Let me know your thoughts on this video👇 Thanks for watching! More learning resources below: SimplyCyber's GRC Master Class: academy.simplycyber.io/p/the-definitive-grc-analyst-program?affcode=1148220_ecdcaewe 📚 Google Cybersecurity Certificate: imp.i384100.net/k0R0rz 🧭 Springboard Cybersecurity Bootcamp (Get a Job or Your Money Back Guaranteed - $1000 off Code WITHSANDRA): www.springboard.com/landing/influencer/withsandra 📕 Get My FREE Cybersecurity Beginner Roadmap Guide: www.withsandra.dev/ Stay Connected: 👯 Join our Discord :D - discord.gg/2YZUVbbpr9 Connect on LinkedIn: www.linkedin.com/in/withsandra/
@@unanahbright9723 SimplyCyber's GRC Master Class is a great place to start! - academy.simplycyber.io/p/the-definitive-grc-analyst-program?affcode=1148220_ecdcaewe
I worked GRC for 20 years in the DOD industry. The dirty secret is the C suite claims to want a secure enterprise, but really doesn't want to do the work, doesn't want to spend the money. Along the way I obtained a CISSP, CISA, CISM , CCSP, CDPSE, CRISC & CEH. I never had a 4 year degree, but got into the industry through the sys admin route.
@@trueformchewii Every DOD project has a cyber component that oversees the "ATO", or "Authority To Operate". This is a complex system currently called "Risk Management Framework". It's a six step nonstop process, starting with Categorization and ending with Monitoring. If you're already in the DOD ask around, do some google searches and get involved at your current level.
This is exactly my domain of choice. My pathway is Bootcamp-Google Sec cert-GRC industry cert-consulting business-Job. Any help is welcomed as I’m a student.
I have started a job as a cybersecurity analyst 2 months ago at a French public administration. Transitioning into cyber after 4 and half years of web development. And it turns out my role sounds very GRC like whereas I was expecting to deal with incident response or digital forensics. I still hesitate between specializing into technical path or GRC. What I notice is that technical skills are going to be impacted by AI improvement, reducing the demand for technical people (at least in France from what I see). Besides because we are in the EU regulations are the new normal so GRC might be one of the most growing cyber path for the next years. Everyone wants to be a SOC Analyst but the job market is saturated for it, few people think about GRC
How do you get GRC job as 24 year old master graduate I just graduated so don’t really have much experience I intern for a smaller cyber security company as a cybersecurity analyst.
I have been in IT for several years. I am currently a Systems Administrator trying to move into a GRC Analyst or IT Auditor role. On March 11, 2024, I completed UnixGuy's GRC Mastery course. It has been frustrating looking for jobs. I am not new to technology, but I am new to GRC\IT Auditing, so I search for entry-level jobs. I keep seeing entry-level jobs that want 3 years of experience.
I have been in a GRC role for the last 3 years and have learned so much than anytime in my career. I mainly work on SOC 1 and 2, SOX, and PCI, but I am happy I made this career pivot.
What are the differences between Pentesting and GRC as jobs in terms of pay, work hours, demand, coolness, and climbing the ladder possibilities (manager, team lead, ciso..) ?
Grc is remarkably unsexy, and the most critical skill set imo is soft skills. People & critical thinking. Course you need to have your infosec & audit knowledge put together.
Dude, look it up yourself lol. I don't understand people like you. I see comments like this everywhere. Why would you waste the time typing out this comment, when you could have looked it up for yourself? Clearly this isn't the field for you. You need to think critically and clearly you'd rather have people do the thinking for you
I am currently an ISSO. I perform STIG scans mostly and report any non-compliant vulnerabilities to our SAs. I am also tasked with CTO which address which version of software are vulnerable. The most boring part of this job is creating policies and plans. Other than that, the job is pretty chill and it pays well. Once you get the hang of things, it is chill.
It's an end to end as you need to look at any organization from the bird's eye view in context of Cyber Security. Need to know NIST CSF, MITRE-AT&CK frameworks from implementation and auditing perspective
Well done Sandra, I agree that the emergence of AI will affectively result in the GRC space becoming the nucleus of the cysec world. Which is great news for those looking to enter into the job market as most GRC roles do not require a degree or advanced certification. Keep up the great work
For sure! Which is great bc every team I've been on where I've dealt with GRC/auditing, my least favorite part was writing the policies lol. It's only like 15% of what you're actually doing though, most of it is ensuring policies are being adhered to, leading audits (which could take months even years to complete btw), and leading the required changes from the audit results. It's a human heavy role, writing the policies is the easiest part
Glad to here! I'd also recommend SimplyCyber's GRC Master Class if you're looking for a beginner-level course: academy.simplycyber.io/p/the-definitive-grc-analyst-program?affcode=1148220_ecdcaewe Hope this helps!
Hello, Sandra! I was wondering if you could consider making a video on the types of lay-offs that companies could trick you into getting yourself into? I'm currently enrolled into IT in college, and like any other newbie, I wouldn't know what to do in that type scenario! Thank you so much! Love your videos, they've definitely encouraged me into Cybersecurity! :D
Hey, thanks so much for watching! Glad the videos have been helpful :D I'll definitely consider a video going into layoffs, I actually have a semi-related vid coming out this week on the entry-level job market that'll be really relevant. Hope this will help!
Will do! I also recommend SimplyCyber's GRC Master Class if you're just starting out - academy.simplycyber.io/p/the-definitive-grc-analyst-program?affcode=1148220_ecdcaewe
Interesting perspective. I appreciate the insights. I'd postulate that if there isn't more regulations and accountability for data breaches, then compliance will only cover the bare minimum.
yes GRC is easier, actually... basically knowing the standards and sending mails to people to abide by those standards, also a lot of meetings. It might get boring because is purely bureaucratic.
My personal input as an it sec engineer (red+blueteam): if you want to be technical, stay as far away from grc as possible. I deal with it around 1-2 times a week and it is by far the most boring part of my whole job, for no money in the world would I want to do this on a daily basis.
Appreciate you sharing your thoughts! Even though GRC isn't the most exciting or technical role, it is definitely still very important but may not be for everyone. Kudos to those who are fulltime GRC professionals 😄
@@Deshawn_Digital this is just my view, so take it with a grain of salt, I know their work is important, but: 1. You are giving people "homework" to do, so they have less time to work on their actual projects (necessary but disliked) 2. You are only an observer and are by definition not allowed to actually touch anything (because you cannot audit yourself) 3. The work is unending because as soon as one audit is done, the next audit is around the corner 4. Soo much paperwork, they basically live in MS Excel 5. International Compliance with GDPR and Most and everything is just a nightmare 6. Living with contradictions, because one law will ask you to do something, that the other law hinders you to do. (For example: log retention times in a SIEM, GDPR says: as little as necessary because of PII's, but for APT-Discovery you actually want as much data as possible) I could go on forever 😅
Curious to know, did any cyber security job interviews you done ever asked you to solve programming code questions by the interviewer? Thanks and love your contents.
Hey, thanks for watching! Out of all my cyber interviews, only one had a coding interview, which was bc they were looking for someone to work on their Secure SDLC program which meant I would be talking to devs and needed to know the general work flow/process for developers (which is diff for every company ofc). It was a pretty easy question though, probably ranked LeetCode easy, can't imagine anything above LeetCode easy unless you're applying for a more senior/sec engineering role, hope this helped! :)
I'm not sure if you made a video on this topic. However, can you make a video discussing what “Skill-Based Hiring” means and how we can obtain those skills?
GRC has actually been the basis of Cybersecurity for a very long time. It's just not very well published by those outside of the industry. Audits are useless unless they are ongoing. It's easy to become compliant for these audits, and then a few days after fall out of compliance. Companies do it all the time.
So just to confirm my understanding, GRC in cybersecurity is more about data regulations and privacy protection than it is directly engaging with cybersecurity tasks, in another word its a none technical term of the cybersecurity domain right? Assuming you confirm my query, GRC should not require deep knowledge of the 8 CISSP domain and the siem tool nor does it involve any technical tasks, meaning it shouldnt be a complex knowledge to acquire? However, i am more of a tech person, therefore my career path will be a bit more difficult and will require more effort 😢. Regardless good luck to all of you. May your dreams come true and .ay your effort blossom your gardens of education.
If I have my CySA+, Sec+, and my BS in Cybersecurity, could I get an entry level role in GRC? Also someone with these credentials (I’m going to increase my certs and hands on skill too) what could I expect for starting pay and what roles should I aim for? My apologies for the double question and Thanks for your time
I don't think so. CySa and Security+ have nothing to do with GRC, except for maybe they are good background knowledge. What you want to do is to get a CCA or similar certification. Also, there are MANY many areas of GRC.
Thank you so much for this video. I have shifted my career towards cybersecurity from Electrical Engineering. I have done Google IT Support and Cybersecurity certifications along with (ISC)2 Certified in Cybersecurity. I am now doing Microsoft Cybersecurity Analyst from Coursera. Please tell me how can I move towards GRC. Your advice will be highly appreciated and helpful for me. Note: I am struggling to land my first job even I have done some hands-on expereince.
As someone who is looking to switch careers (like now!) and does not have a ton of tech skills, I am wandering if this would be a good way to enter the field... and then I could develop technical skills to get a more tech intensive cybersecurity job... thoughts? and thank you!
Hi Karen, sure! I'll be making an upcoming vid on this topic, I do have this older video I made on GRC/Auditing a while back to give you some basics of the job! - ruclips.net/video/JZFZrN12RYw/видео.html Thanks for watching!
In a GRC role, do you do too many meetings? I’m an information security analyst. Not many meetings, once a week. But I’m thinking about going grc because nobody is hiring, you only see scams post and I need to make more money because nobody gives a considerable raise.
too bad there is sooo much gatekeeping when it comes to GRC roles...cause it's really easy if you have basic research, planning, and comprehension skills lol
I am studying information security and privacy and want to look for job in grc (mostly like risk management like policy and framework related not audit profile exactly)after completing my education. Any tips for new grad student for securing internship/job would be appreciated!! 🙂
So far it's a bit slow, which I expected, but also because I'm looking for a very specific type of role even for a security analyst. Wishing you all the best if you're also currently in the job market!
@@WithSandra I am currently doing a 4 month cybersecurity bootcamp (finished 2 months). Getting prepared for CySA+ certification exam in 6 weeks and for Splunk intro certification in 8 weeks
@guillermoal8514 The only jobs that have a very low chance of getting outsourced in the future are the ones that currently have government restrictions for citizenship(if they fall under ITAR or DFARS for example). But even those jobs are dependent on politicians' whimsy, and if enough of them are getting bought off by foreign governments to make policy changes.
Is their any place for a freelancer in cyber security? I can't work in full time because I'm helping my wife to run our business. But I have so much free time I can take another job but I have Bachelor in computer science but that was long time ago. I also trained in codecademy in some of programming languages.
HOW MUCH are the courses at symposia??? Do we need any previous it education before hand a plus or anything or can we start GRC WE NO PREV KNOWLEDGE? ??ANY HELP??🎉🎉❤
Much cheaper alternative is SimplyCyber's GRC Master Class if you're looking for a beginner-level course: academy.simplycyber.io/p/the-definitive-grc-analyst-program?affcode=1148220_ecdcaewe Hope this helps!
Spot on with content, but the editing makes it difficult to watch. Way too many cuts and the interlaced clips didn't add a whole lot of value. Consider just treating this like a vlog and engaging with viewers by talking through your own experiences instead of being so scripted in your delivery.
It's not the most glamorous role for sure. I've worked on internal auditing teams in a large bank and with third party auditors in a small SaaS company, both had very high stakes put on the cyber team to make sure everything auditing/GRC related went well. We would literally have customers who say "we need xyz audit completed or we're not signing" soo yep, very important for sure. I'd say red team is also very important though, just in a different way! Many audits typically will also require you to undergo an annual pentest so it all ties together haha
This is impossible to get job in GRC just from the course yes once you in the field and do the course and prove the knowledge then maybe yes but how who is gonna hire you after the GRC online course? Every employer needs someone with experience otherwise IT jobs would hire people with no skills and train them but it's challenging and the reason is always big paay and people fighting for one job 100-200 applications, prove me that I will get job after this course that i will pay you double
rEALLY GOTTA hate these type of youtubers that profit and make money off people trying to look for a career.. promoting services etc without caring where those viewers outcomes will be and how they sell a fake dream at times.
Let me know your thoughts on this video👇 Thanks for watching! More learning resources below:
SimplyCyber's GRC Master Class: academy.simplycyber.io/p/the-definitive-grc-analyst-program?affcode=1148220_ecdcaewe
📚 Google Cybersecurity Certificate: imp.i384100.net/k0R0rz
🧭 Springboard Cybersecurity Bootcamp (Get a Job or Your Money Back Guaranteed - $1000 off Code WITHSANDRA): www.springboard.com/landing/influencer/withsandra
📕 Get My FREE Cybersecurity Beginner Roadmap Guide: www.withsandra.dev/
Stay Connected:
👯 Join our Discord :D - discord.gg/2YZUVbbpr9
Connect on LinkedIn: www.linkedin.com/in/withsandra/
Would this be an option for someone just graduating?
GRC is definitely the highest growth area in cyber security!
I agree. well, I'm off to go get my CRISC & CISM haha
How can I get started?
@@lamaraikens9071 ruclips.net/video/_S4t9S5N4Ts/видео.html
Absolutely! I'm currently studying for my CISA certification.
Do you recommend getting sec+ or can I start applying before taking it
GRC is the most underrated and unappreciated role in cybersecurity! Thanks for bringing awareness to this niche Sandra🔥
What foundational courses do I need as a beginner before going into GRC?
Agreed! Thanks so much for watching :)
@@unanahbright9723 SimplyCyber's GRC Master Class is a great place to start! - academy.simplycyber.io/p/the-definitive-grc-analyst-program?affcode=1148220_ecdcaewe
@@WithSandrahow much is this thousands 😂 or what
I worked GRC for 20 years in the DOD industry. The dirty secret is the C suite claims to want a secure enterprise, but really doesn't want to do the work, doesn't want to spend the money. Along the way I obtained a CISSP, CISA, CISM , CCSP, CDPSE, CRISC & CEH. I never had a 4 year degree, but got into the industry through the sys admin route.
I have been on helpdesk for 8 years and looking for a new role to make 6 figures, is this a good route?
Can you elaborate on this comment? Im also in DOD space trying to get to grc
@@trueformchewii Every DOD project has a cyber component that oversees the "ATO", or "Authority To Operate". This is a complex system currently called "Risk Management Framework". It's a six step nonstop process, starting with Categorization and ending with Monitoring. If you're already in the DOD ask around, do some google searches and get involved at your current level.
@@Carlos-en1ws If you're in this only for the $$$, you're going to end up unhappy, as this job really demands your full attention.
How did you do this?
Can I send you an email?
I'm currently interviewing for a compliance position, my first cyber job. This video was very timely, with a lot of interesting points! Thank you.
Really glad this was relevant! Best of luck interviewing, you got this 😄💪
Good Luck muh Lord 😁🫡
That’s awesome!
Good luck! Do you have any certificate under your belt?
@@nanapoku5259 Yes I have Security+
This is exactly my domain of choice. My pathway is Bootcamp-Google Sec cert-GRC industry cert-consulting business-Job. Any help is welcomed as I’m a student.
Thanks for sharing your career path! Could you share with the community what specific GRC cert you got when starting out?
You can start with a entry lvl role in IT Infrastructure and get your hands dirty in Compliance platforms 8x8, Carbide etc then look into CIS Reports
Hi, Which bootcamp ?
I have started a job as a cybersecurity analyst 2 months ago at a French public administration. Transitioning into cyber after 4 and half years of web development. And it turns out my role sounds very GRC like whereas I was expecting to deal with incident response or digital forensics. I still hesitate between specializing into technical path or GRC. What I notice is that technical skills are going to be impacted by AI improvement, reducing the demand for technical people (at least in France from what I see). Besides because we are in the EU regulations are the new normal so GRC might be one of the most growing cyber path for the next years. Everyone wants to be a SOC Analyst but the job market is saturated for it, few people think about GRC
How do you get GRC job as 24 year old master graduate I just graduated so don’t really have much experience I intern for a smaller cyber security company as a cybersecurity analyst.
I've been working in GRC for the last several years, and it has been a great experience!
Glad to hear! Thanks for sharing your experience :)
Do you need security clearance for that role
I’m currently in Symposia boot camp I’m super excited!
This is exactly my cybersecurity path. Thanks for this video
NP, Thanks for watching!
I'm glad you are doing well, young friend. Right now I got some interviews hitting up my phone while at the same time studying for Network+!!!
That's awesome Larry! Best of luck studying and on your interviews! 😁
I have been in IT for several years. I am currently a Systems Administrator trying to move into a GRC Analyst or IT Auditor role. On March 11, 2024, I completed UnixGuy's GRC Mastery course. It has been frustrating looking for jobs. I am not new to technology, but I am new to GRC\IT Auditing, so I search for entry-level jobs. I keep seeing entry-level jobs that want 3 years of experience.
It's so frustrating. I've seen maybe 3 actual entry level analyst reqs in my 10 years in grc. Apply anyway. They are desperate for good people.
Get your CISSP. It's the closest thing to magic I saw in a 20 year career in cyber. It opens so many doors.
I have been in a GRC role for the last 3 years and have learned so much than anytime in my career. I mainly work on SOC 1 and 2, SOX, and PCI, but I am happy I made this career pivot.
Such a great video with so much good information! Thanks and keep up the good work!!❤️👍🏽
What are the differences between Pentesting and GRC as jobs in terms of pay, work hours, demand, coolness, and climbing the ladder possibilities (manager, team lead, ciso..) ?
Let it go this isn’t for you
Grc is remarkably unsexy, and the most critical skill set imo is soft skills. People & critical thinking. Course you need to have your infosec & audit knowledge put together.
@@mato_fato_ma-ah-fala-falafellol right
Dude, look it up yourself lol. I don't understand people like you. I see comments like this everywhere. Why would you waste the time typing out this comment, when you could have looked it up for yourself? Clearly this isn't the field for you. You need to think critically and clearly you'd rather have people do the thinking for you
@@justinkassinger8238 lol
I am currently an ISSO. I perform STIG scans mostly and report any non-compliant vulnerabilities to our SAs. I am also tasked with CTO which address which version of software are vulnerable. The most boring part of this job is creating policies and plans. Other than that, the job is pretty chill and it pays well. Once you get the hang of things, it is chill.
Always great to hear what someone actually works on on their day to day without the fancy buzzwords. Thanks for sharing!
When you started isso did you have previous experience ? I just finished a certificate class from a program 😭
Is ISSO job the same as GRC? If not, how are they different?
@@jasonsmart3141 GRC is ISSO, ISSM, SCA, and AO.
and by writing writing up policy you mean updating us on newly scanned vulnerabilities fr the scans etc ? That’s not too bad
It's an end to end as you need to look at any organization from the bird's eye view in context of Cyber Security. Need to know NIST CSF, MITRE-AT&CK frameworks from implementation and auditing perspective
Well done Sandra,
I agree that the emergence of AI will affectively result in the GRC space becoming the nucleus of the cysec world. Which is great news for those looking to enter into the job market as most GRC roles do not require a degree or advanced certification. Keep up the great work
Thanks, Sandra, I was looking into the GIAC but the GRC may be easier to obtain.
Hello Sandra, I think I'll watch this with pleasure.
Great video and you're a gem and one of those people you are talking about doing sort of apprenticeship and retraining for cybersecurity
Isn't it likely that the side of GRC more focused on policy writing would get replaced by AI and autonomous workflows?
For sure! Which is great bc every team I've been on where I've dealt with GRC/auditing, my least favorite part was writing the policies lol. It's only like 15% of what you're actually doing though, most of it is ensuring policies are being adhered to, leading audits (which could take months even years to complete btw), and leading the required changes from the audit results. It's a human heavy role, writing the policies is the easiest part
Im just starting learning IT, and love it, I'd like to learn more about cyber securities.
what coincidence, GRC is exactly the field i am going for
Glad to here! I'd also recommend SimplyCyber's GRC Master Class if you're looking for a beginner-level course: academy.simplycyber.io/p/the-definitive-grc-analyst-program?affcode=1148220_ecdcaewe Hope this helps!
Hello, Sandra!
I was wondering if you could consider making a video on the types of lay-offs that companies could trick you into getting yourself into?
I'm currently enrolled into IT in college, and like any other newbie, I wouldn't know what to do in that type scenario!
Thank you so much!
Love your videos, they've definitely encouraged me into Cybersecurity! :D
Hey, thanks so much for watching! Glad the videos have been helpful :D I'll definitely consider a video going into layoffs, I actually have a semi-related vid coming out this week on the entry-level job market that'll be really relevant. Hope this will help!
Thanks sandra for sharing , Please do video about GRC Land and portifio projects for entry level Roles
Will do! I also recommend SimplyCyber's GRC Master Class if you're just starting out - academy.simplycyber.io/p/the-definitive-grc-analyst-program?affcode=1148220_ecdcaewe
Interesting perspective. I appreciate the insights. I'd postulate that if there isn't more regulations and accountability for data breaches, then compliance will only cover the bare minimum.
Hi Sandra, thanks for the video.
NP, glad it could be helpful!
are jobroles in GRC as welcoming for freshers as CySec analysts or testers/ethical hackers?
yes GRC is easier, actually... basically knowing the standards and sending mails to people to abide by those standards, also a lot of meetings. It might get boring because is purely bureaucratic.
I'm currently doing the google cybersecurity cert I plan on going into GRC.
Great video thank you for all the help.
My personal input as an it sec engineer (red+blueteam): if you want to be technical, stay as far away from grc as possible. I deal with it around 1-2 times a week and it is by far the most boring part of my whole job, for no money in the world would I want to do this on a daily basis.
Appreciate you sharing your thoughts! Even though GRC isn't the most exciting or technical role, it is definitely still very important but may not be for everyone. Kudos to those who are fulltime GRC professionals 😄
@@WithSandra they have my outmost respect and I love them, but I would not want to trade my job with them for a week 😅
@@Kura_mon why is that? im curious about entering in cyber
@@Deshawn_Digital this is just my view, so take it with a grain of salt, I know their work is important, but: 1. You are giving people "homework" to do, so they have less time to work on their actual projects (necessary but disliked) 2. You are only an observer and are by definition not allowed to actually touch anything (because you cannot audit yourself) 3. The work is unending because as soon as one audit is done, the next audit is around the corner 4. Soo much paperwork, they basically live in MS Excel 5. International Compliance with GDPR and Most and everything is just a nightmare 6. Living with contradictions, because one law will ask you to do something, that the other law hinders you to do. (For example: log retention times in a SIEM, GDPR says: as little as necessary because of PII's, but for APT-Discovery you actually want as much data as possible)
I could go on forever 😅
Fair 😂😂
Curious to know, did any cyber security job interviews you done ever asked you to solve programming code questions by the interviewer? Thanks and love your contents.
Hey, thanks for watching! Out of all my cyber interviews, only one had a coding interview, which was bc they were looking for someone to work on their Secure SDLC program which meant I would be talking to devs and needed to know the general work flow/process for developers (which is diff for every company ofc). It was a pretty easy question though, probably ranked LeetCode easy, can't imagine anything above LeetCode easy unless you're applying for a more senior/sec engineering role, hope this helped! :)
@WithSandra What foundational courses do I need as a beginner before going into GRC? Already connected with you on LinkedIn
I'm not sure if you made a video on this topic. However, can you make a video discussing what “Skill-Based Hiring” means and how we can obtain those skills?
Hi Sandra please could you explain the relevant certificates you need to be on the GRC pathway
GRC has actually been the basis of Cybersecurity for a very long time. It's just not very well published by those outside of the industry. Audits are useless unless they are ongoing. It's easy to become compliant for these audits, and then a few days after fall out of compliance. Companies do it all the time.
Thank you Sandra, able to explain or prepare a short informative session on AI governance ?
So just to confirm my understanding, GRC in cybersecurity is more about data regulations and privacy protection than it is directly engaging with cybersecurity tasks, in another word its a none technical term of the cybersecurity domain right? Assuming you confirm my query, GRC should not require deep knowledge of the 8 CISSP domain and the siem tool nor does it involve any technical tasks, meaning it shouldnt be a complex knowledge to acquire? However, i am more of a tech person, therefore my career path will be a bit more difficult and will require more effort 😢. Regardless good luck to all of you. May your dreams come true and .ay your effort blossom your gardens of education.
I took an information assurance class in college and had to write so many policies and risk assessments and stuff like that…. It can get boring 😂
Hahaha I will never say that GRC is the most exciting area of cyber xD but it's definitely very important!
Don’t forget the NIST framework.
100%!
If I have my CySA+, Sec+, and my BS in Cybersecurity, could I get an entry level role in GRC?
Also someone with these credentials (I’m going to increase my certs and hands on skill too) what could I expect for starting pay and what roles should I aim for?
My apologies for the double question and Thanks for your time
I don't think so. CySa and Security+ have nothing to do with GRC, except for maybe they are good background knowledge. What you want to do is to get a CCA or similar certification. Also, there are MANY many areas of GRC.
learn Risk management Framework(RMF)
Based on your questions just let it go. Switch careeers
@@mato_fato_ma-ah-fala-falafel😂😂
i want to start a career in cyber security, am a first year student at the uni
I just got my security+ cer and i am looking to get a GRC job.
GRC might be my "LEAST DESIRABLE" path in CYBERSECURITY!🤫🤔
Well, it's definitely not for everyone xD. Some people may find policies and audits a bit too boring haha, I think it's all pretty interesting tho!
Thank you so much for this video. I have shifted my career towards cybersecurity from Electrical Engineering. I have done Google IT Support and Cybersecurity certifications along with (ISC)2 Certified in Cybersecurity. I am now doing Microsoft Cybersecurity Analyst from Coursera. Please tell me how can I move towards GRC. Your advice will be highly appreciated and helpful for me. Note: I am struggling to land my first job even I have done some hands-on expereince.
Great information ✊🏼😎
Glad it could be helpful! :)
In my country, if you search for Cyber Security jobs online, around 95% GRC jobs show up in the search results.
@noah4721
Which country are you from?
🤔
Thanks sandra!!
As someone who is looking to switch careers (like now!) and does not have a ton of tech skills, I am wandering if this would be a good way to enter the field... and then I could develop technical skills to get a more tech intensive cybersecurity job... thoughts? and thank you!
Is GRC an entry level level role?
Can you cover more in detail what GRC is comprised of and the type of training certs needed to enter this field ? Love your content
Hi Karen, sure! I'll be making an upcoming vid on this topic, I do have this older video I made on GRC/Auditing a while back to give you some basics of the job! - ruclips.net/video/JZFZrN12RYw/видео.html Thanks for watching!
@@WithSandra Thank you so much!
Dude! You are amazing OMG..
I subscribed because of her voice and quality content
Hey, thanks! :D Im glad I got this new mic haha, much crispier than camera audio
@@WithSandra definitely is compared to your older videos! At least you’re investing and it’s only going up from here!
In every career, now the question is HOW AI will impact it. @withsandra, do u think AI will impact GRC heavily? Ur 2 cents pls
lol sorry, u answer it very well. i commented before watching the video xD
In a GRC role, do you do too many meetings? I’m an information security analyst. Not many meetings, once a week. But I’m thinking about going grc because nobody is hiring, you only see scams post and I need to make more money because nobody gives a considerable raise.
too bad there is sooo much gatekeeping when it comes to GRC roles...cause it's really easy if you have basic research, planning, and comprehension skills lol
those jobs are more a matter of luck and social skills than knowledge, people in GRC don't know much in reality
very useful video about GRC
Can you please tell us how to freelance in grc?
How much is Symposia?
Absolutely 👍
Glad this video could be helpful Daniel!
Network shock?
I am studying information security and privacy and want to look for job in grc (mostly like risk management like policy and framework related not audit profile exactly)after completing my education.
Any tips for new grad student for securing internship/job would be appreciated!! 🙂
Sandra, how is your job search going ?
So far it's a bit slow, which I expected, but also because I'm looking for a very specific type of role even for a security analyst. Wishing you all the best if you're also currently in the job market!
@@WithSandra I am currently doing a 4 month cybersecurity bootcamp (finished 2 months). Getting prepared for CySA+ certification exam in 6 weeks and for Splunk intro certification in 8 weeks
can cybersecurity be outsourced?
It has been getting outsourced for years.
@@Jack-yl7cc what about cloud engineering?
@guillermoal8514 The only jobs that have a very low chance of getting outsourced in the future are the ones that currently have government restrictions for citizenship(if they fall under ITAR or DFARS for example). But even those jobs are dependent on politicians' whimsy, and if enough of them are getting bought off by foreign governments to make policy changes.
Is their any place for a freelancer in cyber security? I can't work in full time because I'm helping my wife to run our business. But I have so much free time I can take another job but I have Bachelor in computer science but that was long time ago. I also trained in codecademy in some of programming languages.
HOW MUCH are the courses at symposia??? Do we need any previous it education before hand a plus or anything or can we start GRC WE NO PREV KNOWLEDGE? ??ANY HELP??🎉🎉❤
I pray for more apprenticeships come out! 🙏🏾😩
100%!
Lost interest in the video after finding out who does the training. Program is very expensive
Much cheaper alternative is SimplyCyber's GRC Master Class if you're looking for a beginner-level course: academy.simplycyber.io/p/the-definitive-grc-analyst-program?affcode=1148220_ecdcaewe Hope this helps!
I heard that GRC is a very high paying career.
It can be but not guaranteed. A lot of companies are trying to do more with less now days.
Spot on with content, but the editing makes it difficult to watch. Way too many cuts and the interlaced clips didn't add a whole lot of value. Consider just treating this like a vlog and engaging with viewers by talking through your own experiences instead of being so scripted in your delivery.
is GRC technical at all?
Nope
No, it's not
As much as I dislike GCRC from my last company I see this role in cyber world more needed than penetration testing/red teaming.
It's not the most glamorous role for sure. I've worked on internal auditing teams in a large bank and with third party auditors in a small SaaS company, both had very high stakes put on the cyber team to make sure everything auditing/GRC related went well. We would literally have customers who say "we need xyz audit completed or we're not signing" soo yep, very important for sure. I'd say red team is also very important though, just in a different way! Many audits typically will also require you to undergo an annual pentest so it all ties together haha
Can find malware with it?
very interesting
glad this could help!
This is impossible to get job in GRC just from the course yes once you in the field and do the course and prove the knowledge then maybe yes but how who is gonna hire you after the GRC online course? Every employer needs someone with experience otherwise IT jobs would hire people with no skills and train them but it's challenging and the reason is always big paay and people fighting for one job 100-200 applications, prove me that I will get job after this course that i will pay you double
$30k+ for this program, just so you are informed.
🤢
This is a promotion my friends . Don't fall into the trap of RUclipsrs !!
rEALLY GOTTA hate these type of youtubers that profit and make money off people trying to look for a career.. promoting services etc without caring where those viewers outcomes will be and how they sell a fake dream at times.
Sounds like you just gotta work harder 😭😭
I just want companies to pay me to break into their systems
So GRC is the area responsible for auditing? No, thanks. Too boring!
Boring but pays well!
Some people do find it boring xD, I think it's pretty interesting though!
Wilson Shirley Thompson Ruth Young Richard
Hernandez Robert Rodriguez Nancy Thomas Kimberly
Smith Anthony Walker Linda Martinez Steven
Wilson Daniel Young Jessica Davis Brenda
Chubby cupcakes women tells what I need to know
She is too hyper when she talks slow down girl
You can set it to .75x speed if that helps! I watch vids in 2x so its a habit
you're beauty looks average at first then suddenly gets more beautiful.
Immature
You speak too fast with editing, no one chase you