Risk Management Fundamentals

Feb 18 Simply Cyber Academy Lunch & Learn: Part 1 of 3

Author

Steve McMichael
February 16, 2025

Hey there, đź‘‹ 

Looks like a good turnout is expected for my Simply Cyber Academy Lunch & Learn on Tuesday at 1:00 PM ET. If you haven’t already registered, come join for learning and good times!

Watch live on LinkedIn or YouTube 📺️ using the links below. The Simply Cyber community chat on YouTube is the more fun option, IMO.

You’ll also find here the content for Part 1 of the presentation. 📚️ 

Be safe, be well,

Steve

Linkedin

Tuesday Feb 18 @ 1:00 PM ET

www.linkedin.com/events/7295186872232747009

Introduction

When you think about breaking into cybersecurity at an entry level or making a mid-career transition into GRC, it can feel like staring at a mountain. ⛰️ Where do you start? What do you need to know? 🤔 

One of the best guidebooks to begin with is the NIST Cybersecurity Framework (CSF). This 32-page document was first released 10 years ago in response to a presidential executive order and has been rapidly adopted since.

It’s remarkably effective at helping organizations of all shapes and sizes baseline their current state and establish an appropriate, tailored, desired state to become cyber resilient.

About Your Instructor

Instructor Steve McMichael from Simply Cyber Academy is committed to helping YOU accelerate your cybersecurity career.

#TeamSC 🙌 

👆️ To say hi and for CPE tracking, let us know if YouTube chat if you’re a first timer or a long timer in the Simply Cyber Community.

Steve is passionate about guiding students, from backgrounds as diverse as accounting, into cybersecurity GRC. He successfully made this shift himself and shares his journey in the popular blog, CPA to Cybersecurity.

Steve holds advanced degrees in business (BBA, MBA), along with cybersecurity certifications (CCRP, CRMP, CISSP, CISA), and is a Chartered Professional Accountant (CPA). With nearly 20 years of experience in tech, he currently serves as the Director of Governance, Risk, and Compliance at BlackBerry.

Simply Cyber Mission and Values

âťť

To guide people through their cybersecurity career journey with authentic, accessible education and community support

  • 🤝 INCLUSION: Create an environment where everyone feels welcome.

  • 🌱SUPPORT: Promote a safe space for learning and growth.

  • đź‘Ą COLLABORATION: Foster and seek collective wisdom and cooperation

Other Pre-Amble

  • Thanks for being here

  • Views expressed are my own

  • If we run out of time and you have a question that doesn’t get answered, we can continue the discussion asynchronously (I’ll be outside 9-5) on Simply Cyber Discord https://discord.gg/SimplyCyber

Barriers Risk Management and CSF Skills Help Overcome 🥊

1. Finding a path to break into cybersecurity

"So many people thought they didn't fit and then found that their skills fit" - Shawn Nunley, Cloud Security Office Hours

Have you ever considered how your business skills might be the key to unlocking a successful career in cybersecurity?

www.cpatocybersecurity.com/p/grc-fit

âťť

Audit is a wonderful place to start in cybersecurity, whether you’re super technical or you’re not

Dr. Gerald Auger

How to Break Into GRC

Have you heard of the Governance Risk & Compliance (GRC) function, or that it’s awesome and underrated? In solving the catch 22 problem of cybersecurity hiring managers wanting experienced applicants to add value from day one, and applicants wanting a shot to get that experience, GRC is a great feeder role for you to break through.

www.cpatocybersecurity.com/c/break-into-grc

2. Improving your organization’s risk management communication

âťť

"For me, NIST Cybersecurity Framework is the best approach to security operations and the ability to build an information security program in the world right now"

Dr. Gerald Auger

đź’ˇ Big pivot point for me here to finally get a “Generally Accepted Accounting Principles” equivalent for cybersecurity after struggling with the logical grouping of ISO27k and others 👇️ 

It’s not just about the controls in the framework, it’s the approach to laying them out. ISO27k just pukes a bunch of controls out, and in my opinion there’s no logical grouping of it. I mean they have some but it’s not great. With NIST Cybersecurity Framework, it is basically written for practitioners in the context of how an information security program should work

Dr. Gerald Auger

Agenda

🔹 Part 1: Risk Management Fundamentals:

  • What risk management is and why it matters

  • Key terminology

  • The risk assessment process

  • How risk management principles align with the NIST CSF

🔹 Part 2: Introduction to the NIST Cybersecurity Framework:

  • What is cyber resilience? Why is it critical?

  • How does the NIST CSF differ from other frameworks?

  • Where is the NIST CSF used?

  • Key characteristics of the framework

🔹 Part 3: Breaking Down the NIST Cybersecurity Framework:

  • The history and evolution of the NIST CSF

  • The Framework Core

  • The Six Functions

  • Profiles and Tiers

  • Categories & Subcategories

Chapters

Subscribe to keep reading

This content is free, but you must be subscribed to CPA to Cybersecurity to continue reading.

I consent to receive newsletters via email. Terms of Use and Privacy Policy.

Already a subscriber?Sign In.Not now