🎯 Key Takeaways for quick navigation: 00:00 🎯 Gerald Auger introduces the topic of GRC (Governance, Risk, and Compliance) in cybersecurity and aims to answer questions about it in the video. 01:11 🏢 GRC (Governance, Risk, and Compliance) is a crucial aspect of cybersecurity and offers a great career path, allowing professionals to engage with the business side of an organization. 05:48 📜 Compliance Analysts focus on checking whether specific controls are in place, while Risk Analysts assess the likelihood and impact of potential risks, enabling a smooth career progression in the GRC field. 08:42 🧩 GRC fits into an organization under the CISO, handling governance, policy, procedures, and audit aspects, while Security Operations (SecOps) handles incident response and blue team functions. 10:47 🌟 Entry-level GRC roles, like Compliance Analyst positions, are a great on-ramp into cybersecurity, especially for individuals without an IT background. Federal IT contractors often offer entry-level GRC positions and are open to training candidates. 19:41 💼 CMMC (Cybersecurity Maturity Model Certification) is becoming crucial for organizations working with the government, and being certified or familiar with it can be a valuable skill for cybersecurity professionals. 21:05 🎓 Recommended certifications for GRC Analysts include CISA (Certified Information Systems Auditor) and HIPAA-related certifications. 22:01 🛡️ GRC roles require some basic technical knowledge, such as understanding networking and operating systems, to ensure effective audits and assessments. 23:24 📚 NIST (National Institute of Standards and Technology) Cybersecurity Framework is a great starting point for learning GRC standards and best practices. 24:22 💼 Practical Enterprise Risk Assessment course by the speaker is a resource for learning compliance auditing and risk assessment in GRC. 25:51 📝 Excellent written and verbal communication skills are essential for GRC Analysts to effectively communicate with the organization and information security teams. 29:51 💡 NIST CSF (Cybersecurity Framework) and ISO 27001 are recommended standards for GRC, with CSF having more community collaboration and industry practice behind it. 30:06 🔀 CMMC (Cybersecurity Maturity Model Certification) is a subset of controls within NIST CSF, and compliance with CSF would cover the requirements of CMMC. 34:10 📚 NIST Special Publications 800 series provides comprehensive documentation on various cybersecurity topics, including risk assessments and supply chain risk management. 39:03 🗣 Effective communication skills are critical for GRC Analysts to bridge the gap between information security and the organization's business needs. 41:48 ☁️ Cloud security and identity and access management are in-demand areas within cybersecurity, making certifications in these fields valuable for GRC-focused roles. 42:31 📑 GRC (Governance, Risk, and Compliance) is a great entry point into cybersecurity and offers an easier on-ramp. 43:12 🎓 Recommended certifications for GRC include CMMC certified practitioner, ISACA CISA, and industry-specific compliance certifications. 43:41 🚀 GRC roles do not require a minimum certification, making it a flexible and forgiving career path. 45:34 💡 Transitioning from a network security role to GRC can involve integrating GRC-type activities into your current role to showcase expertise and interest. 46:59 📝 Before conducting any assessment, create an audit plan, identify key stakeholders, and schedule focused interviews to gather necessary information. 51:14 📊 Familiarize yourself with risk management frameworks like MITRE ATT&CK and NIST 800-171 to enhance your understanding of GRC processes. 52:10 📝 Don't be overly attached to risk assessments, as some organizations may not prioritize cybersecurity until they face a significant incident. 57:35 🏛 Made with HARPA AI

Thank You! I have been making this too hard! I am actually working in a GRC environment and didnt know it... I am a contractor for BAH, working with the VA hospital. You have simplified my approach to my job... Thank you !

Thank you for this. Contemplating to pivot careers from the academe/research to cybersecurity and I have very minimal technical know-how and your discussion of this path is very helpful. :)

Love your videos! I'm learning so much from each video. Could you please do a video on explaining Auditing in more detail and the tools needed for the role. Preferably a day in the life of an Auditor would be great. My background is software tester and BA on SDLC (Waterfall and Agile), and I would like to switch to Cyber Security and deciding on which role. Audit seems interesting, but I'm open to other roles. I prefer non-coding roles.

Loved the balance between the GRC talk and the kids demanding attention. Thanks!

Looking to pivot to GRC. My background is in business / finance. The company I work for has an internal program to get certificates and training on new roles. (One of which is GRC Analyst) Glad i found your channel :)

Can you do another one of these please?😊

Hey! Don Junior will be our GRC coach! Haha!

Thanks Gerald. I am struggling with my current role in GRC. Watching your videos to know more lay my feet firmer.

Hey Gerald,what are the tools to succeed as a GSC Analyst coming from a zero background in IT?

Also I have some experience with physical security especially as it pertains to hospital security, health care, and inpatient psychiatry, I have an Associates in Cardiovascular Technology (specialty in vascular ultrasound) and familiarity with HIPAA...I am a very strong report writer and very good at finding errors as well as I have strong analytical thinking and pattern recognition and also very steong on customer service...

Good morning Gerald...I have a meeting coming up with VA Vocational rehab (disabled veteran(and I need a plan I have taken isc2 training not taken the exam yet, and I have been taking withyouwithme courses on cyber security analyst and business analyst...I also killed our only working PC in the process (long story)...My goal is to find and entry level role in GRC, Info Sec, auditing space...any suggestions?

Thanks for posting. Looking forward for more GRC career content soon. Will you do a GRC interview questions/how to crush a GRC interview video?

I have a second phase of Compliance analyst interview. Could you please give some examples of some challenges a compliance analyst could face at work? Than you.

Awesome video to watch in conjunction with The Definitive GRC Master Plan

Hi Gerald. Have you been able to create the Practical Risk Assessment course? I already bought your Definitive Guide to GRC course.

I would be moving into IT - Risk Application Governance role. I was from Financial Services ( Operations ) field, but, yes I had a very good inclination towards Risk. I gathered info and found that Risk and Governance and Compliance go hand in hand. I am looking to get some experience in my job, and then, side by side, would be trying to get certified in CRISK from ISACA. Please tell me if i am going in right direction and what approach should I follow to enrich my experience, exponentially grow in this sector and can see myself valued Professional after 5-6 years from now. I gaurantee that I do enjoy learning things. Please guide. Also, thank you very much for this beautiful video 🙏

Great content. Amazing setup. Thanks

What's the difference between GRC AUDET and GRC analysis?

Excellent. Any online resources for NIST

Hi Gerald. I am new to GRC. I have 5YOE on internal audit and finance compliance. One of my coworkers, who was a IT auditor got a lead GRC analyst job and since then trying to talk me into the area too, as she felt that I have really good sense. My question is as a CPA, will it be a good route for me? And for me without a solid IT background, will there be a bottleneck in terms of career advancement? I am willing to learn more about IT control and cyber security, maybe getting a CISA but going back to school to get an IT degree won't be a choice for me now. Thanks

Loved this! You mention DISCORD, STREAM...I'm lost! But want to join worthwhile communities etc. Guidance appreciated.

Very informative video. Thanks for sharing it with the world!

Hi Gerald, I went to the link and noticed the CMMC level 3 guide is unavailable as of now. Any idea when it will be available for download?

Hi Dr. Auger, I'm not sure if you answered this yet but you mentioned having a class coming soon, would that be the grc masterclass you have available on your website?

Any pointers for someone who just starting off and looking for a break through with entry-level.

Thank You Gerald

Are SIEM skills valuable for risk analysis?

Thank you Mr. Auger, great AND timely content. You are appreciated

Hello Sir, what is the difference between an ISSO and a GRC Analyst? Can you make a video comparing the 2? If you could also reply to this comment, that would help me tremendously 🙏

Is there a KPI or scorecard that can be established to measure success(or performance) of GRC teams or analysts? Great episode by the way. Looking forward to be able to join live next time!

Hi Gerald. Thank you for the high quality video. I have a BBA in Cybersecurity and recently got Security+ and Rangeforce SOC Analyst 1 badge. Unfortunately I have no job experience or internship. I do have a home lab and I mention it in my resume. Do you think I should go ahead and start as a IT support or try my luck for an entry GRC role? Thank you.

What would the career path between GRC analyst and CISO be?

I live in dc and I’m going to take a grc bootcamp what are the chances I’ll find a high paying job to start?

Hello, thank you for sharing. What’s your thoughts on getting a nonprofit compliance with no framework in place?

I have working in SOC for 3+ years. I need to move into GRC. What can I do to start from the scratch

Keep the chat please.

Wow what an amazing video!!

Thanks for this informative video, see you next time.

I have been your follower, but this is my first time asking/commenting, I am very confused on what cert. I should go for, I am very much interested in GRC and I have Security+, also working on my BA in Cybersecurity, would u pls suggest if any cert out there I should start studying? thanks. and what is your intake on cloud Security? u think it is very technical ? WHAT DO U THINK GRC WITH THIS PATH?

Im new here.i want to learn how to be a grc Analyst.

I'm a school teacher looking to switch careers and it sounds like GRC analyst is the job for me, right now I'm working to get my Security+ certification and I have two interviews at the end of this week. Do you have any advice or hints for me. I really would like to get one of these jobs. My experience comes from what I did teaching and how I interned with the IT support at my schools

How do you like living in Charleston?

Hi Gerald. I was a business analyst, and I moved to overseas to finish my degree (from school in Illinois). So I’ve developed those soft skills. Do you think that grc is a good stepping stone to becoming more technical?

thanky you

Is it possibly for a technical writer to get into GRC? I write documentation for software provided by a leading data and identity security vendor. I wonder if writing highly technical documents and working with subject matter experts to gather information for users would be considered enough skills to break in.

#TeamReplay

Can a non-IT guy make career in GRC?

Lol working from home!

18:56

16min in and it sounds absolutely horrible and confusing.

#TeamReplay