How to Break into Cybersecurity GRC: 3 First Steps (Rant Epilogue Part 1)

Рет қаралды 10,296

Steve McMichael - CPA to Cybersecurity

9 ай бұрын

People on Reddit are engaging in the cybersecurity GRC (Governance, Risk & Compliance) careers conversation. My rant part 1 about why GRC is underrated in 48 hours got 92 thousand views, 231 shares, 195 upvotes and 143 comments. If you’ve already joined into that discussion thank you - this is super cool to be bringing newcomers into the conversation. And if you haven’t yet, jump on in.
See if GRC is a good fit for you, either for the long haul or as a temporary rotation to enrich your skills that you bring somewhere else. I’ve found it to be a great place for meaningful work and meaningful relationships - which is what it’s all about, and I think more people can do the same - if as a community, can give candidates a realistic job preview of what GRC is and what it isn’t.
Views expressed are my own. Questions and feedback are welcome.
REFERENCES
Reddit r/cybersecurity discussion: Why careers in cybersecurity GRC are underrated: / why_careers_in_cyberse...
NIST Cybersecurity Framework (CSF) v1.1: www.nist.gov/cyberframework/f...
Forbes, Team Building: Minders, Finders, Grinders by Keenan Beasley
www.forbes.com/sites/keenanbe...
Cybersecurity Cannon Book Reviews, Ohio State University icdt.osu.edu/cybercanon/bookr...
Darknet Diaries darknetdiaries.com/
Risky.Biz risky.biz/
Your Cyber Path Mind Map: / 1236374733563650049
IRRESISTIBLE: How to Land Your Dream Cybersecurity Position, Kip Boyle, Jason Dion: www.udemy.com/course/irresist...
Harvard Business Review, A Simple Way to Map Out Your Career Ambitions by Marc Effron hbr.org/2018/11/a-simple-way-...
Cloud Security Office Hours
www.cloudsecurityofficehours....

Пікірлер: 39

@loganlj4 9 ай бұрын

Great! I was waiting for this. I have my sights set on cyber GRC, now to put in the work.

@cpatocybersecurity 9 ай бұрын

Awesome. Get after it and good luck! I’m open to questions along the way.

@tammiealexander7102 7 ай бұрын

Just finished my master’s in cybersecurity with a concentration in IT management after doing the part for GRC in my course, I’m going for that. First video I’ve seen of yours. Love the content. Subscribed!

@cpatocybersecurity 7 ай бұрын

Congrats on finishing your masters degree and thanks so much for the comment! More to come and feedback welcome.

@ealaj32 4 ай бұрын

Currently a commercial fire alarm inspector who deals with major airports along with hospitals among others. I am definitely all in on breaking into the cyber security space and came across GRC as something I can correlate to the job. I do now as doing inspections on fire life. Safety systems for hospitals is somewhat like being an auditor. I'm thankful for your information and I hope I can get on the right path to break into this career field. Thank you.

@cpatocybersecurity 4 ай бұрын

That is awesome. Sounds like great transferable skills.

@francisfrancis1153 8 ай бұрын

Thanks. Plus you know how to talk well enough. I love GRc and this is my shortcoming. Lol

@cpatocybersecurity 8 ай бұрын

Thanks for the comment and great to find more GRC advocates out there!

@danielnbompa-turay9690 4 ай бұрын

first-timer.....great to be here!

@cpatocybersecurity 4 ай бұрын

Thanks for watching and the comment!

@daniel_uba 9 ай бұрын

Thanks for sharing sir

@cpatocybersecurity 9 ай бұрын

Thanks for watching and let me know if there are any particular topics of interest for follow up videos.

@Tricey2 9 ай бұрын

My goal is to get inro GRC, thank you.

@cpatocybersecurity 9 ай бұрын

Thanks for watching and the comment!

@t-roy1605 8 ай бұрын

It's not fair this guy could dye his hair black and look like he's 20 again if he wanted. Edit: Also great video and a very nice insight from someone I haven't seen before. I think you're going to do great on KZbin! Sub'd!

@cpatocybersecurity 8 ай бұрын

Thanks dude!

@francisfrancis1153 8 ай бұрын

Thanks for sharing. I have been doing compliance work for a small part of the Australian ISM and feel it's too narrow. I'm looking for better ways to learn and understand GRC better. What information can you give someone who wants to pursue GRC in the cloud?

@cpatocybersecurity 8 ай бұрын

Thanks for watching and the question. One idea is to offer to get involved in Supply Chain Risk Management, for example as a reviewer of vendor SOC2 reports.

@francisfrancis1153 5 ай бұрын

@@cpatocybersecurity thanks for this advice.

@stevenboettcher7287 9 ай бұрын

what are your thoughts on the GRCP and GRCA certs offered by OCEG?

@cpatocybersecurity 9 ай бұрын

I haven't pursued them myself or seen them in job postings. I do have a colleague with them who I can ask this week and get back to you. Anything that provides candidates an edge to add more value on day 1, shows their ability to follow through on a commitment, and to show passion/interest in GRC sounds good to me.

@cpatocybersecurity 9 ай бұрын

I skimmed through the 215 page OCEG Red Book and generally liked what I saw. I plan to revist it later on down the road. One knee-jerk reaction I have at this early impression of the Red Book (for what it's worth) and from talking to my colleague is that a new candidate might get better, more practical value (and brand recognition on a resume) from: (1) something free and established as an industry standard like reading NIST CSF, skimming NIST RMF and NIST 800-53, (2) a more industry standard cert like Security+, (3) This "GRC Masterclass" simplycyber.teachable.com/, or Udemy for Security+, CSF and RMF).

@stevenboettcher7287 9 ай бұрын

Thank you. Did you colleague say that he feels like these certs benefited his career?

@cpatocybersecurity 9 ай бұрын

They didn’t remove a specific barrier as he was already in GRC but were helpful to broaden and deepen his understanding of how to run and execute an effective program. Hope that helps and thanks for the questions!

@rsambhuvlogs 5 ай бұрын

Thanks for the information. I just got my security+ certification and have nearly 6 years of experience(Networking, Sys Admin, also got a Cyber Sec Graduate Certificate). I am now planning to break into this field. But I really don't know if there are any jobs that hires someone with 0 audit experience? Because I haven't seen any. In such cases does certs like CISA or any other audit related certs helps? If yes, which one should I pursue? Please help.

@cpatocybersecurity 4 ай бұрын

Kudos on Security+! In tackling the chicken before the egg problem one approach can be to network, find a mentor and ask for a stretch assignment in an audit or compliance department. If that isn't an option yes something like the CISA cert can help to provide foundational knowledge and demonstrate commitment to this career direction. Your technical background would be a valuable asset to offer to a GRC hiring manager. Simply Cyber has a discord server that might be a helpful resource for networking. I hope that helps and welcome further questions.

@rsambhuvlogs 4 ай бұрын

@@cpatocybersecurity Thanks for the response. I will try those things you mentioned. Also I will try the discord server.

@onyijenny 8 ай бұрын

I'm a Chargeback Specialist. I recently became a certified fraud examiner. I want to go into GRC. Pls, do you have any advice for me? I currently lack direction on how to start

@cpatocybersecurity 8 ай бұрын

Thanks for watching and the comment. Are there any ideas from here that you think you could apply to GRC? danielmiessler.com/p/build-successful-infosec-career/

@onyijenny 8 ай бұрын

@@cpatocybersecurity thank you.. I will check the link out

@umunnaugochukwu8824 Ай бұрын

I currently want to pivot into grc cybersecurity.i am a banker right now what certifications can i do

@cpatocybersecurity Ай бұрын

Security+ might be a good target. I just posted a GRC Certification Roadmap video you are welcome to check out. If you have any more questions, just let me know.

@d.w.4319 7 ай бұрын

For those of you wondering what cert to get if you dont have the experience to get the cisa certification..... Cant go wrong with getting security plus. As far as federal government is concerned, thats what they look for at a minimum for Cybersecurity jobs. You dont need any experience to sit for that exam. Question.....which jasion dion course did you take that provided you with the mind map?

@cpatocybersecurity 7 ай бұрын

Agree! Here's the mind map: twitter.com/CyberPathMaker/status/1236374733563650049, and I've taken various Dion Training courses including for Security+ to help me get the CISA. Here's a Your Cyber Path course with Jason Dion and Kip Boyle: www.udemy.com/course/irresistible-cybersecurity/

@d.w.4319 7 ай бұрын

@cpatocybersecurity thank you sir!

@cacogenicist 5 ай бұрын

That Google cyber security overview certificate might not be a bad idea either -- as in, get both; the Google cert apparently tracks with the Sec+, is good study, and it offers a Sec+ discount, while being practical including getting your hands dirty a bit with Linux, Python, and SQL, and such.

@cpatocybersecurity 5 ай бұрын

@@cacogenicist agree! I recall some IT fundamentals type KZbin videos from Google in I think the 2019-2020 timeframe and found them to very helpful and interesting/enjoyable to watch.

@adanwoye1786 5 ай бұрын

Can i get into grc with out any degree?? Preparing for my security plus exam

@cpatocybersecurity 5 ай бұрын

Great question and I touch on it around 4 mins 45 seconds into my "Your Cybersecurity Career Plan Video". Cyberseek.org does indicate that a high number of GRC-like job postings ask for a degree, but (1) "it's not how you stand beside your car, it's how you race your car" - Fast and Furious (2) "You are your projects" - Daniel Miessler. Please check out my related video and let me know if you have any other questions. Also kudos going for Security+. That's a great cert for breaking into GRC.