- CPA to Cybersecurity
- Pages
- How to Break Into GRC đ„ Email Course (Free)
Whatâs standing in the way of your career crossover into cybersecurity?
Have you heard of the Governance Risk & Compliance (GRC) function, or thatâs awesome and underrated? In solving the catch 22 problem of cybersecurity hiring managers wanting experienced applicants to add value from day one, and applicants wanting a shot to get that experience, GRC is a great feeder role for you to break through.
In 2020 I didnât know what the GRC acronym stood for while I was working in Accounting Compliance. But I heard that cybersecurity had a hot job market and the most compelling mission in business: to fight crime, espionage and war in the fifth domain of cyberspace. So when I then discovered a âget your dream cybersecurity job course,â I took the plunge and it ended up being a catalyst to my breaking in shortly after. I found meaningful work and meaningful relationships (which is what itâs all about) on the other side of a mid-career transition. Now in this GRC Skills, Methods, Mindset email course my goal is to help open up that possibility for you.
Hereâs a super-high level roadmap of how to break into Cybersecurity GRC:
Drawing from experiences as a GRC practitioner and leader, my goal is to help remove barriers that stand in the way of pivoting your career into GRC. Or if youâre already here, elevating your GRC program to better protect and enable the business.
Here's what we will cover
Day 1: Why is GRC awesome and underrated?
Does it raise a skeptical eyebrow when I say that I really enjoy working in Cybersecurity Governance, Risk, and Compliance (GRC)? If so, let's fix that. Since crossing over from Finance in 2020, I've found GRC to be awesome, underrated, and not well understood.
Day 2: What is Cybersecurity GRC?
Learn:
The best definition of cybersecurity
A 49 second GRC service catalogue elevator pitch
Where GRC fits in the cybersecurity organization
Day 3: Learn 2-4x faster by getting immersed and inspired by excellent books, podcasts and blogs
It makes the training fun.
Day 4: GRC Methods
Governance
The G in GRC is important! We know this because NIST recently elevated governance from a component of the IDENTIFY function in CSF v1.1 to to becoming itâs own function central to all others in CSF 2.0. Find excellent industry templates to provide a foundation for governance with policies, standards and procedures.
Risk Explainer and Risk Assessment Template
Learn about due diligence, due care and reliability achieving objectives with effective risk management.
Compliance Primer
Scenario: Itâs Friday afternoon, and you just got told that Sarah, who normally handles the audit, is unexpectedly out of the office. The auditors show up Monday at 8:00 AM, and youâre the new quarterback. Good luck!
Get my roadmap on how to lead the orchestra of an audit through the phases of plan, execute and report. Also get my GRC audit work paper template to:
Be provably compliant
Reduce churn with a timely review process
Be brief, be brilliant, be gone!
Day 5: GRC Certification Roadmap v1.0
Love them or hate them, hiring managers prefer certified candidates. But which ones to pick from the alphabet soup?
Day 6: Is GRC a Fit for Your Personality Type?
If you can find âfitâ with a job in cybersecurity, it can lead to a sense of purpose that makes your career self-propelling. That why fit keeps coming up in discussions of performance, retention and engagement. In this lesson I provide a DiSC assessment of an open job posting and the Cybersecurity Control Assessor (SP-RSK-002) work role from NICCS.
Day 7: Understand the Job Market and Narrow Down Your Target Job
Check out:
Recent job data from the Bureau of Labour of Statistics, ISC2âs cybersecurity workforce study and Cyberseek.org
My interview with a CISO on navigating cybersecurity skills shortage and job market hype
A Reddit discussion I started that received 75k views and 109 comments in 2 days: âShould Aspiring Cybersecurity Professionals Join the Industry Right Now? Yes or No - Whoâs Rightâ?
Day 8: Get There Faster with a 70-20-10 Exeriences-Relationships-Education Career Development Plan
Includes a lecture/rant and GRC Analyst CDP template
Day 9: Get Past the HR Firewall
Understand the other side of the table by reading the open source Cybersecurity Hiring Manager Handbook
Optimize your LinkedIn profile,
Use a targeted, persistent job application approach
Learn cyber recruiter advice for resume gold
Adopt a job hunterâs mentality
Network relentlessly and get after it!