Why GRC Is the Future of Cybersecurity | The Rise of GRC Jobs and Why You Should Work In GRC
Vložit
- čas přidán 22. 05. 2024
- 📚 Google Cybersecurity Certificate: imp.i384100.net/k0R0rz
🧭 Springboard Cybersecurity Bootcamp (Get a Job or Your Money Back Guaranteed - $1000 off Code WITHSANDRA): www.springboard.com/landing/i...
💼 Start a 6-Figure GRC Cybersecurity Role: www.symposia.com/channel-part...
💡 Ace your cybersecurity interviews with my Cybersecurity Interview Prep Mastery Course: learn.withcybersecurity.com/
💻 My Cyber Security Career Resources: withsandra.square.site/
📕 Get My FREE Cybersecurity Beginner Roadmap Guide: www.withsandra.dev/
------------------
Brand/collaboration inquiries: hello@withsandra.dev
Disclaimer: This video is not sponsored. Some links are affiliate links, as an Amazon Influencer, I earn from qualifying purchases. All opinions expressed in videos on this CZcams channel are solely my own.
👯 Join our Discord :D - / discord
👩💻 Support the Channel on Patreon: / withsandra
Connect on LinkedIn: / withsandra
Luca’s SWE Channel: / techwithluca
Vlog Channel: / sandralucavlogs
❈ My Desk/Tech Stuff on Amazon ❈
www.amazon.com/shop/withlove....
Top 5 Beginner Cybersecurity Projects: • Best Beginner Cybersec...
#cybersecurity #cybersecurityforbeginners #cybersecuritydayinthelife
------------------
Current sub count: 94,032
Tags: Why GRC Is the Future of Cybersecurity,The Rise of GRC Jobs,Why You Should Work In GRC,should you work in grc,why work in grc,grc jobs,governance risk and compliance,auditing jobs,should i work in it auditing,what is grc,what is IT auditing,best cybersecurity careers,best cybersecurity jobs,best entry level cybersecurity jobs,cybersecurity auditing,cybersecurity grc,grc,is grc a good career,grc career roadmap,grc career - Věda a technologie
Let me know your thoughts on this video👇 Thanks for watching! More learning resources below:
SimplyCyber's GRC Master Class: academy.simplycyber.io/p/the-definitive-grc-analyst-program?affcode=1148220_ecdcaewe
📚 Google Cybersecurity Certificate: imp.i384100.net/k0R0rz
🧭 Springboard Cybersecurity Bootcamp (Get a Job or Your Money Back Guaranteed - $1000 off Code WITHSANDRA): www.springboard.com/landing/influencer/withsandra
📕 Get My FREE Cybersecurity Beginner Roadmap Guide: www.withsandra.dev/
Stay Connected:
👯 Join our Discord :D - discord.gg/2YZUVbbpr9
Connect on LinkedIn: www.linkedin.com/in/withsandra/
Would this be an option for someone just graduating?
GRC is definitely the highest growth area in cyber security!
I agree. well, I'm off to go get my CRISC & CISM haha
How can I get started?
@@lamaraikens9071 czcams.com/video/_S4t9S5N4Ts/video.html
Absolutely! I'm currently studying for my CISA certification.
Do you recommend getting sec+ or can I start applying before taking it
GRC is the most underrated and unappreciated role in cybersecurity! Thanks for bringing awareness to this niche Sandra🔥
What foundational courses do I need as a beginner before going into GRC?
Agreed! Thanks so much for watching :)
@@unanahbright9723 SimplyCyber's GRC Master Class is a great place to start! - academy.simplycyber.io/p/the-definitive-grc-analyst-program?affcode=1148220_ecdcaewe
I'm currently interviewing for a compliance position, my first cyber job. This video was very timely, with a lot of interesting points! Thank you.
Really glad this was relevant! Best of luck interviewing, you got this 😄💪
Good Luck muh Lord 😁🫡
That’s awesome!
Good luck! Do you have any certificate under your belt?
This is exactly my domain of choice. My pathway is Bootcamp-Google Sec cert-GRC industry cert-consulting business-Job. Any help is welcomed as I’m a student.
Thanks for sharing your career path! Could you share with the community what specific GRC cert you got when starting out?
You can start with a entry lvl role in IT Infrastructure and get your hands dirty in Compliance platforms 8x8, Carbide etc then look into CIS Reports
Hi, Which bootcamp ?
This is exactly my cybersecurity path. Thanks for this video
NP, Thanks for watching!
I have started a job as a cybersecurity analyst 2 months ago at a French public administration. Transitioning into cyber after 4 and half years of web development. And it turns out my role sounds very GRC like whereas I was expecting to deal with incident response or digital forensics. I still hesitate between specializing into technical path or GRC. What I notice is that technical skills are going to be impacted by AI improvement, reducing the demand for technical people (at least in France from what I see). Besides because we are in the EU regulations are the new normal so GRC might be one of the most growing cyber path for the next years. Everyone wants to be a SOC Analyst but the job market is saturated for it, few people think about GRC
How do you get GRC job as 24 year old master graduate I just graduated so don’t really have much experience I intern for a smaller cyber security company as a cybersecurity analyst.
I'm glad you are doing well, young friend. Right now I got some interviews hitting up my phone while at the same time studying for Network+!!!
That's awesome Larry! Best of luck studying and on your interviews! 😁
Such a great video with so much good information! Thanks and keep up the good work!!❤️👍🏽
Great video thank you for all the help.
I've been working in GRC for the last several years, and it has been a great experience!
Glad to hear! Thanks for sharing your experience :)
Do you need security clearance for that role
Well done Sandra,
I agree that the emergence of AI will affectively result in the GRC space becoming the nucleus of the cysec world. Which is great news for those looking to enter into the job market as most GRC roles do not require a degree or advanced certification. Keep up the great work
Interesting perspective. I appreciate the insights. I'd postulate that if there isn't more regulations and accountability for data breaches, then compliance will only cover the bare minimum.
Hi Sandra, thanks for the video.
NP, glad it could be helpful!
It's an end to end as you need to look at any organization from the bird's eye view in context of Cyber Security. Need to know NIST CSF, MITRE-AT&CK frameworks from implementation and auditing perspective
I am currently an ISSO. I perform STIG scans mostly and report any non-compliant vulnerabilities to our SAs. I am also tasked with CTO which address which version of software are vulnerable. The most boring part of this job is creating policies and plans. Other than that, the job is pretty chill and it pays well. Once you get the hang of things, it is chill.
Always great to hear what someone actually works on on their day to day without the fancy buzzwords. Thanks for sharing!
When you started isso did you have previous experience ? I just finished a certificate class from a program 😭
Is ISSO job the same as GRC? If not, how are they different?
@@jasonsmart3141 GRC is ISSO, ISSM, SCA, and AO.
and by writing writing up policy you mean updating us on newly scanned vulnerabilities fr the scans etc ? That’s not too bad
Thanks sandra!!
too bad there is sooo much gatekeeping when it comes to GRC roles...cause it's really easy if you have basic research, planning, and comprehension skills lol
Thanks sandra for sharing , Please do video about GRC Land and portifio projects for entry level Roles
Will do! I also recommend SimplyCyber's GRC Master Class if you're just starting out - academy.simplycyber.io/p/the-definitive-grc-analyst-program?affcode=1148220_ecdcaewe
Great information ✊🏼😎
Glad it could be helpful! :)
Dude! You are amazing OMG..
Hello, Sandra!
I was wondering if you could consider making a video on the types of lay-offs that companies could trick you into getting yourself into?
I'm currently enrolled into IT in college, and like any other newbie, I wouldn't know what to do in that type scenario!
Thank you so much!
Love your videos, they've definitely encouraged me into Cybersecurity! :D
Hey, thanks so much for watching! Glad the videos have been helpful :D I'll definitely consider a video going into layoffs, I actually have a semi-related vid coming out this week on the entry-level job market that'll be really relevant. Hope this will help!
are jobroles in GRC as welcoming for freshers as CySec analysts or testers/ethical hackers?
I have been in IT for several years. I am currently a Systems Administrator trying to move into a GRC Analyst or IT Auditor role. On March 11, 2024, I completed UnixGuy's GRC Mastery course. It has been frustrating looking for jobs. I am not new to technology, but I am new to GRC\IT Auditing, so I search for entry-level jobs. I keep seeing entry-level jobs that want 3 years of experience.
It's so frustrating. I've seen maybe 3 actual entry level analyst reqs in my 10 years in grc. Apply anyway. They are desperate for good people.
Thank you Sandra, able to explain or prepare a short informative session on AI governance ?
very useful video about GRC
Hi Sandra please could you explain the relevant certificates you need to be on the GRC pathway
Thank you so much for this video. I have shifted my career towards cybersecurity from Electrical Engineering. I have done Google IT Support and Cybersecurity certifications along with (ISC)2 Certified in Cybersecurity. I am now doing Microsoft Cybersecurity Analyst from Coursera. Please tell me how can I move towards GRC. Your advice will be highly appreciated and helpful for me. Note: I am struggling to land my first job even I have done some hands-on expereince.
Isn't it likely that the side of GRC more focused on policy writing would get replaced by AI and autonomous workflows?
For sure! Which is great bc every team I've been on where I've dealt with GRC/auditing, my least favorite part was writing the policies lol. It's only like 15% of what you're actually doing though, most of it is ensuring policies are being adhered to, leading audits (which could take months even years to complete btw), and leading the required changes from the audit results. It's a human heavy role, writing the policies is the easiest part
Curious to know, did any cyber security job interviews you done ever asked you to solve programming code questions by the interviewer? Thanks and love your contents.
Hey, thanks for watching! Out of all my cyber interviews, only one had a coding interview, which was bc they were looking for someone to work on their Secure SDLC program which meant I would be talking to devs and needed to know the general work flow/process for developers (which is diff for every company ofc). It was a pretty easy question though, probably ranked LeetCode easy, can't imagine anything above LeetCode easy unless you're applying for a more senior/sec engineering role, hope this helped! :)
@WithSandra What foundational courses do I need as a beginner before going into GRC? Already connected with you on LinkedIn
Absolutely 👍
Glad this video could be helpful Daniel!
What are the differences between Pentesting and GRC as jobs in terms of pay, work hours, demand, coolness, and climbing the ladder possibilities (manager, team lead, ciso..) ?
Let it go this isn’t for you
Grc is remarkably unsexy, and the most critical skill set imo is soft skills. People & critical thinking. Course you need to have your infosec & audit knowledge put together.
@@mato_fato_ma-ah-fala-falafellol right
Dude, look it up yourself lol. I don't understand people like you. I see comments like this everywhere. Why would you waste the time typing out this comment, when you could have looked it up for yourself? Clearly this isn't the field for you. You need to think critically and clearly you'd rather have people do the thinking for you
@@justinkassinger8238 lol
I am studying information security and privacy and want to look for job in grc (mostly like risk management like policy and framework related not audit profile exactly)after completing my education.
Any tips for new grad student for securing internship/job would be appreciated!! 🙂
I just got my security+ cer and i am looking to get a GRC job.
I subscribed because of her voice and quality content
Hey, thanks! :D Im glad I got this new mic haha, much crispier than camera audio
@@WithSandra definitely is compared to your older videos! At least you’re investing and it’s only going up from here!
what coincidence, GRC is exactly the field i am going for
Glad to here! I'd also recommend SimplyCyber's GRC Master Class if you're looking for a beginner-level course: academy.simplycyber.io/p/the-definitive-grc-analyst-program?affcode=1148220_ecdcaewe Hope this helps!
I took an information assurance class in college and had to write so many policies and risk assessments and stuff like that…. It can get boring 😂
Hahaha I will never say that GRC is the most exciting area of cyber xD but it's definitely very important!
HOW MUCH are the courses at symposia??? Do we need any previous it education before hand a plus or anything or can we start GRC WE NO PREV KNOWLEDGE? ??ANY HELP??🎉🎉❤
How much is Symposia?
GRC has actually been the basis of Cybersecurity for a very long time. It's just not very well published by those outside of the industry. Audits are useless unless they are ongoing. It's easy to become compliant for these audits, and then a few days after fall out of compliance. Companies do it all the time.
very interesting
glad this could help!
Don’t forget the NIST framework.
100%!
If I have my CySA+, Sec+, and my BS in Cybersecurity, could I get an entry level role in GRC?
Also someone with these credentials (I’m going to increase my certs and hands on skill too) what could I expect for starting pay and what roles should I aim for?
My apologies for the double question and Thanks for your time
I don't think so. CySa and Security+ have nothing to do with GRC, except for maybe they are good background knowledge. What you want to do is to get a CCA or similar certification. Also, there are MANY many areas of GRC.
learn Risk management Framework(RMF)
Based on your questions just let it go. Switch careeers
@@mato_fato_ma-ah-fala-falafel😂😂
i want to start a career in cyber security, am a first year student at the uni
Indeed it's but you missed it would be "GRC as a code"
GRC might be my "LEAST DESIRABLE" path in CYBERSECURITY!🤫🤔
Well, it's definitely not for everyone xD. Some people may find policies and audits a bit too boring haha, I think it's all pretty interesting tho!
In my country, if you search for Cyber Security jobs online, around 95% GRC jobs show up in the search results.
Can you cover more in detail what GRC is comprised of and the type of training certs needed to enter this field ? Love your content
Hi Karen, sure! I'll be making an upcoming vid on this topic, I do have this older video I made on GRC/Auditing a while back to give you some basics of the job! - czcams.com/video/JZFZrN12RYw/video.html Thanks for watching!
@@WithSandra Thank you so much!
So just to confirm my understanding, GRC in cybersecurity is more about data regulations and privacy protection than it is directly engaging with cybersecurity tasks, in another word its a none technical term of the cybersecurity domain right? Assuming you confirm my query, GRC should not require deep knowledge of the 8 CISSP domain and the siem tool nor does it involve any technical tasks, meaning it shouldnt be a complex knowledge to acquire? However, i am more of a tech person, therefore my career path will be a bit more difficult and will require more effort 😢. Regardless good luck to all of you. May your dreams come true and .ay your effort blossom your gardens of education.
My personal input as an it sec engineer (red+blueteam): if you want to be technical, stay as far away from grc as possible. I deal with it around 1-2 times a week and it is by far the most boring part of my whole job, for no money in the world would I want to do this on a daily basis.
Appreciate you sharing your thoughts! Even though GRC isn't the most exciting or technical role, it is definitely still very important but may not be for everyone. Kudos to those who are fulltime GRC professionals 😄
@@WithSandra they have my outmost respect and I love them, but I would not want to trade my job with them for a week 😅
@@ZeoXcursed why is that? im curious about entering in cyber
@@Deshawn_Digital this is just my view, so take it with a grain of salt, I know their work is important, but: 1. You are giving people "homework" to do, so they have less time to work on their actual projects (necessary but disliked) 2. You are only an observer and are by definition not allowed to actually touch anything (because you cannot audit yourself) 3. The work is unending because as soon as one audit is done, the next audit is around the corner 4. Soo much paperwork, they basically live in MS Excel 5. International Compliance with GDPR and Most and everything is just a nightmare 6. Living with contradictions, because one law will ask you to do something, that the other law hinders you to do. (For example: log retention times in a SIEM, GDPR says: as little as necessary because of PII's, but for APT-Discovery you actually want as much data as possible)
I could go on forever 😅
Fair 😂😂
$30k+ for this program, just so you are informed.
🤢
In every career, now the question is HOW AI will impact it. @withsandra, do u think AI will impact GRC heavily? Ur 2 cents pls
lol sorry, u answer it very well. i commented before watching the video xD
I pray for more apprenticeships come out! 🙏🏾😩
100%!
Sandra, how is your job search going ?
So far it's a bit slow, which I expected, but also because I'm looking for a very specific type of role even for a security analyst. Wishing you all the best if you're also currently in the job market!
@@WithSandra I am currently doing a 4 month cybersecurity bootcamp (finished 2 months). Getting prepared for CySA+ certification exam in 6 weeks and for Splunk intro certification in 8 weeks
Is she a Virtual AI robot or real person? can’t tell from the video.
can cybersecurity be outsourced?
It has been getting outsourced for years.
@@Jack-yl7cc what about cloud engineering?
@guillermoal8514 The only jobs that have a very low chance of getting outsourced in the future are the ones that currently have government restrictions for citizenship(if they fall under ITAR or DFARS for example). But even those jobs are dependent on politicians' whimsy, and if enough of them are getting bought off by foreign governments to make policy changes.
Lost interest in the video after finding out who does the training. Program is very expensive
Much cheaper alternative is SimplyCyber's GRC Master Class if you're looking for a beginner-level course: academy.simplycyber.io/p/the-definitive-grc-analyst-program?affcode=1148220_ecdcaewe Hope this helps!
I heard that GRC is a very high paying career.
It can be but not guaranteed. A lot of companies are trying to do more with less now days.
Spot on with content, but the editing makes it difficult to watch. Way too many cuts and the interlaced clips didn't add a whole lot of value. Consider just treating this like a vlog and engaging with viewers by talking through your own experiences instead of being so scripted in your delivery.
I just want companies to pay me to break into their systems
is GRC technical at all?
Nope
No, it's not
In the world of WhatsApp and insta, there's no privacy T all
As much as I dislike GCRC from my last company I see this role in cyber world more needed than penetration testing/red teaming.
It's not the most glamorous role for sure. I've worked on internal auditing teams in a large bank and with third party auditors in a small SaaS company, both had very high stakes put on the cyber team to make sure everything auditing/GRC related went well. We would literally have customers who say "we need xyz audit completed or we're not signing" soo yep, very important for sure. I'd say red team is also very important though, just in a different way! Many audits typically will also require you to undergo an annual pentest so it all ties together haha
Can find malware with it?
This is a promotion my friends . Don't fall into the trap of CZcamsrs !!
So GRC is the area responsible for auditing? No, thanks. Too boring!
Boring but pays well!
Some people do find it boring xD, I think it's pretty interesting though!
rEALLY GOTTA hate these type of youtubers that profit and make money off people trying to look for a career.. promoting services etc without caring where those viewers outcomes will be and how they sell a fake dream at times.
Sounds like you just gotta work harder 😭😭
Chubby cupcakes women tells what I need to know
you're beauty looks average at first then suddenly gets more beautiful.
Immature
She is too hyper when she talks slow down girl
You can set it to .75x speed if that helps! I watch vids in 2x so its a habit