What’s standing in the way of your career crossover into cybersecurity?

Have you heard of the Governance Risk & Compliance (GRC) function, or that’s awesome and underrated? In solving the catch 22 problem of cybersecurity hiring managers wanting experienced applicants to add value from day one, and applicants wanting a shot to get that experience, GRC is a great feeder role for you to break through.

In 2020 I didn’t know what the GRC acronym stood for while I was working in Accounting Compliance. But I heard that cybersecurity had a hot job market and the most compelling mission in business: to fight crime, espionage and war in the fifth domain of cyberspace. So when I then discovered a “get your dream cybersecurity job course,” I took the plunge and it ended up being a catalyst to my breaking in shortly after. I found meaningful work and meaningful relationships (which is what it’s all about) on the other side of a mid-career transition. Now in this GRC Skills, Methods, Mindset email course my goal is to help open up that possibility for you.

Here’s a super-high level roadmap of how to break into Cybersecurity GRC:

Drawing from experiences as a GRC practitioner and leader, my goal is to help remove barriers that stand in the way of pivoting your career into GRC. Or if you’re already here, elevating your GRC program to better protect and enable the business.

Here's what we will cover

Day 1: Why is GRC awesome and underrated?

Does it raise a skeptical eyebrow when I say that I really enjoy working in Cybersecurity Governance, Risk, and Compliance (GRC)? If so, let's fix that. Since crossing over from Finance in 2020, I've found GRC to be awesome, underrated, and not well understood.

Day 2: What is Cybersecurity GRC?

Learn:

  • The best definition of cybersecurity

  • A 49 second GRC service catalogue elevator pitch

  • Where GRC fits in the cybersecurity organization

Day 3: Learn 2-4x faster by getting immersed and inspired by excellent books, podcasts and blogs

It makes the training fun.

Day 4: GRC Methods

Governance

The G in GRC is important! We know this because NIST recently elevated governance from a component of the IDENTIFY function in CSF v1.1 to to becoming it’s own function central to all others in CSF 2.0. Find excellent industry templates to provide a foundation for governance with policies, standards and procedures.

Risk Explainer and Risk Assessment Template

Learn about due diligence, due care and reliability achieving objectives with effective risk management.

Compliance Primer

Scenario: It’s Friday afternoon, and you just got told that Sarah, who normally handles the audit, is unexpectedly out of the office. The auditors show up Monday at 8:00 AM, and you’re the new quarterback. Good luck!

Get my roadmap on how to lead the orchestra of an audit through the phases of plan, execute and report. Also get my GRC audit work paper template to:

  • Be provably compliant

  • Reduce churn with a timely review process

  • Be brief, be brilliant, be gone!

Day 5: GRC Certification Roadmap v1.0

Love them or hate them, hiring managers prefer certified candidates. But which ones to pick from the alphabet soup?

Day 6: Is GRC a Fit for Your Personality Type?

If you can find ‘fit’ with a job in cybersecurity, it can lead to a sense of purpose that makes your career self-propelling. That why fit keeps coming up in discussions of performance, retention and engagement. In this lesson I provide a DiSC assessment of an open job posting and the Cybersecurity Control Assessor (SP-RSK-002) work role from NICCS.

Day 7: Understand the Job Market and Narrow Down Your Target Job

Check out:

  • Recent job data from the Bureau of Labour of Statistics, ISC2’s cybersecurity workforce study and Cyberseek.org

  • My interview with a CISO on navigating cybersecurity skills shortage and job market hype

  • A Reddit discussion I started that received 75k views and 109 comments in 2 days: “Should Aspiring Cybersecurity Professionals Join the Industry Right Now? Yes or No - Who’s Right”?

Day 8: Get There Faster with a 70-20-10 Exeriences-Relationships-Education Career Development Plan

  • Includes a lecture/rant and GRC Analyst CDP template

Day 9: Get Past the HR Firewall

  • Understand the other side of the table by reading the open source Cybersecurity Hiring Manager Handbook

  • Optimize your LinkedIn profile,

  • Use a targeted, persistent job application approach

  • Learn cyber recruiter advice for resume gold

  • Adopt a job hunter’s mentality

  • Network relentlessly and get after it!