Look at the DOD 8570 matrix for the certs the Department of Defense looks for. CISSP, CCSP, CISA, CISM, & CRISC. More certs = more money. You'd better have some technical chops as well. CIOs hate accepting risk in writing.
This was all grwat feedback. I do however think that we have to consider where the role would reside in an organization. For example if you are looking to take on a leadership capacity, it may be worthwhile to remain with a more high level and strategic focus. Directors and higher are not going to get bogged down into the reports from scans but will ultimately communicate the overall risk. If you like implementation, by all means do a bit more of rhe practical work. But there will be a glass ceiling despit how many times you job hop in a non-managerial or leadership capacity.
How do you jump from sec+ to Cissp when they require 5 years experience for the cissp certification? Is it possible to get a grc specialist position with only the security + and no IT experience?
Hi there! That's a great question! As we stated in the video, “most people will move into CISSP.” Everyone is different when it comes to experience and qualifications. The CISSP is the next logical step in your career progression from the Security+ if you want to succeed in GRC. You can take the CISSP exam with no experience and become an Associate of ISC2. www.isc2.org/Certifications/Associate Although this is a difficult path, it would greatly increase your hiring value. So that it another option for you. However, if you do not have experience in IT, do not go for the CISSP just yet. Focus on gaining IT and security knowledge and experience first, then pursue the CISSP. We highly suggest spending the time to educate yourself on various IT areas, such as computer operations, networking, cloud computing, etc. Look at certifications like the CompTIA Network+, CySA+, AWS Cloud Practitioner, or the AKYLADE CCRF if you want to focus more on GRC. We have training for all of these certifications on our website or on Udemy. Can you get a GRC job with the Sec+ and no experience? Yes, you can. There are entry-level opportunities out there, but you will need IT and Security experience to qualify for many of those opportunities. Find the jobs that interest you, review the qualifications, and educate yourself on those topics. That will help you tremendously! We hope this helps!
Transitioning into the GRC field from a paralegal background is a strategic move that can really leverage your existing legal and compliance knowledge, so this could be a great move for you. Here are a few simple tips to guide you through this possible transition: Learn the Basics: Check out online courses or certifications in GRC to get started. Make Connections: Use LinkedIn or join groups to meet people already working in GRC. Use Your Skills: Your experience as a paralegal has given you great skills for GRC, like understanding regulations and doing thorough research. Try It Out: Look for volunteer opportunities or internships to get some direct experience. Keep Up-to-Date: GRC changes a lot, especially with new laws, so keep learning about new trends. Remember, transitioning careers is a journey that requires patience and perseverance. Your unique background can bring a fresh perspective to the GRC field. Good luck!
Hello, if you are making a career transition and have no IT experience, but transferable skills, to GRC world what are some of the other courses/certifications you would recommend.
I just recently completed My Cyber Security Management and Policy degree. I am looking to obtain a Governance Risk and Compliance position. I am looking to obtain GRC certifications. Would be a good idea to post some of my writings that I did in college on LinkedIn to show my interest in the field?
Sharing your academic writings on LinkedIn is a fantastic idea to showcase your knowledge and enthusiasm for GRC. This not only highlights your expertise but also demonstrates your commitment to the field. Plus, engaging with comments on your posts can further establish your presence in the GRC community. It’s a proactive step towards building your professional network and enhancing your visibility in the field.
When transitioning to a GRC role, the path you take can definitely depend on any certifications you already hold. If you're starting with minimal certifications in the field, beginning with the Certified Information Systems Auditor (CISA) certification is a great choice. CISA is highly respected and focuses on essential skills such as auditing, controlling, and assessing an organization's IT and business systems, which are crucial for GRC roles. If you're new to the field and looking for a broader foundation, the CompTIA Security+ certification could be a good first step before diving into more specialized GRC certifications. This will provide you with a solid understanding of basic cybersecurity principles and practices, setting the groundwork for more advanced GRC-focused certifications.
I am currently a practising lawyer for a decade now. I am thinking of getting a certification from IAPP and transitioning into GRC. Any other suggestions would be much appreciated. I have no IT background; however, I am doing the Google cybersecurity course.
Before we answer your question let's get some context. 1. What is your primary interest? 2. What is more important to you, money or enjoying what you do?
@@DionTraining For someone currently working in the property management/commercial real estate operations managing access control systems as administrator using Brivo Access systems, which area in GRC or cybersecurity in general will be good with my background. And what is the name of the GRC course on Udemy with Kip Boyle?
@@michaeloridamisi1447 thank you, I thought so too. The certification is available by the Army, but they don’t list ISACA, which is why I ask and it doesn’t make sense so I will address it with them.
It sounds like you're in a fantastic position to transition into GRC with your background in law and Computer Engineering! Start by upskilling in GRC frameworks and consider getting certifications like CISA or CISSP. Use your existing network to connect with professionals in the tech field, and perhaps look for internship or part-time roles to get some hands-on experience. I personally know a couple of attorneys who now work in compliance and they are very satisfied with their decision to switch. The specific knowledge subjects that I would suggest that you familiarize yourself with are ISO 27001, NIST, and COSO. You may also want to learn about data privacy regulations like GDPR and CCPA. Best regards, Jamario
@@DionTrainingI got Security+ with your course on the first go! Now, looking to continue studying in the new year to get into GRC! What do you recommend I do next, GRCP?
Im trying to get into grc and just got my google cybersecurity certificate. As a next step, should i go for a grc specific cert like the oceg grc or the isc2 cgrc cert? I dont have the years of experience required for the cisa or cssp. I know the sec + is the baseline cert but since i did the google one im not sure if i should do the sec + too. Thanks!
In your position, I'd strongly consider pursuing the reputable Security+ certification. Based on my experience, it's highly regarded, especially within governmental sectors, aligning well with your career aspirations. Additionally, the ISC2 CGRC is renowned for its industry recognition and could be a valuable asset. However, it's important to note that certifications often cater to specific corporate preferences. I recommend reviewing job postings on sites like LinkedIn or Indeed to identify the certifications most sought after by your target employers. This will definitely optimize your prospects. Good luck, and I'm confident in your success! Best regards, Jamario
Yes, the CISA can be very helpful within the GRC framework. The CISA exam covers important topics including the auditing of governance, risk, and compliance. The CISA objectives contain a significant amount of overlap with the GRC framework.
CISSP(onPrem) + CRISC(Risk Management) + CCSP(Cloud) = cover most of the staff.
Pain is weakness leavin the body and slow is smooth and smooth is fast... somewhat😊
I'm getting my CISSP now and my CISM in February, I'm good to go.
That’s awesome! Best of luck with your CISSP, and it sounds like February will be another milestone to celebrate. 🙌
Look at the DOD 8570 matrix for the certs the Department of Defense looks for. CISSP, CCSP, CISA, CISM, & CRISC. More certs = more money. You'd better have some technical chops as well. CIOs hate accepting risk in writing.
CGRC (The old CAP) is the certification for GRC.
Nice one, Dion. CISM is also a nice one.
Great info! Thank you for sharing
You're welcome! I'm glad you found it helpful. 🤗
This was all grwat feedback. I do however think that we have to consider where the role would reside in an organization. For example if you are looking to take on a leadership capacity, it may be worthwhile to remain with a more high level and strategic focus. Directors and higher are not going to get bogged down into the reports from scans but will ultimately communicate the overall risk. If you like implementation, by all means do a bit more of rhe practical work. But there will be a glass ceiling despit how many times you job hop in a non-managerial or leadership capacity.
How do you jump from sec+ to Cissp when they require 5 years experience for the cissp certification? Is it possible to get a grc specialist position with only the security + and no IT experience?
Hi there! That's a great question! As we stated in the video, “most people will move into CISSP.” Everyone is different when it comes to experience and qualifications.
The CISSP is the next logical step in your career progression from the Security+ if you want to succeed in GRC. You can take the CISSP exam with no experience and become an Associate of ISC2. www.isc2.org/Certifications/Associate
Although this is a difficult path, it would greatly increase your hiring value. So that it another option for you. However, if you do not have experience in IT, do not go for the CISSP just yet. Focus on gaining IT and security knowledge and experience first, then pursue the CISSP.
We highly suggest spending the time to educate yourself on various IT areas, such as computer operations, networking, cloud computing, etc. Look at certifications like the CompTIA Network+, CySA+, AWS Cloud Practitioner, or the AKYLADE CCRF if you want to focus more on GRC. We have training for all of these certifications on our website or on Udemy.
Can you get a GRC job with the Sec+ and no experience? Yes, you can. There are entry-level opportunities out there, but you will need IT and Security experience to qualify for many of those opportunities. Find the jobs that interest you, review the qualifications, and educate yourself on those topics. That will help you tremendously!
We hope this helps!
Good Afternoon, I am a Paralegal and I am looking into transitioning into the GRC field. Any tips? Any advice?
Transitioning into the GRC field from a paralegal background is a strategic move that can really leverage your existing legal and compliance knowledge, so this could be a great move for you.
Here are a few simple tips to guide you through this possible transition:
Learn the Basics: Check out online courses or certifications in GRC to get started.
Make Connections: Use LinkedIn or join groups to meet people already working in GRC.
Use Your Skills: Your experience as a paralegal has given you great skills for GRC, like understanding regulations and doing thorough research.
Try It Out: Look for volunteer opportunities or internships to get some direct experience.
Keep Up-to-Date: GRC changes a lot, especially with new laws, so keep learning about new trends.
Remember, transitioning careers is a journey that requires patience and perseverance. Your unique background can bring a fresh perspective to the GRC field. Good luck!
Thank you so very much for your response, it's greatly appreciated and helpful! @@DionTraining
From IT support/QA Analyst to Auditing/GRC, is it possible? Would it be more interesting to go with Iso27001 or CISA?
Hello, if you are making a career transition and have no IT experience, but transferable skills, to GRC world what are some of the other courses/certifications you would recommend.
Hi! Feel free to check and join our Facebook page, where Dion Training and the members regularly share valuable insights and updates!
I just recently completed My Cyber Security Management and Policy degree. I am looking to obtain a Governance Risk and Compliance position. I am looking to obtain GRC certifications. Would be a good idea to post some of my writings that I did in college on LinkedIn to show my interest in the field?
Sharing your academic writings on LinkedIn is a fantastic idea to showcase your knowledge and enthusiasm for GRC. This not only highlights your expertise but also demonstrates your commitment to the field. Plus, engaging with comments on your posts can further establish your presence in the GRC community. It’s a proactive step towards building your professional network and enhancing your visibility in the field.
I am currently in the banking sector currently looking to transition to Grc what certification doni start with.
When transitioning to a GRC role, the path you take can definitely depend on any certifications you already hold. If you're starting with minimal certifications in the field, beginning with the Certified Information Systems Auditor (CISA) certification is a great choice. CISA is highly respected and focuses on essential skills such as auditing, controlling, and assessing an organization's IT and business systems, which are crucial for GRC roles.
If you're new to the field and looking for a broader foundation, the CompTIA Security+ certification could be a good first step before diving into more specialized GRC certifications. This will provide you with a solid understanding of basic cybersecurity principles and practices, setting the groundwork for more advanced GRC-focused certifications.
Very informative video
Glad you think so!
I am currently a practising lawyer for a decade now. I am thinking of getting a certification from IAPP and transitioning into GRC. Any other suggestions would be much appreciated. I have no IT background; however, I am doing the Google cybersecurity course.
Hello, how's it going?
I'm currently looking to transition to GRC too from law
Thank You
I’m definitely looking to go into GRC in cybersecurity, but want to lean coding as well! Any advice?
Before we answer your question let's get some context.
1. What is your primary interest?
2. What is more important to you, money or enjoying what you do?
@sincere531
@@DionTraining both to be honest, but if I had to choose money because I can adapt to liking a job. My whole career has been in healthcare/nursing.
I’m a DOD contractor and even the guys who do GRC don’t like it. They did it basically to get a pay increase.
@@DionTraining For someone currently working in the property management/commercial real estate operations managing access control systems as administrator using Brivo Access systems, which area in GRC or cybersecurity in general will be good with my background. And what is the name of the GRC course on Udemy with Kip Boyle?
Hey I am from India and I have 7+ experience in AML/ KYC. can you help which Certification do I need to have to get place in GRC field- Thank you
How impactful or different is it to get CISA, CISM, or CRISC from some other company than ISACA?
That’s the only body for those certifications 😅
@@michaeloridamisi1447 thank you, I thought so too. The certification is available by the Army, but they don’t list ISACA, which is why I ask and it doesn’t make sense so I will address it with them.
Currently an attorney but looking to transition into Tech GRC. Undergrad in CompE. Any suggestions?
It sounds like you're in a fantastic position to transition into GRC with your background in law and Computer Engineering! Start by upskilling in GRC frameworks and consider getting certifications like CISA or CISSP. Use your existing network to connect with professionals in the tech field, and perhaps look for internship or part-time roles to get some hands-on experience. I personally know a couple of attorneys who now work in compliance and they are very satisfied with their decision to switch. The specific knowledge subjects that I would suggest that you familiarize yourself with are ISO 27001, NIST, and COSO. You may also want to learn about data privacy regulations like GDPR and CCPA.
Best regards,
Jamario
@@DionTrainingI got Security+ with your course on the first go! Now, looking to continue studying in the new year to get into GRC! What do you recommend I do next, GRCP?
Hi Jason do you have a discount code I can apply to use on Dion training a+ 1101 course? Thanks!
No we don't, but you can always keep an eye out on Udemy! We regularly have sales on our courses there.
Im trying to get into grc and just got my google cybersecurity certificate. As a next step, should i go for a grc specific cert like the oceg grc or the isc2 cgrc cert? I dont have the years of experience required for the cisa or cssp. I know the sec + is the baseline cert but since i did the google one im not sure if i should do the sec + too. Thanks!
In your position, I'd strongly consider pursuing the reputable Security+ certification. Based on my experience, it's highly regarded, especially within governmental sectors, aligning well with your career aspirations. Additionally, the ISC2 CGRC is renowned for its industry recognition and could be a valuable asset.
However, it's important to note that certifications often cater to specific corporate preferences. I recommend reviewing job postings on sites like LinkedIn or Indeed to identify the certifications most sought after by your target employers. This will definitely optimize your prospects. Good luck, and I'm confident in your success!
Best regards,
Jamario
@@DionTraining got it. Thanks!!
Does CISA help me in GRC?
Yes, the CISA can be very helpful within the GRC framework. The CISA exam covers important topics including the auditing of governance, risk, and compliance. The CISA objectives contain a significant amount of overlap with the GRC framework.