Build skills in risk management with this training course: codered.samcart.com/referral/zd8IqN9W/xcaSu79JNX0wDzVt Ask me a question: topmate.io/ken_underhill Learn how to be successful in job interviews in less than one hour, so you can get higher job offers. Limited time 20% discount because you support the TH-cam channel. cyberken23.gumroad.com/l/jbilol/youtube20 Schedule a mock job interview call with me at this link. topmate.io/ken_underhill/411153 If you need cybersecurity training, here are some good resources. Please note that I earn a small affiliate commission if you sign up through these links for the training. Learn Ethical Hacking skills get.haikuinc.io/crk0rg6li6qd Get GRC Analyst, Ethical Hacking skills, SOC Analyst skills, and more through StationX. www.stationx.net/cyberlife
Yeah, most schools just tell people about SOC Analyst, Cybersecurity Analyst, Cybersecurity Engineer, and Penetration Tester, so you get thousands of people applying for every open job in this areas.
This was very helpful. I look forward to seeing more of your content. Thanks for providing these helpful tips and valuable information. Its appreciated.
Thank you so much for producing this video. I have been trying to understand for the longest time exactly where in cyber security I can get started AND also work from home. This knowledge is super helpful. Keep up the great work Ken!
Thank you. Non “cybersecurity” jobs have remote work opportunities as well. Some examples are cloud architect, solutions architect, cloud engineer, and sysadmin.
@@lakshmigayatri3548 yes, GRC is one career path where you can get a job with no experience in the role. I suggest looking at job postings that ask for 3 or less years of experience and focus on the fact you have other "experience" from work and/or your school. And be sure to check out the GRC video with Christabel on the channel because she shares some additional tips for GRC.
Hi Ken! I came across your content and find it extremely helpful. Do you have any recommendations on how I could get started? I recently graduated from university with my bachelors in economics and I’m having a little bit of a hard time landing roles. Do you have any tips for me?
@@ecuabaddie for a degree in economics, I would focus on your research and analytical skills. You also probably did some economic risk assessments in school, so focus on how your experience with those ties into doing risk assessments in cybersecurity around regulatory compliance. You also have critical thinking and problem solving skills, so talk about how you identified a compliance gap or developed a strategy to mitigate economic risk in a project. You want to “connect the dots” for recruiters and hiring managers between your background and the job you are applying for. If you want a call with me to look through your resume, you can always schedule here: topmate.io/ken_underhill
I know it can be done without certs and education but since you have experience I want to ask you. I have an IT Bachelors Degree, 2 years of IT Helpdesk/Specialist II experience, Security+, CISA (passed exam don't have experience requirement), and am studying for the CRISC currently. Roughly how much can I expect to make with No GRC experience before getting the CRISC as of right now and after I get it? From different sources it seems consistent I'd be able to get 6 figures or close to it with these things on my side currently, am I correct? Your insight would be appreciated
You might be able to pull low six figures because of your IT experience, but it would probably be at a larger company. Even working helpdesk, you’ve probably been involved in GRC related projects. On your resume, you’ll just want to flesh out specific examples. For example, if you installed and configured software for nurses you might list something like this below on your resume. “Configured electronic health record software using security best practices to ensure the organization protected PHI in compliance with HIPAA.” P.S. - Normally someone getting more advanced certs without experience is a red flag, but since you have a few years in IT then CISA and CRISC should be fine. Just be sure to tie in what you’re learning with those to some real life examples because hiring managers want people that can apply knowledge and not just collect it.
Yes, GRC Analyst can be entry level. It’s often easier to find entry level GRC jobs than SOC Analyst jobs because SOCs have a limited amount of jobs and most cybersecurity training schools focus on SOC/Cybersecurity Analyst jobs, cybersecurity engineering, and pentester so all of their students are applying for those types of jobs. Depending on your background, you can probably apply for GRC jobs asking for up to 2-3 years of experience.
So I’m looking to bring in GRC. I’m almost done with my Google Cybersecurity certification. They helped me build my portfolio with certain projects I had to do while doing the courses. Do you think I would have any issues with that plus I’ve had 5 years experience as a surveillance agent at a casino, working with compliance sending emails and talking to department heads when one of their employees broke a rule or in Information security terms had a risk or vulnerability ?
Just be sure to talk on your resume about that compliance experience and try to tie it into the job you are applying for. The more you connect the dots for HR, the more likely you’ll get an interview.
Compensation always depends on the company, location, experience, etc. Overall, much of the cybersecurity jobs are paying about 20% less than they did a few years ago, but here in the U.S. you can usually negotiate for other stuff like tuition assistance or more days off. If you're just looking at cybersecurity careers for the money, then I would recommend just focusing on sales jobs. People with experience in sales that work at larger cybersecurity companies are often making $250k-$400k.
@CyberLifeTV thanks for your reply,I'm a network administrator in Europe and I m looking for to change my career in Europe,money are important but are not all..
@@mauricecioccato9818 it should be more money than as a net admin, but it depends on the company. I don’t know the market over there well. You could ping some local recruiters and get an idea of market rates from them.
Yes, many people getting into cybersecurity careers are career changers from manufacturing and other areas, like healthcare and transportation. The key is to identify your skills from manufacturing (e.g.- ability to follow a proven process for a desired outcome) and translate those to the job in cybersecurity that you want.
No, we shut that down a few months ago because there was little engagement and it took too much effort to manage. If you have questions about your career though, feel free to post them in the comments and we'll try to get them answered for you.
@@CyberLifeTV I really want to do auditing. This is the first video I’ve seen of actual positions to go for. Do you know where I can do auditing labs or hands on projects I can put on my resume. I really want to break into GRC space. I have a meeting with a professional from LinkedIn to just ask questions. I want to come to the meeting prepared though.
@@ZombENT400 I always recommend Gerry Auger's GRC Masterclass course as a starter if you haven't already done it. Also, picking one law or standard to focus on (e.g.-PCI DSS) and then searching some use cases for that will help you. Pretend like you have been hired as a consultant to audit a company for compliance with something like PCI DSS. For entry level jobs, hiring managers just want to see that you can connect what you are learning to the real world. As for projects, you can always offer to do a free audit to a local solopreneur on their website or something in exchange for their testimonial. You could even just audit a family member's social media accounts for security and make recommendations on how they can be more secure. Lots of ways to get "experience" without getting formal work experience.
@@CyberLifeTVAnd what if any certs do you reccomend if any to do this also I looked on Coalfire for GRC Analyst what would be job titles to look for in an entry level to break into this field?
@@rj8183 normally just searching GRC Analyst on a website like Indeed will show many results. Be sure to read through the actual job descriptions because some companies have weird job titles for the roles. As far as certifications, entry level ones like sec+. It’s more important though for you to see what they ask for in the JD and then create a real life example for that. For example, they ask for PCI DSS experience. Look at some case studies and then on your resume that you don’t have the direct experience but you are knowledgeable about x,y, and z case studies.
Build skills in risk management with this training course: codered.samcart.com/referral/zd8IqN9W/xcaSu79JNX0wDzVt
Ask me a question: topmate.io/ken_underhill
Learn how to be successful in job interviews in less than one hour, so you can get higher job offers. Limited time 20% discount because you support the TH-cam channel.
cyberken23.gumroad.com/l/jbilol/youtube20
Schedule a mock job interview call with me at this link. topmate.io/ken_underhill/411153
If you need cybersecurity training, here are some good resources. Please note that I earn a small affiliate commission if you sign up through these links for the training.
Learn Ethical Hacking skills get.haikuinc.io/crk0rg6li6qd
Get GRC Analyst, Ethical Hacking skills, SOC Analyst skills, and more through StationX.
www.stationx.net/cyberlife
man im so glad he is reviewing all the roles. its confusing for someone like me who is new to the industry
Yeah, most schools just tell people about SOC Analyst, Cybersecurity Analyst, Cybersecurity Engineer, and Penetration Tester, so you get thousands of people applying for every open job in this areas.
Thanks a lot Ken very helpful insight, articulated and brief one lOVE it
Thank you
This was very helpful. I look forward to seeing more of your content. Thanks for providing these helpful tips and valuable information. Its appreciated.
Thank you
Thank you so much for producing this video. I have been trying to understand for the longest time exactly where in cyber security I can get started AND also work from home. This knowledge is super helpful. Keep up the great work Ken!
Thank you. Non “cybersecurity” jobs have remote work opportunities as well. Some examples are cloud architect, solutions architect, cloud engineer, and sysadmin.
Great video, thank you for sharing your knowledge
Thank you
Love this Ken. Very informative, as I'm passionate advocate for GRC.
Thank you
Great teaching.
Great video. Thank you so much
Thank you
Great video, and thank you
Thank you
i just subscribed in your channel with my fist like and comment
New cybersecurity career videos drop every Tuesday and Friday at 9am EST. What other questions do you have about your cybersecurity career?
I am looking for career in GRC. I do not have prior experience. Is it possible to land in one practically
@@lakshmigayatri3548 yes, GRC is one career path where you can get a job with no experience in the role.
I suggest looking at job postings that ask for 3 or less years of experience and focus on the fact you have other "experience" from work and/or your school.
And be sure to check out the GRC video with Christabel on the channel because she shares some additional tips for GRC.
@@CyberLifeTV Wonderful. Thanks for the suggestion.
Thanks for the knowledge. I advise against the GRCP due to their huge annual fees. The certification is also not well recognised.
One Trust GRC professional is another one people get, but at the end of the day you don’t need any certs to get your first job.
Hi Ken! I came across your content and find it extremely helpful. Do you have any recommendations on how I could get started? I recently graduated from university with my bachelors in economics and I’m having a little bit of a hard time landing roles. Do you have any tips for me?
Are you looking at GRC Analyst jobs or a different role?
@@CyberLifeTV grc analyst roles
@@ecuabaddie for a degree in economics, I would focus on your research and analytical skills. You also probably did some economic risk assessments in school, so focus on how your experience with those ties into doing risk assessments in cybersecurity around regulatory compliance.
You also have critical thinking and problem solving skills, so talk about how you identified a compliance gap or developed a strategy to mitigate economic risk in a project. You want to “connect the dots” for recruiters and hiring managers between your background and the job you are applying for.
If you want a call with me to look through your resume, you can always schedule here: topmate.io/ken_underhill
I know it can be done without certs and education but since you have experience I want to ask you. I have an IT Bachelors Degree, 2 years of IT Helpdesk/Specialist II experience, Security+, CISA (passed exam don't have experience requirement), and am studying for the CRISC currently. Roughly how much can I expect to make with No GRC experience before getting the CRISC as of right now and after I get it? From different sources it seems consistent I'd be able to get 6 figures or close to it with these things on my side currently, am I correct? Your insight would be appreciated
You might be able to pull low six figures because of your IT experience, but it would probably be at a larger company. Even working helpdesk, you’ve probably been involved in GRC related projects. On your resume, you’ll just want to flesh out specific examples.
For example, if you installed and configured software for nurses you might list something like this below on your resume.
“Configured electronic health record software using security best practices to ensure the organization protected PHI in compliance with HIPAA.”
P.S. - Normally someone getting more advanced certs without experience is a red flag, but since you have a few years in IT then CISA and CRISC should be fine.
Just be sure to tie in what you’re learning with those to some real life examples because hiring managers want people that can apply knowledge and not just collect it.
@@CyberLifeTV Will do, Thank you!!
Is this an entry level role in cybersecurity? Between this and a SOC analyst which would you say can be entered in quicker?
Yes, GRC Analyst can be entry level. It’s often easier to find entry level GRC jobs than SOC Analyst jobs because SOCs have a limited amount of jobs and most cybersecurity training schools focus on SOC/Cybersecurity Analyst jobs, cybersecurity engineering, and pentester so all of their students are applying for those types of jobs.
Depending on your background, you can probably apply for GRC jobs asking for up to 2-3 years of experience.
So I’m looking to bring in GRC. I’m almost done with my Google Cybersecurity certification. They helped me build my portfolio with certain projects I had to do while doing the courses. Do you think I would have any issues with that plus I’ve had 5 years experience as a surveillance agent at a casino, working with compliance sending emails and talking to department heads when one of their employees broke a rule or in Information security terms had a risk or vulnerability ?
Just be sure to talk on your resume about that compliance experience and try to tie it into the job you are applying for. The more you connect the dots for HR, the more likely you’ll get an interview.
@@CyberLifeTV appreciate the info !
@@kentrelc1 my pleasure
What about identity and access management jobs?does this come under grc jobs please?
th-cam.com/video/O3IdgYO1yHM/w-d-xo.htmlsi=W-fxnEnrvIe7NKhJ
Do you think a GRC Cyber analyst can be a good start for someone who wants to progress into Cybersecurity Architect?
Yes because when you build architecture properly, you build it with a focus on reducing risk.
thank s for the video ,IS DLP analyst role well payed?
Compensation always depends on the company, location, experience, etc.
Overall, much of the cybersecurity jobs are paying about 20% less than they did a few years ago, but here in the U.S. you can usually negotiate for other stuff like tuition assistance or more days off.
If you're just looking at cybersecurity careers for the money, then I would recommend just focusing on sales jobs.
People with experience in sales that work at larger cybersecurity companies are often making $250k-$400k.
@CyberLifeTV thanks for your reply,I'm a network administrator in Europe and I m looking for to change my career in Europe,money are important but are not all..
@@mauricecioccato9818 it should be more money than as a net admin, but it depends on the company. I don’t know the market over there well. You could ping some local recruiters and get an idea of market rates from them.
Hi!
I'm working as a manufacturer worker right now. Do I have a chance to go into this field?
Yes, many people getting into cybersecurity careers are career changers from manufacturing and other areas, like healthcare and transportation. The key is to identify your skills from manufacturing (e.g.- ability to follow a proven process for a desired outcome) and translate those to the job in cybersecurity that you want.
@@CyberLifeTV How can I start my journey to GRC analyst or compliance analyst?
@@christievega2738 CoalFire often hires entry level for GRC.
@@CyberLifeTV thanks
Awesome video. Do you have a discord community?
No, we shut that down a few months ago because there was little engagement and it took too much effort to manage. If you have questions about your career though, feel free to post them in the comments and we'll try to get them answered for you.
@@CyberLifeTV I really want to do auditing. This is the first video I’ve seen of actual positions to go for. Do you know where I can do auditing labs or hands on projects I can put on my resume. I really want to break into GRC space. I have a meeting with a professional from LinkedIn to just ask questions. I want to come to the meeting prepared though.
@@ZombENT400 I always recommend Gerry Auger's GRC Masterclass course as a starter if you haven't already done it.
Also, picking one law or standard to focus on (e.g.-PCI DSS) and then searching some use cases for that will help you.
Pretend like you have been hired as a consultant to audit a company for compliance with something like PCI DSS.
For entry level jobs, hiring managers just want to see that you can connect what you are learning to the real world.
As for projects, you can always offer to do a free audit to a local solopreneur on their website or something in exchange for their testimonial.
You could even just audit a family member's social media accounts for security and make recommendations on how they can be more secure.
Lots of ways to get "experience" without getting formal work experience.
@@CyberLifeTVAnd what if any certs do you reccomend if any to do this also I looked on Coalfire for GRC Analyst what would be job titles to look for in an entry level to break into this field?
@@rj8183 normally just searching GRC Analyst on a website like Indeed will show many results. Be sure to read through the actual job descriptions because some companies have weird job titles for the roles.
As far as certifications, entry level ones like sec+. It’s more important though for you to see what they ask for in the JD and then create a real life example for that.
For example, they ask for PCI DSS experience. Look at some case studies and then on your resume that you don’t have the direct experience but you are knowledgeable about x,y, and z case studies.