Starting a career in cybersecurity, especially at the L1 level, often seems straightforward for those entering compliance roles. However, it’s disheartening to see that many companies require extensive experience-typically over five years-even for entry-level positions. This gap can make it challenging for newcomers to get their foot in the door, despite their eagerness and relevant skills. Greater support and opportunities for fresh talent are crucial to fostering growth in the field. Great video as usual! ❤
I wouldn't say that GRC is straightforward or "easier" than other jobs. In fact, GRC isn't something you can as easily lab like you would for a technical job because it relies on knowledge that is acquired through experience that can't be easily replicated. Don't be fooled by people saying otherwise. Also, it sounds great to make more opportunities for new professionals, but it's really businesses preventing this as they control the budgets of security teams trying to maximize the value that they bring to the organization. Keep striving to make yourself the most competitive candidate you can be so that it becomes an easier decision to hire you!
Yes watch it over and over. If you’re trying to get in cyber this is an area not recognized but a lot but it is extremely important. Very very important!
When you say “other times you will receive a report or attestation” which verifies compliancy. Can you elaborate a little on what would make you compliant without needed a certificate?
For example, when you are HIPAA compliant due to an audit, you will receive a report or attestation and not an actual certificate like you would if you were audited for ISO 27001. It really comes down to the specific standard or requirements to determine what you will receive. Some companies will even say they are compliant with controls as a form of self-attestation or claim, but they haven't undergone a formal third-party audit for the requirements.
Starting a career in cybersecurity, especially at the L1 level, often seems straightforward for those entering compliance roles. However, it’s disheartening to see that many companies require extensive experience-typically over five years-even for entry-level positions. This gap can make it challenging for newcomers to get their foot in the door, despite their eagerness and relevant skills. Greater support and opportunities for fresh talent are crucial to fostering growth in the field. Great video as usual! ❤
I wouldn't say that GRC is straightforward or "easier" than other jobs. In fact, GRC isn't something you can as easily lab like you would for a technical job because it relies on knowledge that is acquired through experience that can't be easily replicated. Don't be fooled by people saying otherwise. Also, it sounds great to make more opportunities for new professionals, but it's really businesses preventing this as they control the budgets of security teams trying to maximize the value that they bring to the organization. Keep striving to make yourself the most competitive candidate you can be so that it becomes an easier decision to hire you!
This video came to me in a timely manner. Will save and watch over and over again.
I'm glad that you found the content helpful!
Yes watch it over and over. If you’re trying to get in cyber this is an area not recognized but a lot but it is extremely important. Very very important!
When you say “other times you will receive a report or attestation” which verifies compliancy. Can you elaborate a little on what would make you compliant without needed a certificate?
For example, when you are HIPAA compliant due to an audit, you will receive a report or attestation and not an actual certificate like you would if you were audited for ISO 27001. It really comes down to the specific standard or requirements to determine what you will receive. Some companies will even say they are compliant with controls as a form of self-attestation or claim, but they haven't undergone a formal third-party audit for the requirements.