I look forward to crowdsourcing answers to these questions at GRC Study Hall tonight, with Chris Whitlock from the Simply Cyber community. Here's another one I received: "I want to pursue my career in GRC Auditing. But I am confused about the certifications in Auditing. I have knowledge of cybersecurity and penetration testing and also have experience in that. For Auditing we have iso27001 LA but if I go with PECB or BSI, then the certification is costly. But there is one more provider SKILLFRONT, which is cheaper. Can you tell me if I can go with skillfront certification or not."
Nice video,thanks for the video,after sec and Net+ Comptia and GRC certification,which roadmap Do you suggest for becoming Data loss prevention analyst?
Hey thanks for watching and the question! While I work closely with the InfoSec team for their DLP controls I’ve not performed or hired that type of role before. Have you seen the Simply Cyber community on Discord? I’m sure you’d find more Blue Team people there who would have good experiences and perspectives to share to help you determine a good training path.
I know it's not security, but would having the CCNA cert and a little experience in networking be a not too difficult of a transition to GRC , instead of the networking career path? Sorry if the question is too vague.
Networking is an above average, awesome entry point! Similar to how I used a T-Shaped skill strategy with deep knowledge of system integrity controls with access and change management, your strong domain to get a foothold and add value from day 1 can be networking controls.
what do you think about the grc mastery by unixguy compared to the simply cyber master class in terms of getting knowledge directly transferable 1:1 to the job and interview success
I'm a fan of Unix Guy’s RUclips channel, and I recently spoke with Cyber Salih, who enjoyed that course. Unix Guy’s perspective as a CISO and consultant is valuable, and I really like his straight talk and encouragement of new entrants. While I haven’t taken his $497 course, I can speak highly of the Simply Cyber Masterclass, which has over 10,400 students and is priced at $149. Additionally, my NIST CSF and upcoming Risk Management AKYLADE certification prep courses in Simply Cyber Academy offer certifications that hiring managers can recognize, compared to a certificate of completion. I recently discussed in a podcast on my channel with Jason Dion and Alyson Laderman how AKYLADE focuses on hands-on, practitioner-focused certifications that are also affordable. Thanks for the question and let me know if you have any more.
Thank you for this wealth of information, I will be using it. I completed my Security+ training in February and afterwards completed a GRC mastery course by Unixguy on youtube. I was looking to take the IT Risk Fundamentals exam by ISACA as it seemed like a cert I qualified for as someone with no IT experience. Do you think it will be worthwhile to pursue?
Great start with Sec+ and a GRC course! Before pursuing the next Education related task in your Career Development Plan, are there Relationship or Experience related goals/stretch assignments you think might be a higher priority? I have a CDP video and template on my blog you’re welcome to check out. Also I’d be happy to continue this discussion to more directly answer your question.
Ok, so the job postings will name Isaca certs but job postings seem to always say “or other equivalent” so I decided I should (and I did) get the CCSK certification and open book or not it was difficult do pass. Note the questions where written (maybe Europeans communicate differently than US and therefore it adds a language disconnect?). Also, i took two udemy classes for cloud and got through the AWS practitioner certification previous to the CCSK and this was great because the CCSK material is in there and CCSK reaffirmed (shared responsibility model etc). The cloud knowledge was key in helping me get straight all the tech involved such as monitoring, backing up, least privilege, siem, edr… HINT: You missed software as a possible route such as becoming an admin for something such as Service now or Archer?? I feel that after the AWS cloud Practitioner and CCSK I was ready to see the practical workaday stuff and took the GRC masterclass which his stream of consciousness way of instructing was perfect to let me see how a seasoned GRC professional completes audits and risk assessment etc.
I believe you missed OCEG as a good resource and with a discount code the pro membership looks to be a good bargain as it includes live streams and classes and certifications…lots of support. Do you believe OCEG is a good organization as well?
It’s ranked higher on Cyberseek but I don’t think it’s a binary question. It depends on the specific job you are targeting and whether you have something else like the CISSP. CISM is very popular for GRC and I had it as a runner up.
I think so given the scale and growth of cloud serivces. In Finance a lot of SaaS financial systems need cloud security for SOX Compliance. And although SOC2 is for any Service Organization and not just cloud services, some really important Cloud Service Providers need GRC practitioners for assurance work on both the vendor and customer sides. I had AWS Certified Cloud Practitioner on an early version of GRC Cert Roadmap 1.0. I ended up cutting it though to keep it simple and to not have to add more for Azure or GCP shops etc. If you're interested in more info on "Cloud Native Compliance," definately check out the GRC Engineering youtube channel.
No right answer here but some thoughts to consider: writing the CISA or another widely recognized cert can be worthwhile before meeting the experience requirement because: you gain knowledge, demonstrate commitment, show that you can follow through on hard things, get an ATS hit with your resume that says it’s in progress. Cloud training is also great to get a better understanding of the underlying technology that needs assurance.
hi, thank you for your video. I am based in the UK, I have no experience in cyber security and/or IT, but I want to change careers and I believe i have transferable skills for GRC roles. Is this roadmap suitable for UK residents? if not, could you please advise on a road map for uK residents, thank you.
Great information, thank you Steve.
This was a really good roadmap breakdown. Thank you!
Thanks for watching and the comment! Let me know if you have any questions.
I look forward to crowdsourcing answers to these questions at GRC Study Hall tonight, with Chris Whitlock from the Simply Cyber community. Here's another one I received: "I want to pursue my career in GRC Auditing. But I am confused about the certifications in Auditing. I have knowledge of cybersecurity and penetration testing and also have experience in that. For Auditing we have iso27001 LA but if I go with PECB or BSI, then the certification is costly. But there is one more provider SKILLFRONT, which is cheaper. Can you tell me if I can go with skillfront certification or not."
Nice video,thanks for the video,after sec and Net+ Comptia and GRC certification,which roadmap Do you suggest for becoming Data loss prevention analyst?
Hey thanks for watching and the question! While I work closely with the InfoSec team for their DLP controls I’ve not performed or hired that type of role before. Have you seen the Simply Cyber community on Discord? I’m sure you’d find more Blue Team people there who would have good experiences and perspectives to share to help you determine a good training path.
Very Valuable, thank you.
Thanks for watching and the comment. If you have any questions, just let me know.
Thanks, great info.
Thanks for watching!
I know it's not security, but would having the CCNA cert and a little experience in networking be a not too difficult of a transition to GRC , instead of the networking career path? Sorry if the question is too vague.
Networking is an above average, awesome entry point! Similar to how I used a T-Shaped skill strategy with deep knowledge of system integrity controls with access and change management, your strong domain to get a foothold and add value from day 1 can be networking controls.
what do you think about the grc mastery by unixguy compared to the simply cyber master class in terms of getting knowledge directly transferable 1:1 to the job and interview success
I'm a fan of Unix Guy’s RUclips channel, and I recently spoke with Cyber Salih, who enjoyed that course. Unix Guy’s perspective as a CISO and consultant is valuable, and I really like his straight talk and encouragement of new entrants. While I haven’t taken his $497 course, I can speak highly of the Simply Cyber Masterclass, which has over 10,400 students and is priced at $149. Additionally, my NIST CSF and upcoming Risk Management AKYLADE certification prep courses in Simply Cyber Academy offer certifications that hiring managers can recognize, compared to a certificate of completion. I recently discussed in a podcast on my channel with Jason Dion and Alyson Laderman how AKYLADE focuses on hands-on, practitioner-focused certifications that are also affordable. Thanks for the question and let me know if you have any more.
Thank you for this wealth of information, I will be using it. I completed my Security+ training in February and afterwards completed a GRC mastery course by Unixguy on youtube. I was looking to take the IT Risk Fundamentals exam by ISACA as it seemed like a cert I qualified for as someone with no IT experience. Do you think it will be worthwhile to pursue?
Great start with Sec+ and a GRC course! Before pursuing the next Education related task in your Career Development Plan, are there Relationship or Experience related goals/stretch assignments you think might be a higher priority? I have a CDP video and template on my blog you’re welcome to check out. Also I’d be happy to continue this discussion to more directly answer your question.
How was the grad mastery course like? Do you think it is a good course to pursue?
Grc*
Good intel!
Glad you think so!
Ok, so the job postings will name Isaca certs but job postings seem to always say “or other equivalent” so I decided I should (and I did) get the CCSK certification and open book or not it was difficult do pass. Note the questions where written (maybe Europeans communicate differently than US and therefore it adds a language disconnect?).
Also, i took two udemy classes for cloud and got through the AWS practitioner certification previous to the CCSK and this was great because the CCSK material is in there and CCSK reaffirmed (shared responsibility model etc). The cloud knowledge was key in helping me get straight all the tech involved such as monitoring, backing up, least privilege, siem, edr…
HINT: You missed software as a possible route such as becoming an admin for something such as Service now or Archer??
I feel that after the AWS cloud Practitioner and CCSK I was ready to see the practical workaday stuff and took the GRC masterclass which his stream of consciousness way of instructing was perfect to let me see how a seasoned GRC professional completes audits and risk assessment etc.
I believe you missed OCEG as a good resource and with a discount code the pro membership looks to be a good bargain as it includes live streams and classes and certifications…lots of support. Do you believe OCEG is a good organization as well?
I have them as a “runner up” for Intermediate I
Sounds like you’re on a good path - great stuff! And good note about software admin being an entry point.
is CISA having more value than CISM ?
It’s ranked higher on Cyberseek but I don’t think it’s a binary question. It depends on the specific job you are targeting and whether you have something else like the CISSP. CISM is very popular for GRC and I had it as a runner up.
just curious to know why did you not just transfer over into data analytics with your professional background and credentials
Both great options. And there’s a Venn diagram here of overlap.
Dicki Square
Jones William Young Kevin Lewis Anthony
is experience in cloud security important?
I think so given the scale and growth of cloud serivces. In Finance a lot of SaaS financial systems need cloud security for SOX Compliance. And although SOC2 is for any Service Organization and not just cloud services, some really important Cloud Service Providers need GRC practitioners for assurance work on both the vendor and customer sides. I had AWS Certified Cloud Practitioner on an early version of GRC Cert Roadmap 1.0. I ended up cutting it though to keep it simple and to not have to add more for Azure or GCP shops etc. If you're interested in more info on "Cloud Native Compliance," definately check out the GRC Engineering youtube channel.
@@cpatocybersecurity since the cisa and iso certs require work ex do you recommend sec+ instead of the cloud certs like sc-900?
No right answer here but some thoughts to consider: writing the CISA or another widely recognized cert can be worthwhile before meeting the experience requirement because: you gain knowledge, demonstrate commitment, show that you can follow through on hard things, get an ATS hit with your resume that says it’s in progress. Cloud training is also great to get a better understanding of the underlying technology that needs assurance.
It really depends on the job you’re targeting. If it’s an Azure shop with a cloud compliance need, Azure cloud certs would go a long way.
@@cpatocybersecurity great! thanks for the clarity!
hi, thank you for your video. I am based in the UK, I have no experience in cyber security and/or IT, but I want to change careers and I believe i have transferable skills for GRC roles. Is this roadmap suitable for UK residents? if not, could you please advise on a road map for uK residents, thank you.