Cyber Security GRC Career path | Certifications | job duties | opportunities
ฝัง
- เผยแพร่เมื่อ 27 ส.ค. 2024
- This video is about Cyber Security Governance Risk and Compliance. I explain what the role actually entails, why we need it, and what certifications can help you land a job in this VERY important area of cyber security.
This area is usually misunderstood by technical cyber security professional, so I hope this video clarifies any confusion that you have.
This is updated video, start a career in GRC today:
The BEST Cyber Security GRC Training for Beginners | GRC Mastery
th-cam.com/video/C6IgksBpMF4/w-d-xo.html
Great Video UnixGuy; I find it very helpful and helped re-arrange my start-off point into Cybersecurity- GRC, to be precise. Thank you.
🙏🏻
Thank you for today:) from 16th of September I will start my Cybersecurity journey with you and all your advice 🎉 I will keep you update :) 😊
Good luck!
Great video. Is the world becoming more secure? Doubtful, but there is definately a push for more security regulations - you can count on that and this is where GRC comes into play. Related to this is that a lot of high-end companies (ASX 100 for example), don't yet have CISO's but don't be surprised that if not mandated by regulation, then there will at least be a push by the regulators for these positions to be created in the future in my view.
The world is definitely less secure as digital footprints are increasing and attackers are getting craftier! and don’t get me started with the ASX 100 🙃 you’re absolutely right.
I’ve seen compliance obligations push companies to START a security program 😂
Thank you for keeping it simple and straight to the point
no worries! this is an older video, much has changes since then! watch this:
th-cam.com/video/C6IgksBpMF4/w-d-xo.html
A related podcast that might be of interest:
th-cam.com/video/chjZ3Yzyxh4/w-d-xo.html
What is GRC? 10:00
Why is GRC underrated? 14:35
Key success factors in breaking into GRC 23:10
Value of Certified Information Systems Auditor (CISA) cert 33:10
youtube thought this comment was spam 😂 I’ll check it out thanks mate
Thank you for this video, clear and crisps guidance. I have recently moved to Compliance through IJP from development profile. This video helped me clear most of the queries I had. Could you please guide us on the financial growth in compliance. Also how to build confidence talking to senior stakeholders.
Financial growth comes from seniority, so doing the certs I mentioned in this video will definitely improve your knowledge and open doors. Spending some time in Big4 or any consulting firm can also further expand your knowledge.
I have a playlist of ‘career advice’ that I recommend you watch: th-cam.com/play/PLdI5VHN89i7WdIXViD83Ut6ggA69XhDyJ.html
@@UnixGuy It helps. Thank you sir. I must tell you among all TH-cam videos for cyber sec I have gone through, I feel your explanation and simplicity is so authentic. We get exactly what we are looking for. Cant skip a sec of your video. Thank you for all this valuable videos. Big fan.
@@gardenfairyvlogs thank you so much for your kind words, I really really appreciate it! So glad I’m able to help :)
Thank you so much for this video @unixguy, this is the closest I have come to understanding the big GRC picture. I am a lawyer who has been interested in tech for the longest, especially security and privacy issues, and I want to go into GRC. My first request is that you please present me with a possible roadmap. One of the struggles I have had is finding a pivot point. I know it will be hard, but I think this is a path I would actually find fulfillment in. As a lawyer, I already help businesses drive their internal policies and compliance of some sort.
there are no beginner GRC certs unfortunstely! best start would be this:
th-cam.com/video/6LIUhx95MCU/w-d-xo.html
I used to work at a large accounting and consulting firm. The information and cyber security unit in consulting took in tons of fresh graduates to do GRC work. In my country, often times all it takes to get into cybersecurity via GRC is, i quote job postings - “interest” or “knowledge”
thats fair, yeah fresh grads aren’t expected to have prior knowledge
Ex EY & PwC Alumni here. This is an excellent video
You know what it’s like! You must have quite the reśume :)
@@UnixGuy not sure about your 2nd part of the sentence 😁, but have been in Cyber Security GRC for past 4. Lots to learn, do and advance in 😊 Ex auditor at EY & PwC prior to Cyber GRC.
@@rsaug people love seeing Big4 on a CV so you are onto a great start and GRC is a great place to be. Add some certs like CISSP or maybe CISM and the years pass, you’ll be golden. I’ve even seen GRC people expand their knowledge and learning more about cloud and pivoting to architect or senior advisor type roles
@@UnixGuy will do, thank you 🙏
@@UnixGuy hi I am in GRC/ in infosec cybersecurity in hcl india Noida sec 126
I want to what's the package I can expect after 1 year of experience
And how much I can earn in this domain ....please telll
I just came upon this video, can you share a list of all the smaller companies that would likely hire a JR. GRC analyst? Great videos btw. Learning a lot through them. Thank you for all the hard work and commitment.
there is no universal list of companies :)
Very informative, thank you.
glad you liked it :)
As you're cybersecurity professional I hope you prefer to us the best cybersecurity laptops witch it's: -
1- bearing hard working 💪
2-bettry life meaby 10 hours breey a day.
3- bearing overheating in country's temperature 49 C .
4- powerful : stay with me for 3 years at least .
5- srong hardware.
Lenovo and mac books are fine
Great video. What are the similarities and differences between cyber security audit vs GRC job functions? the certifications for both seem to be similar. Appreciate your input on this! thanks!
they’re extremely similar, the only distinction you’ll find is in some big4 consulting firms and very few big banks! watch this as well:
th-cam.com/video/s9LDWLfFOp8/w-d-xo.html
Back in my first days, ISACA allowed you to credit up to 3 years if you had a Bachelor’s Degree. That might be true as of today. I still hold my CISA and will do as long as I can.
I let my cism and crisc expire, they’ve done nothing to my career. I created a GRC course that actually teaches you something:
th-cam.com/video/C6IgksBpMF4/w-d-xo.htmlsi=G4Z-p8cqetl5wCjQ
Hi UnixGuy,
I have a master's in Computer Science and I work as RSA Archer consultant helping businesses with development & implementation of GRC programs using Archer.
I am further interested in exploring GRC opportunities, could you point me the right direction to further strengthen my skills and employability?
I didn't have much knowledge about GRC until I started this job and always saw it from the technical requirements standpoint,but I am interested towards increasing my knowledge about GRC.I am looking for some help to guide me in the Right direction.
I really appreciate your channel.There is much less content available online about GRC careers. Please continue doing it.
Thank you.
Hey Vamsi, you have an interesting career, RSA Archer is in demand. For you, your best bet is to do the certifications that I recommended in this video (ISACA CISA, CISM, CRISC). They will broaden your horizon and teach what we use RSA Archer for.
the cat at the back understands the whole talk as well!
😂😂 this is an old video, here’s the updated version:
th-cam.com/video/C6IgksBpMF4/w-d-xo.htmlsi=7kTyV3YYHbBSQDAN
I work as a Cyber Security Engineer and a Penetration tester simultaneously. I want to pivot both into GRC for a higher paying role. Is there any tips you have for me?
Of course, I recommend doing CISSP or CISA/CISM if you haven’t already
then I recommend applying to as many GRC as possible (do that now don’t wait until you got the certs).
Third thing is reach out to your network and contacts, let them know you’re looking!
This newer video talks about GRC: The most underrated Cyber Security specialisation (Highly Paid)
th-cam.com/video/s9LDWLfFOp8/w-d-xo.html
thankyou for this video! very informative!
this is an older video! please watch this updated version:
th-cam.com/video/C6IgksBpMF4/w-d-xo.html
Hi UnixGuys thanks a ton for this video... I am IT professional with 14yrs of experience in Network & Security but now i want to move into GRC and I have completed my ISO 27001 Lead Implementer Certification & CISM certification. I am also planning for CISSP. Can you please help me on how should i prepare for interview? Any tips you would like to share... Thanks in Advance..
hey Prassad, you have the right credentials so you have nothing to worry about just be honest and confident. This video will help you:
th-cam.com/video/uaK7pM3aRj8/w-d-xo.html
Thank you for the information! I am looking to pivot careers entirely into the cyber security field, and GRC sounds fascinating. I currently hold an BS in Business management as well as an MBA. I recently completed Sec+. What would you advise my next step to be?
your qualifications are impressive and you are in a perfect position to pivot to GRC, what work experience do you currently have?
@@UnixGuy unfortunately not much as I went directly into the MBA following the BS. Currently working in the Financial Aid office of a university auditing student accounts!
Hi Unixguy, just want to kindly ask you again,
Lots of videos and job searching engine say that GRC is mostly needed for public sector ( Govt, etc ).
Is this true ? what is the percentage comparison between GRC job in public and private sector ?
Thankyou
needed in both public and private. dont listen to those videos
Hello, Great video but very confusing. You start off by saying that GRC is an area that is normally easier to start off in but then you say that you can’t get a certification unless you’re already working five years. How would you gain employment if you don’t have the experience and can’t even get a valuable certification to demonstrate basic knowledge?
it is hard to get your first job in cyber regardless of specialisation because every job needs experience and you can’t get experience without a job. Yes, the certs require 5 yrs of experience, however, I recommended CompTIA Security+ which will get you started on the path.
Here’s a video that can explain to you how to frame your existing experience: th-cam.com/video/McoZ2HoYqrw/w-d-xo.html
and this very important video to explain how to get your first job: th-cam.com/video/GPmVphOqSGY/w-d-xo.html
Thank you for the thorough and thoughtful response. I will check out the other videos. Best wishes
@@moniquerich4340 No worries at all Monique! please let me know if you any further questions once you watch the videos - happy to help :)
Thank you Unix guy for this video, you're the best. I have a BSc. in IT and some 3.5yrs working as an IT Officer and I recently obtained my CC from ISC2. I want to dive into GRC. What would you advise my next step be?
Hey Emmanuel, I have an updated version of this video:
th-cam.com/video/s9LDWLfFOp8/w-d-xo.html
next logical step for u is ISACA CISA
@@UnixGuy thank you.
@@emmanuelkojomireku24 👍
Now that this is a year old…
Do you think having the Google cert in cyber security would be a good start toward training for GRC?
yes 100% :)
@@UnixGuy Thank you for all of your content. It is Deeply appreciated. You’re my go to in this field.
Hey thank you for this informative video! I was torn between cloud security and grc consulting before and i am so glad to know they overlap!! I'm still in college and currently doing google cert and later on will do the microsoft one and prepare for SC-900. Could you please make a video on security consulting and resume tips? As i plan to study further will an MBA or MIS degree be useful in this career speacialization?
im releasing a GRC course very soon please stay tuned! will announce it first on my newsletter: unixguy.com
for now, follow the cloud security roadmap:
th-cam.com/video/zFFMhpCLJi0/w-d-xo.htmlsi=xnX03Zb2NePYV2Um
can't wait!! :D @@UnixGuy
Hi! I'm currently in healthcare and would like to transition to GRC. What courses/certs would you recommend for someone who is starting from scratch? Especially if I want to go into GRC related to healthcare? I figure I'd have a better chance of eventually landing a job that way. Any advice would be greatly appreciated!
Hi Anna, your healthcare background will be very handy! Honestly, I’d start by having conversations with your security team and ask them if they have shadowing opportunities or if you can help them in anyway!
A good beginner friendly start is compTIA Security+, or even a university course thats local to you. This video explains the process:
th-cam.com/video/GPmVphOqSGY/w-d-xo.html
(only difference for you is that you have a leg up being in healthcare already so use
that to your advantage)
@@UnixGuy I just started the Google IT Support Professional Cert just to get an understanding of the basics. And then I was planning on doing the compTia Sec+ and Net+. I also saw a lot of job listings requiring NIST for GRC roles so I'll look into that as well. And I definitely be contacting my companies IT/Security team to see if I can take advantage of any opportunities. Thank you for the reply!
@@annahadzovic2259 yep those are good certs. NIST is a framework that we use so it’s not a certification per se. Once you do all those certs, consider revisiting this video and do the more advanced certs that I mentioned here :) good luck
@anna hadzovic - That's a good start and you can also look at HIPAA compliance standard since you are interested in GRC related to healthcare
@@hardikgosar2908 yes HIPAA is specific to the health care sector in the United States
This is a great video! Are you saying I should look at being a SOC Analyst first before entering GRC? I'm confused on how to get experience as I am just doing research to make sure I woll even like the position. Once you have the experience, is it easier ti fibd a job in GRC?
Experience is king, so the more you have the better (as I explain in this video:
th-cam.com/video/GPmVphOqSGY/w-d-xo.html )
You don’t need to work as a SOC analyst first, but it helps if you have any sort of experience first
Hi. Instructive video here. I'm a lawyer and I have no background in Computer Science and allied courses. How do I get started in the GRC space? Is this a good fit? Would it be extremely technical for me?
Hi Paulson, I know a few people with legal backgrounds who do cybersecurity. GRC is an excellent place for you. A great start for you is to work on the "Privacy" side of cyber security as it requires legal knowledge. From there, you can pivot to more GRC based Risk and audit type work. You do not need a technical background, but doing a training course and getting CISA certified is a good goal for you. Consulting firms love people with legal background so I say go for it!
I am an assistant company secretary and look after the audit and rsik committee. Just attended a board risk day on this very topic. Eye opening. I am conscious of how big this field is becoming. What cyber security roles would I be wise to get into (that pay more than assistant cosec) at the governance level that don't require deep technical knowledge?
hey, I created a training to specifically prepare you for the non-technical GRC roles, have a look:
th-cam.com/video/C6IgksBpMF4/w-d-xo.html
I've been working as a SOC analyst for the past 3 years. How can I transition into GRC? As a SOC professional, what aspects of governance, risk, and compliance should I focus on...?
there is no beginner friendly GRC training! im annoucing something soon to fix this! make sure you signed up to my weekly email list to hear about it: unixguy.com
Hi brother. Thank you so much for this video. Very informative. I wanted to know what your thoughts were on the ISO 27001 lead implementer cert. Is it worth doing?
I’m new to cybersecurity and I recently passed my professional google cybersecurity certification in the hope of getting in the field. I like GRC and auditing and I’m looking for ways to get in involved.
Thanks in advance
Cam
hey mate! there are no entry level GRC training in the market that teaches real skills! Im actually goingg to reelease one soon (in a few weeks time) that will teach you all the skills that you need
I will announce it first on my weekly newsletter so please make sure to sign up: unixguy.com
watch this:
th-cam.com/users/shortsBRmx7LAnqkM?si=2QWKApD8yU3sDuB3
Nice video bro. Is SimpliLearn certifications good for landing a cyber security entry level job? I'm currently learning Introduction to cyber security from them which offers certification.
hey mate, all I know about them is that they partner with EC-council which I’m not a fan of. Why do bootcamps when you can simply do certifications instead? I don’t see the point.
If you’re into GRC, I recommend you check this updated video:
th-cam.com/video/s9LDWLfFOp8/w-d-xo.html
@@UnixGuy Thanks bro
@@MMABones you’re welcome!
Hi Unix Guy ,just loved your videos .I wanted your advice.As u said we have to interact with stake holders and doing documentation thing ...so your saying communication skills matter a lot in GRC field .As my communication skills is pretty decent ,so i am worried whether should i choose this field or not?Please help me out
if your communication skills are decent then you have nothing to worry about :)
How impactful or different is it to get CISA, CISM, or CRISC from some other company than ISACA?
this is an older video, I dont recommend those anymore. Follow this:
th-cam.com/video/C6IgksBpMF4/w-d-xo.html
very informative .... can you please make video on cybersecurity degree from monash university
Added it to my list, but Monash cyber degree is an excellent degree
@@UnixGuy Thank you so much 😊😊.... I f you dont mind , please add Masters of information tech from monash to your list... im confused btw the two
@@HAMMADMALIKCAB one is focused on IT (general) and one is focused on Cyber security. if you want to work in cyber do the cyber masters
Hi UnixGuy, I wanted your advice. I'm trying to break into GRC and have no technical experience/a degree. I realise it's going to be difficult, but I've decided to aim for some certifications and possibly go back to school (online) in a few years as I continue building up my expertise.
My question is, do you think getting a Sec+, AWS Cloud Prac, and AZ-900 would be enough? I considered adding CCNA and Net+ to the list as well, but I'm not sure how practical it would be to get networking certs when working in GRC.
I would have loved to go for the ISACA certs, but that 5 years of experience requirement is unfortunate.
Hey Aidan, you are right it is going to be difficult but not impossible. What work experience do you have? that will be the most important thing, if you have transferrable skills that would be help a lot.
I’d why not stat the online degree right away? why wait?
Your plan is solid, I’d ditch the net+/ccna and try and get security cert. or even more cloud certs, you need to build your security knowledge and experience, so aim to get any IT work to have something under your built
As a 4 yr SOC analyst, it has been tough for me to get into GRC. It might be my resume, but I cannot even get Hiring managers to call for interviews. I guess I need to work on the CISA cert and then maybe I'll start getting taken seriously for job postings.
correct and if CISA is too challenging, start here:
th-cam.com/video/6LIUhx95MCU/w-d-xo.html
@@UnixGuy Thank you for the link. I already have my Security+. I have been a Security Analyst in the Security Operation Center for the past 4 years. But I'm having trouble getting interviews for GRC Roles. So would a CISA Cert start to entertain Hiring Managers when my resume comes up? Even though I don't have Audit experience.
I have 8+ years experience in IT from help desk, IT specialist, IT Coordinator, Sr IT Systems Engineer (currently). I just graduated with Bachelor of Science in Cybersecurity and Information Assurance. Current certs are (ITIL, A+, Network+, Security+, Project+, CySA+, PenTest+, etc. Plus the ISC SSCP (Systems Security Certified Practitioner). I'm wondering if GRC would be the best route for me in Cybersecurity. I just finished school last month and all jobs in cybersecurity that I've applied for I haven't heard back. It's rough to get in even with IT experience.
yes it is tough because none of your certs are GRC related and your experience doesn’t reflect anything cyber, fry your best to do more cyber work (check my latest video) and do GRC certs recommended in this video
I have my CISM, is this cert beneficial in the GRC space?
yes absolutely! very beneficial. This video dives deeper into the topic:
th-cam.com/video/s9LDWLfFOp8/w-d-xo.html
@@UnixGuy thank you for your reply! I’m thinking of going for CRISC now
@@khutubkhan5459 good choice!
Hi I am working more into the IT audit front however, want to move more into GRC and TPRM role
sweet! I think ISACA certifications will help out!
Great content again. Thanks. What do you think about OCEG GRCP?
not something I’d recommend
@@UnixGuy why do you say that?
@@j.a.ward13 not a popular cert, no one heard of it, I have no way of validating the quality of the course
@@UnixGuy are there any other GRC certs that you would recommend?
@@j.a.ward13 start with the google cyber cert, then gain any experience and cert up in different domains, then do isaca later
Thank you
you’re welcome :)
Thank you for this video... I'm a recent graduate from Pharmacy school and I'm looking at transitioning into the Cybersecurity space... Any tips for me to get started...
Follow the plan I laid out in this video:
th-cam.com/video/ug_ruisDUXc/w-d-xo.html :)
BCA in cybersecurity or Bsc Ethical hacking and cybersecurity,which one to do?
I'm not familiar with the content of each course, those are just names. It depends on the university and the quality of the courses so I can't give a blanket answer unfortunately
@@UnixGuy which is the course you have done?
@@victobkp7088 neither because I didn’t go to the same university as you and I went to uni there was no cyber degrees! watch this: th-cam.com/video/pXKv1TWU6ro/w-d-xo.html
Great video. Please what certs do you recommend for one who wants to get to systems administrators?
th-cam.com/video/zFFMhpCLJi0/w-d-xo.html
I want to start a career in GRC, but I'm confused about where to start. I need help.
follow the plan in this video:
th-cam.com/video/s9LDWLfFOp8/w-d-xo.html
Hi again UnixGuy, could you please inform what is the name of cloud cert needed ? based on what you mentioned..
Thanks,
Josh
there are many! you can start with this one:
th-cam.com/video/8gks3pe69hQ/w-d-xo.html
then you can continue doing Microsoft Azure or Aws practitioner
Sir,
Can u explain the ultimate road map to be a cyber security engineer or cyber security expert.😊 and how about being an ethical hacker is worth todays
Those are very broad questions. To be an expert you need specialisation and years of experience. Ethical hacking is worth it if you love and are passionate about it. Spend the next 6 months doing the certs in this video and you can find out: th-cam.com/video/CePhURvdyqk/w-d-xo.html
But...if you go US Federal govt/DoD, CISM, CISA, and CAP (CGRC) are fine. In fact, these are recognized by DoD mandate 8570.
yeah thats what I recommended in the video
Hi thank you for your video. I am a manual tester in IT for the last 6+ years. Would someone with my background be able to move into GRC? Thanks.
yed absolutely! start with CISA and move from there, check this video out for a step by step guide to generally gain more cyber knowledge:
th-cam.com/video/ug_ruisDUXc/w-d-xo.html
For someone without any background in tech but interested in cybersecurity(grc mostly), what's the roadmap and certifications should I follow as a beginner?
start with this:
th-cam.com/video/6LIUhx95MCU/w-d-xo.html
then do the rest of the certs mentioned in this video…
Great content, I’m a grc technical consultant for a financial institute. For me even after working as a grc tech consultant for 3-4 years now still I’m lost sometimes and I lose my confidence and interest in grc
Could you help me what kind trainings might help me boost my confidence for working in Europe
hi Sonali, ISACA certs are important but you may also benefit from soke technical knowledge found in this video/cert:
th-cam.com/video/6LIUhx95MCU/w-d-xo.html
Hi sir, recently I got selected in to risk and compliance or information technology auditor job profile. I would like to know how is it different from cybersecurity GRC plz
watch this video and do the training to learn:
th-cam.com/video/C6IgksBpMF4/w-d-xo.html
For the entry-level job in grc, it is possible to hire someone that knows nothing about it but he/ she has a passion for it?
its possible but very challenging, you’ll need to have some sort of knowledge or at least start working on some certifications or courses. Watch this video and follow the plan there:
th-cam.com/video/ug_ruisDUXc/w-d-xo.html
Interesting facts
👍
For getting into GRC, would you recommend WGU's BS in IT Management business degree?
If you wanna do a WGU degree then I recommend a degree in cyber security. Also consider the google cyber cert as a start:
th-cam.com/video/6LIUhx95MCU/w-d-xo.html
You're not going to introduce the cat meowing in the background?
Haha in hindsight I should’ve 🙈
Hi UnixGuy. Does the Certification and Accreditation process (C&A) fall under GRC?
never heard of them
Hi Friend,
I have 4 +yrs of experience in RSA Archer in India.I have a Certification in RSA Archer. I recently moved to Sydney a month ago with 482 dependent visa. I am looking for a JOB into RSA Archer. I didn't find any jobs particularly for RSA Archer. What is the best way you can suggest. Can I get a job by doing GRC certifications with my RSA Archer experience or do I need to change my path. I am in great confusion to get job. Expecting your valuable suggestion.
hey mate, there is demand for Archer in Sydney, you need a good CV and go on seek dot com dot au to look for jobs there. ISACA certifications are a good value add to your Archer skills :)
I'm a loyal subscriber. I needed some general advice.
Below is a list of certs I'm granted as an university alumni of cyber. Out of the ones listed, is what I have to choose from (5 total to pick). Out of those, which do you think would be most beneficial for the field of cyber GRC? Top 5
CLF-C01 AWS Certified Cloud Practitioner
CLO-002 Cloud Essentials+
CCNA 200-301 Implementing and Administering Cisco Solution
CEH 312-50 Certified Ethical Hacker
AI for Anomaly Detection
AI for Predictive Maintenance
AI on the Jetson Nano
Fundamentals of Deep Learning
Certified Associate in Python Programmer
Certified Entry-Level in Python Programmer
VMware Certified Technical Associate - Data Center Virtualization 2021
hey mate! none of those are specific to GRC unfortunately! If I had ton pick, I’ll pick the AWS
@@UnixGuy great thx for the input
Can you do GRC work fully remote or do I have to go into the office every day??
u can work remote, it depends on the company
I am currently working as Team Lead Network & Security +12years of experience. I currently passed CC and CISSP. My question is if I start move to GRC career then will I paid to be high salary or same as my current salary based in my past experiences. I don’t have any experience of GRC currently but I know more technical stuff. Thanks
It depends on many factors, but with your experience you may be able to land a senior GRC role. Again it depends on your security knowledge and how well you can sell your skills to an employer. You can potentially be paid more
@@UnixGuy Thanks for your advice. I am following your videos and gaining more insights.
@@asifali78622 no worries at all! this is an updated video about GRC btw:
th-cam.com/video/s9LDWLfFOp8/w-d-xo.html
hi I am in GRC/ in infosec cybersecurity in hcl india Noida sec 126
I want to what's the package I can expect after 1 year of experience
And how much I can earn in this domain ....please telll
Hi,
I’m not familiar with salaries in India. Best to google or check websites like glassdoor