Break into Cybersecurity in 2022 (Entry Level GRC Role)
HTML-код
- Опубликовано: 4 июл 2024
- In this video, I'm sharing a GRC job that will lend itself to entry-level opportunities and will be in demand in late 2021, early 2022 as the federal government begins requiring companies to be certified in accordance with CMMC which will require professionals to help prepare an organization, independently audit, and consult.
This video explains what CMMC is, where it came from, what you need to know as a cybersecurity professional.
📒 Show Notes 📒
⏰ Markers
0:00 Preview
1:18 Why is CMMC going to be a big job space?
2:49 What is CMMC?
3:55 Why is CMMC even exist? (background)
8:16 How to get deeper understanding of the CMMC details?
10:32 Excel sheet that you can use as a punch list
13:32 CMMC type jobs
16:35 CMMC Discord Server
17:51 Shameless plug for my new book that comes out on 9/9/21 with coupon code
12:46 Scoping CMMC
🧰 Resources
CMMC www.acq.osd.mil/cmmc/
Excel Document of All Controls www.imec.org/wp-content/uploa...
CMMC Discord Server Https://cooey.life
Simply Cyber's mission is to help purpose driven professionals make and and take a cybersecurity career further, faster.
📱 Social Media
LinkedIn: / geraldauger
Twitter: / gerald_auger
RUclips: / geraldauger
Discord: / discord
Twitch: / gerald_auger_simplycyber
🔥 My Curated Website of Free Cyber Resources
SimplyCyber.io
📷 🎙 💡 MY STUDIO SETUP
📷 Camera / Video
Sony Alpha a6400 amzn.to/2TZliEb
Sigma 30mm F1.4 amzn.to/3hEJFA2
Gonine AC-PW20 AC Adapter (for a6400) amzn.to/3wDZBqc
Fotga 52mm Slim Fader amzn.to/3khne5w
Boom Scissor Arm Stand amzn.to/3efSv5b
Logitech C922 Pro Stream Webcam 1080P amzn.to/3i8AI0B
BlueAVS HDMI to USB Video Capture Card 1080P amzn.to/3i5JAEk
Anker USB C to HDMI Adapter amzn.to/3kjjoJ4
60-Inch Lightweight Tripod amzn.to/36B5j1u
5X 6.5ft Portable Green Screen Chromakey Collapsible amzn.to/3efW9Mp
Glide Gear TMP100 Adjustable Teleprompter amzn.to/3B36DrZ
🎙 Audio
Blue Yeti Nano Premium USB Mic amzn.to/3efWcb3
BOYA BY-M1 3.5mm Electret Condenser Microphone amzn.to/3AZzJIN
Boom Scissor Arm Stand amzn.to/3efSv5b
Neewer Professional Microphone Pop Filter Shield amzn.to/3ekdZOi
💡 Lighting
UBeesize 10’’ LED Ring Light amzn.to/3i23qAm
Neewer Ring Light Kit:18"/48cm Outer 55W 5500K Dimmable LED Ring Light amzn.to/2U0slwo
Fovitec 2-Light High-Power Fluorescent Studio Lighting Kit amzn.to/36zDS8A
Neewer 2-Pack Dimmable 5600K USB LED amzn.to/3B0crCQ
Neewer 480 RGB Led Light amzn.to/2Vzwmbf
60-Inch Lightweight Tripod amzn.to/36B5j1u
🧑🏻💻 Workstation
2020 Apple Mac Mini with Apple M1 Chip amzn.to/3wybMVL
Logitech MX Master 3 Advanced Wireless Mouse amzn.to/3xFCkWp
Apple Magic Keyboard amzn.to/3ehMRiP
Huanuo Dual Monitor Stand Mount amzn.to/3keFZqc
Dell U2717D IPS 27" UltraSharp InfinityEdge Slim Widescreen amzn.to/36znqoG
USB C to SD Card Reader amzn.to/2VG1RRd
StarTech 2 Port USB C KVM Switchamzn.to/3efWoa7
Toshiba Canvio Basics 1TB Portable External Hard Drive USB 3.0 amzn.to/3hZOK4A
External Hard Drive Portable Carrying Case amzn.to/3r62XRM
Mountable Surge Protector Power Strip with USB 5 Outlets 3 USB Ports amzn.to/3wDmlqv
🥼 Raspberry Pi Lab
Raspberry SC15184 Pi 4 Model B 2019 Quad Core 64 Bit WiFi Bluetooth (2GB) amzn.to/3i61EhI
Miuzei Case for Raspberry Pi amzn.to/2Vzyrnz
Micro Center 32GB Class 10 Micro SDHC Flash Memory Card with Adapter amzn.to/3B0Qm6X
Micro HDMI to HDMI Cable 6FT amzn.to/3ekpiG3
👉 Some product links are affiliate links which means if you buy something SimplyCyber receives a small commission (but it all costs the same to you, so consider it supporting the channel 😉 )
🙌🏼 Donate
Like the channel and got value? Please consider supporting the channel
www.buymeacoffee.com/SimplyCyber
😎 Merch 😎
👉🏼 SimplyCyber Branded Gear: teespring.com/stores/simplycyber
🎥 Livestreams are produced through StreamYard.
$10 credit using my referral link below if you ever upgrade to pro plan.
streamyard.com?pal=6534222448689152
Disclaimer: All content reflects the thoughts and opinions of Gerald Auger and the speakers themselves, and are not affiliated with the employer of those individuals unless explicitly stated. Наука
Did Gerald just gave out free employment opportunity without certifications hassle for IT job opportunity.....time spent on RUclips paid off.....you earn my respect and Hats off!!!
:). I guess I did and thank you. Appreciate the support.
Thanks for this great video, Gerald! Love the idea for entry-level people to focus on CMMC. A bit easier to compete when no one has much experience with a new standard.
Yet again I'm grateful for having come across your RUclips channel and chatted with you. This video is another fine example of how willing you are to help people get into the cybersecurity space. It's very interesting as far as an opportunity for entry level jobs in the cybersecurity area. I'm going to check out all the links and do some research on it. Thank you so much again and looking forward to the book. :-) PS digging the 80s style background colors. Totally rad! :-)
This channel is bad ass dude, the vids like everyone of them. props
Yes! I’ll take bad ass 😎. Thanks for taking time to share
Thank you very much for sharing this info Gerald. Actually, all your videos are very informative especially for people like me just starting on Cybersecurity..
Great video. Thanks for diving into CMMC! I am looking at GRC roles and CMMC is a hot topic.
Literally the info I was looking for, thanks for sharing!
AWESOME! First comment I read, and making my day 😎
Absolutely awesome insight into grc. Thank you!
Thank you for this great content as it gives me hope I can finally break into the cyber security field. Currently an AML compliance analyst I have hopes of switching paths into Cyber as I completely my masters and obtaining Sec + over the past two years. This field sounds like something I can do that won’t harp on my lack of technical skills.
Started my career shift to GRC. So I really appreciate this valuable information.
Hi Gerald, since the first day I checked on your RUclips site, I’ve NEVER looked back. You’re always providing relevant, very useful education on Cybersecurity.
Thanks so much.
Thanks for the kind words and happy to hear it’s brought you value. I’ll
Keep at it!
@@SimplyCyber hi Gerald can u please guide me how to get started in cyber defence( networking concept required etc.) required
Awesome video as always G. Definitely this hits home for me as GRC was my first stepping stone in Security. I know what I am brushing up on now :D
100% can relate to having examples on how the control is being described, sometimes when a a question is so technical I find myself having to google real-world examples on how that is being used in an environment so that I can obviously evaluate it. (Thank you for the excel sheet!)
Another super useful video, especially for a newbie like myself. Thanks
Wow, awesome video, thanks for the indepth info, looking to get into IT / Cyber
Awesome video. Great advice.
I love your channel. I recently graduated from a cyber security boot camp and I’m brand new to information security as a whole. Your videos have helped me understand more about the job landscape and helped guide my decision making for the certifications that I will be getting and my overall direction within the space. Thank you!
Awesome , Thanks for this information 😊
Definitely looking into this CMMC certification.
Thanks you sir , this is amazing video along with great knowledge .
So nice of you
Thanks for all of this info. I had already attended a webinar around CMMC - so this helped make more sense of tactics for my career.
Great. I'm going to do a livestream where i go into the spreadsheet and tell folks whats up. Stay tuned. :)
@@SimplyCyber Super! If you need help - let me know.
Here it is: Deep Dive on CMMC Controls (Roll Up Your Sleeves). ruclips.net/video/uWKCSx1V3wM/видео.html
Very interesting. Thanks for this.
im currently pursuing my bachelors at EC council university this video really gave clarity about what should I do next thanks of uploading keep sharing knowledge
Thank you very much!
Anyone have any promo codes for his course?
Wow! I’m an IT contractor now lol.
My goal is to do IT project management and governance work. I’m in grad school for it management and cyber sec. getting my scrum master I and Linux foundations certs now, then the sec + next year. Building my portfolio with labs, scripting, etc. and using the tools to transfer into purple team or Analyst roles and work my way up to project manager and or owner. Most orgs I’m interested in are contractors, so I think this will be useful. Saving the excel spreadsheet and will qualify for the actual CCP cert. by after graduation. Hope I’m on the right track.
You're putting in the work. I'd agree you are on the right track. Good effort; keep up the momentum. I plan on doing a deep diver livestream going through the spreadsheeet. Stay tuned.
@@SimplyCyber thank you so much!.
Showing GRC some love I see. Hahaha
Thank you for the great content. Do you mind doing a video lesson on CMMC with just brief explanations of what those standards are? I believe this would be helpful for newbies. I plan to get into cyber space next year!
Oooh. That’s a fun idea. Really I’d have to do one video per control family. It would be like 3 hours if I did all of them. But it’s a fun idea. Thanks Liz. I’ll put it on the roadmap or maybe do a renegade livestream
I live these controls for years so renegade livestream could be the funnest.
@@SimplyCyberthat would be awesome!
HII GERALD, VERY GOOD VIDEO AND SO USEFUL, BUT I HAVE DIFFICULTY TO FIND THOSE PDFS AND MODEL 3 ON THE WEBSITE.
The pdf for level 3 is under construction on the website. Can you point me to an older version online/downloadable?
You say CMMC will be big on the auditing side but I would think that many of these companies will have to hire several people for every CMMC auditor to do all the work to be compliant. I would expect to see incident management and many other positions exploding also.
Will RMF fall under CMMC? I just completed a boot camp that focused mainly on RMF. I’m familiar with the NIST SP-53, but not the 171…are these basically the same thing?
Will you be doing more videos about GRC/CMMC roles including what its like working in those entry roles & interview questions?
i can. i also just decided to do a CMMC deep dive livestream on 9/8 at 5PM EST. Might be worth checking out.
@@SimplyCyber awesome
@@SimplyCyber I've already signed up.
Hey mate, I'm an Intermediate GRC specialist out of New Zealand. I'd love to connect as this is pretty interesting. We do have offices in the US but as an organisation we comply with ISO 27001/SOC and GDPR. I have a feeling that GRC in the US is very US specific, whereas in a lot of other countries, you are being asked to comply with ISO as it's an International standard. I feel as though GRC in the US is in it's own little bubble. Would love to get your thoughts on this and the difference between GRC in the US vs other parts of the world. Do you think having Compliance obligations that just focus on US compliance, inhibits GRC specialists in the US potentially moving overseas. I know there will be a lot of transferable skills and similarities between ISO 27001/2 and FISMA but actually having ISO specific knowledge is very useful. Do you also think it's time companies in the US start to turn to ISO instead? I'll send you a connection request on Linkedin, would love to chat all things GRC!
Hey!! I’m based in New Zealand as well. I am about to start a graduate job in IT audit in Technology Risk team at KPMG based in Auckland. I am interested in going into GRC as a career. Would love to connect and have a conversation about this. Would a job as an IT auditor give me entry into GRC?
thanks for the video, please can you share the link for the discord community. thanks
Thank you for the video. I'll like to know if CMMC is still relevant in 2023 I can't find level 3 assessment guide on the website.
It is still relevant in 2024… I just got a job as a security analyst and will be implementing CMMC for lots of our clients. There is now CMMC version 2 which only has 3 levels. Most companies will be obtaining level 2 now instead.
Is this still something that has a lot of value? I noticed this video is 2y old.
Thanks for this video Gerald. I'm currently studying for the CISA Cert. Will that also qualify me for CMMC?
It will help for sure, but CISA is more about the ability to audit as a skill. you would still want to familiarize yourself with CMMC controls
@@SimplyCyber Thanks a bunch Gerald. That makes sense. I really appreciate the response. Keep up the good work.
Is the spreadsheet still available for download, perhaps from this platform? My attempt to download was blocked for the following reason: "Access from your Country was disabled by the administrator."
Could I ask you if would you suggest a career as a compliance security cloud engineer?
Thanks for this informative video! Does anyone know if I would need security clearance to become an Assesor, or help prepare companies for audit?
In some instances yes on the clearance but a lot of supply chain players will need CMMC and won’t have clearance requirements at that level
Hi Gerald, how can I access the controls(in both excel and word format that you explained) in your presentation?
Links in the show description.
@@SimplyCyber Thanks. I just found it.
I clicked on the link for the Cmmc and it's saying blocked. Please help me with another link for easy accessibilty. Thank you
De we need to have any certifications for entry level GRC/CMMC jobs? If so, which one?
I dont know of any certs around this. If you want to be a qualified assessor you will have to get certified for that, but thats a whole thing. It will cost money to get qualied details here: cmmcab.org/assessors-lp/
The real express way into the job is to help orgs prep for upcomfing CMMC audits. There are so many companies that are concerned about not certifying and losing their ability to bid on contracts, so they will hire ppl to help
What is CMMC?
Thanks G... do you have a link to a NIST doc similar to the CMMC Excel sheet you showed in this video??? I hope you do.. thankss
Can you give me a timestamp where I show it and I’ll look at it and send the link
@@SimplyCyber 11:15 something similar to this G... thanks. the controls
@@judahtunes2245 Its in the video description along with some other resources. I can't copy and paste it without a bunch of other stuff. Just drop down the video description and you'll see the link
@@SimplyCyber ok yea I saw that one for CMMC .. I was looking for a doc that is similar to that one but for the NIST overall controls, if that makes sense, if not no worries... also I am in the Simply Cyber discord.. if you do know what I'm speaking of then you can post a link there and I'll grab it.. either way thanks for responding
@@judahtunes2245 here: docs.google.com/spreadsheets/d/1vHIdlpUYvKW3V03TFkrymRg_8u2S_9c5/edit?usp=share_link&ouid=106399554625258108388&rtpof=true&sd=true
Thanks for sharing. For entry level roles, do we need to have any type of GRC or CMMC certs?
I dont know of any certs around this per se so no. If you want to be a qualified assessor you will have to get certified for that, but thats a whole thing. It will cost money to get qualied details here: cmmcab.org/assessors-lp/
The real express way into the job is to help orgs prep for upcomfing CMMC audits. There are so many companies that are concerned about not certifying and losing their ability to bid on contracts, so they will hire ppl to help.
ISACA CISA is the closest cert i can think of but its not required. Org are looking for ppl that 'know' cmmc
@@SimplyCyber Got it. Thanks.
@@SimplyCyber so we just study up on these requirements because we are prepping them for the audit we are not the certified auditor, ok. And that's where the entry demand gap is.
@@JP-wd1yo yes. They know the NEED CMMC but they do t know what it is or onto do it. You will.
but how do you get certified in cmmc? im gonna start my bachelor in in cybersecurity January 1st but i really wanna be in grc/cmmc, can you guide to what certs or steps do i need?
Cmmc is a hot mess. There was corruption at the top and the govt rebooted the whole program. Look at cmmc 2. As far as I know it’s not passed yet so there is no official training. The demand will be less also then I share in this video because lower security systems will be able to self attest
Helloo Gerald! I am masters of information security grad student. I am planning to enter GRC, would love if you could share some tips to get job. I have basic Governance and Risk management, policies knowledge but tips to get hired in this field would be helpful!
Be able to show practical exp through labs or projects. Network within community
@@SimplyCyber Thank you! This is helpful. Ps: I enjoy your videos; they give good knowledge :)
Is CMMC still relevant in 2024? Is it only relevant for jobs with the government or government contractors?
It is relevant. Being revamped as cmmc 2. And its relevant any company that wants to do
Business w us govt. Prof services but also stuff like manufacturing
@@SimplyCyber Is there an updated Excel sheet for version 2?
#Cybersecurity
Do you have to have a clearance for this?
In some instances but not all.
@@SimplyCyber for someone who what's to do GRC and also wants to pursue a degree, what' degree would you recommend?
@@moyamorrison2807 tech degree would help but isn’t necessary. A business degree could be useful since you interface w business a lot. Distant third and shooting from hip here is a human psychology degree to understand ppl
@@SimplyCyber thank you. I was thinking about IT Management degree.
Is cmmc required yet?
Sadly it imploded. It will be CMMC 2.0 when required but they kicked the can down the road 9 months. There was corruption related issues. Google it
@@SimplyCyber noted, thanks for the reply
@@SimplyCyber Hi there, Gerald. So does this mean that there is still an opportunity for newbies to familiarize themselves with the CMMC standards in hopes of making theirselves standout to enter cybersecurity?
@@krystalmarie5637 most definitely. CMMC got kind of blown up and redone and now in its new form its about to roll out in 2023. so yes.
GRC Certs? Any resources? Sry to pick your brain extra.
Not really GRC certs. The compliance side is more about knowing the standard or reg the org has to comply with. Thats why im telling you in the video learn all the in-scope controls and what they mean, so you can tell an org ' i got you'.
@SimplyCyber I have HIPAA knowledge. Been working in the Healthcare field for 15 years. No IT background. What would you recommend to start with to get in to IT working on GRC?