a similar area or for a competitor.
Coursera GRC approach to managing cybersecurity
Awesome and let me know what you think!
Hi!
So, is psi dss the same as GRC?
It's PCI DSS, not pSi, but it is one of many potential frameworks that would fall under the responsibility of GRC, which is the overarching term.
@@JonGoodCyber Thank you! Yes, that was a typo, I appreciate that clarity.
Are these platforms for those with no experience at all?
There are no barriers to taking the training options, but if you don't have a solid foundation, you're unlikely to get much value from taking them. Additionally, having experience will help understand the material and have context for how it's applied in the real world.
@@JonGoodCyber Thank you.
I just want to make sure I have the right platform to start with. I have zero experience, other than ITIL 4.
@@Sassysaash I recommend visiting my Getting Started page ( jongood.com/getstarted/ ) if you haven't yet, where I've provided a bunch of resources to begin your journey!
@JonGoodCyber Will do. Much gratitude!
I'm a bus driver trying to break in to tech I am so nervous and don't know where to start
The best place to start is my Getting Started page ( jongood.com/getstarted/ ) that will walk you through what you need to know and learn with resources.
I actually want to write the report.
Which report are you referring to, and what's stopping you?
Good morning
Hello
@@JonGoodCyber I really like your content.
If possible please do make some videos on Threat Hunting and Vulnerability management alongside the popular SIEM like IBM X Force, CrowdStrike or ArcSight.
I would love to see some learning resources from your end.
@@sambhavjain6929 I'm open to all kinds of cybersecurity content. That said, the content I make is driven by the interest I receive, so if it gets enough interest, it can certainly make the list! Of course, that's assuming that I can get access to the tools or technologies being requested.
@@JonGoodCyber sure
where can i find this to do this?
Check the video description for the training links.
@JonGoodCyber ok thanks I managed to find it, and I'm doing the video slides right now. I appreciate it
What about the new CCAK from (Isaca and csa)?
What about it? This video is to provide free training resources. Also, the CCAK is a few years old at this point (released in 2021) and barely shows up in job postings.
Good evening from the UK. Is blue team level 1 cert enough to land an entry level job
No cert is enough to land a job, it's a fact in IT that you will have to face. The cert might get you an interview but that's it. Just like in any other industry position, you have to talk your way into being hired. It's not different in IT. I know it's not what you want to hear, but I hope this helps. Good luck out there.
People ask the question all the time on whether x cert is going to get you a job. In short like it’s said above, no cert will get you a job and you’ll need to get creative on a way to actually set up an environment to start showing you have actually used some of the knowledge you learned in the cert. That way in an interview, you can showcase or explain the work you’ve done in your own time and that will put you ahead of some (but not all candidates with a year or two of experience) candidates for entry level jobs. If you can’t get experience, go as far as you can on your own and give yourself that hands in experience with tools and technology
There's some good information in these responses. The fact is that BTL1 is an entry level certification for a Security Operations Center (SOC) job, but not for the actual career field as it assumes you already a solid foundation of knowledge. I recommend following the roadmap in my free eBook ( jongood.com/getstarted/ ) to build that foundation and only then start looking at certifications like BTL1. Certainly you can apply to jobs the entire time but the skills and certifications in the roadmap are going to be expected to show you are up to speed on what you need to know going into a position. Then of course you need a solid resume and to interview well.
The video is a good start, but please show diagrams and explanations of free trainings that we can do rather than a video of yourself talking
Thank you for watching! The purpose of this video was to provide free training options with perspective on how they might be useful, not to give you a detailed walkthrough of the individual options and their content.
@@JonGoodCyber Yes, you have a lot of good information in your video and I learned a lot of good stuff. Lots of good information and I am planning on going into the GRC route. However, please note that in your first few minutes of your video, you do a lot of hand waving and I wish you could put diagrams (or even cartoons) in its place.
In any case, thanks for doing the video.
@@swiswach3130 rude comment. I learned a lot and plan to do further research on the training options that he provided. Where’s your video?
Rude comments... I wonder if it's the images, gesticulations or the information that we are here for, regardless, thanks for dishing out so much info, your video was wholesome and awesome all at once. Kindly drop more videos on what else one would need to learn before applying for jobs, thanks a million.
@jonGoodCyber. Thank you for the video. This is a great video to start a career for someone who is starting in GRC domain. Thank you very much again which is more informative.