- CPA to Cybersecurity
- Posts
- GRC Certification Roadmap
GRC Certification Roadmap
Recommended Training and Certs v1.0
Table of Contents
Do We Really Need More Cybersecurity Certs?
The cybersecurity certification landscape has exploded in recent years, with new training offerings popping up seemingly every month. Hiring managers often prefer certified candidates because employee loyalty isn’t what it used to be, but do we really need more certs after this alphabet soup?!
Some experts say yes, citing issues with existing certifications being created in a vacuum without hiring manager input, focusing too much on knowledge and not enough on practical skills, and rising costs. But what really determines the value of a certification?
It comes down to employer recognition and demand. If a cert isn't on the job description, hiring managers might not know what it is, or worse, your resume might not even make it past the applicant tracking system (ATS). It's frustrating for applicants, but understandable given the high volume of applications employers receive.
That said, less well known certifications and courses can still be valuable. They unlock resume bullets that get recognized and teach you new skills to apply in your current role, opening up new opportunities to add value. That’s been my experience in bringing the NIST Cybersecurity Framework (CSF) back to my day job, or starting to make videos for Security Awareness training after taking the GRC Masterclass, as one example.
So what certs are in demand? According to job postings on Cyberseek, Security+ dominates a top 6 list as follows:
The certification landscape has evolved significantly since 4th placed Certified Information Systems Auditor (CISA) launched in 1978, with significant price increases as the industry has grown. Some consider higher prices a "cash grab” by now bureaucratic large organizations.
Year | Company | Cert or Course |
---|---|---|
1978 | ISACA | CISA |
1994 | ISC2 | CISSP |
2002 | Comptia | Security+ |
2005 | BSI | Lead Auditor ISO27001 |
2012 | SANS | GCCC |
2015 | ISC2 | CCSP |
2022 | Simply Cyber | GRC Analyst Masterclass |
2023 | Cybersecurity Professional Certificate | |
2023 | Simply Cyber | Cyber 101 |
2024 | AKYLADE | Certified Cyber Resilience Fundamentals (CCRF) |
2024 | AKYLADE | Certified Cyber Resilience Practitioner (A/CCRP) |
2024 | AKYLADE | Certified Risk Management Fundamentals (CRMF) |
2024 | AKYLADE | Certified Risk Management Practitioner (CRMP) |
2024 | AKYLADE | Certified AI Security Fundamentals (CAISF) |
2024 | AKYLADE | Certified AI Security Practitioner (CAISP) |
Enter innovative startups like Simply Cyber and AKYLADE, aiming to provide leaner, practitioner-focused offerings at lower costs. They're able to get closer to what hiring managers actually need today, which is why they’re central in my GRC Cert Roadmap below and my affiliation with them.
And they may not be as recognizable as the ones in the ATS, but the resume bullet points they unlock are.
Bottom-Line
Of course, certifications alone don't qualify you to do the job - that's the "paper tiger" problem. Certs have gotten a bad rap because of this, but writing them off entirely means missing opportunities. They're a starting point for getting your foot in the door, especially if you lack experience. And you might actually learn something useful! Education is the smallest but a crucial part of a 70-20-10 Career Development Plan.
Certs will get you the interview, not the job
What Certs Are Best for GRC?
Great question for which I’ve made this roadmap and compiled some cost comparisons below. Views expressed are my own and feedback is welcome. Which ones are you getting after and which ones did I miss? Let me know in a YouTube comment, subscribe to my blog and reply to the welcome email, or find me outside 9×5 on the Simply Cyber Discord under grc-team-life.
Appendix 1: GRC Certification Roadmap
Beginner
Intermediate I
Intermediate II
Expert
Appendix 2: Prep + Exam Costs
Shortlist of Recommended Options
Runners Up
Table
Renewal fee comparison
Organization | Cert | Annual Dues (USD) |
---|---|---|
ISACA | CISA | $185 ($145 Membership + $45 Maintenance) |
ISC2 | CISSP | $135 |
CPA Ontario (and Canada) | CPA | $621 |
AKYLADE | CCRF, CCRP, CRMF, CRMP | $17 ($50 every third year) |
Year Introduced
On the DoD 8140 List?
Appendix 3: NICCS Education & Training Catalog Comparison to Simply Cyber Academy
Keywords searched for: GRC, CISA
Change Log
Version 1.5 Update Dec 27, 2024
Added Appendix 3 NICCS Education & Training Catalog Comparison to Simply Cyber Academy
Version 1.4 Updates Dec 7, 2024
Added ISACA cost table for CISA, CRISC, CISM, CGEIT
Added a renewal fee comparison
Added exam prep costs CRISC, CISM, CGRC
Version 1.3 Updates Nov 21, 2024
Updated CCRP prep and exam prices, CRMF exam price
Version 1.2 Updates Sept 24, 2024:
Updated Appendix 2: Prep + Exam Costs
Version 1.1 Updates on August 11, 2024:
Moved GRC Masterclass to Beginner from Intermediate I
Moved A/CRMF to Intermediate I from Beginner
Added A/AISF and A/AISP