The most underrated Cyber Security specialisation (Highly Paid)
Vložit
- čas přidán 24. 09. 2022
- This cyber security specialisation is hands down the most underrated specialisation. Cyber Security Audit or sometimes referred as Cyber Security Governance, Risk and Compliance (GRC).
I explain what the job is like in this video.
This is updated video, start a career in GRC today:
The BEST Cyber Security GRC Training for Beginners | GRC Mastery
czcams.com/video/C6IgksBpMF4/video.html
I’d love a video on work-life balance for different specializations… which ones require you to be “on call” at odd hours, which ones are more standard 9-5, etc. Love your videos!
hey celeste, have you seen my days in the life video?
I love the brevity of your videos. The information you convey is so clear, clutter-free, and to the point. Thank you for readily sharing your knowledge and expertise with others.
thanks for your kind words, I really appreciate your support! Glad the videos are helping :)
Exactly
i got an internship doing security governance without knowing what it was when i applied lol
hehe that’s amazing! you got lucky and landed an awesome internship
The devil is in the detail , you mentioned it: internship. I have a feeling that the person needing someone who did the job wasn't too concerned about prior knowledge or experience. Still, good for you, I'm not undermining your achievement, even an internship can be hard to land mainly when there's a wave in that particular skill or area.
SUBSCRIBED! I just feel like I'm getting VALID, REAL information from this man and Im so grateful!
🫡
I have an interview for an auditor position on Monday! I've been following your channel for a while now and it has been a huge help in getting an understanding of what I need to do in order to break into this field. You really do need to put out hundreds of applications. You just have to keep at it.
so glad to hear that! best of luck 🙌🏻
Thank you so much!@@UnixGuy
How did it go?
@@itoburrito9151 haven't heard back from them yet. I hope to hear something soon.
Am enjoying listening to your videos. Watched quite a few this past week. Good on you!
Glad you’re enjoying the videos Oscar, hope I’m helping you and adding value to your career 🙏🏻
I have worked as InfoSec Auditor for Deloitte. Moved to GRC role. This role is 100 times better as a job. More management involved. More Creativity. You see actual staff. Audit is nice, but GRC is better. I personally think these are two different types of jobs and profiles. It is like ISO auditor vs ISO Implementer(even the Idea why two different certification exist and different experience required). As GRC states - Governance, Risk and Compliance. First word here - Governance. So you have to Plan for future. But Audit is only about Past or AS-IS in best case. I personally do not think it is proper to Put CyberSecurity Auditor and GRC guys together, even though most companies Do, as they use outputs of each other. Again - it is my IMHO :-)
I agree with you, but not everyone can get a chance to do one or the other, a lot of people get asked to wear many hats, and mind you the certification path is pretty much the same. Many people in big do both ‘audit’ and GRC
I just started my first full time role as an IT Compliance Auditor but it appears the role will function more as Audit/GRC. I just completed an internship at a bank in a GRC role, so this new position will allow me to get more hands on in the audit process to understand implementation solutions and resource planning when meeting with stakeholders and communicating with management and ultimately board members. I agree the roles should be separated. Our InfoSec dept is new (I'm the first team member), so as we build the dept and increase the bandwidth of our dept needs eventually my manager can carve out a position as the CISO and I can move up to the InfoSec Mgr position and we can separate audit, compliance, and gov/risk mgt. All that to say, a lot of companies are starting or structuring their InfoSec depts as businesses take cybersecurity of their organization more serious.
@@marcuscanty5039wow congrats Marcus👏🏾 as someone looking into this field with no experience where would u recommend i start or how did u start to get where u are?
what is the salary range for GRC role?
Thank you sir, your content is amazing!!!❤
thank you Melinda, glad you’re finding value 🙏🏻
You are simply great 👍. Love from India 🇮🇳
thanks mate :)
Best Cybersecurity videos I have come across on the internet. This man is extremely knowledgeable on Cybersecurity
🫡
Great video, concur with all of this! You sir have my subscription. :)
thanks mate, welcome onboard :)
Nicely done.
thanks
I work in finances and planned to do an ICA certification in Compliance to try to land a better job in the finance field. I was not really excited in getting the certificate because I'm not too happy in finances. Last week I started looking into cybersecurity and I'm completely hooked and your videos are helping me plan my first steps and beyond. So I'll probably change the ICA in finances, for Compliance in cybersecurity lol.
I just started to get to know the field with tryhackme, as a complete beginner.
Should I then go for the Google certificate and the free ISC2 certificate? I will later look into the NYU's free course at Coursera also.
Obviously I'm trying to start low without having to spend a lot of money very early on, as I'm still getting introduced to it.
Thanks so much for your videos, they're tremendously helpful. Thank you!
yes that’s a good start :)
@@UnixGuy I already watched so many of your vids that I have a pretty good idea of where to begin and what to avoid. I'm from Switzerland btw. Thanks so much.😊
@@Romy--- nice to meet you Romy, my first friend from switzerland! join our discord and meet out community :)
@@UnixGuy already joined thanks ♥️☺️
Great video! 👌🏻🌟
Thanks Jesper 🙏🏻
Really!! Iam waiting for your content 💗🙏
Thanks Vignesh :) appreciate your support my friend
Thank you very much for your informative videos, I just come across your channel and love the info you share.
Regarding the Cyber Security Auditor carrier path, I don't have any experience in the IT industry but have worked for more than 15years in certification and auditing to IEC/ISO standards for electrical devices (eg IEC61010-1, IEC60601-1).
Do you think if I got the certifications you mentioned I would be appealing to companies for hiring?
Would I also need to get some technical certs as well for backup?
Hi Katachi, your background is perfect for Cyber Audit, you just need to upskill a little bit through certs and courses, the more you know the better auditor you will be. Try to follow this roadmap, with a video to doing CISA at some point: czcams.com/video/ug_ruisDUXc/video.html
CCNA was great 15 Years ago to get thru the HR filter, when you have 0 experience in IT.
that it was yes!
I'm so happy I found you, I'm studying cyber security with no it background and I find it very interesting but I have a question, is learning python a must!
hey mate, not it’s not a must. Coding is needed for some specialisations but not all. I recommend you start with this video: czcams.com/video/ug_ruisDUXc/video.html
I'm glad I found your channel.
You are most down to the earth guy in the cybersecurity space.
Currently, I'm studying for CCNA and would like your advice on what to study next.
If it's true that blue team is more in demand, what certificate should I have to get a foot in the door?
What is the equivalent of CCNA or CCNP for the blue team, and what certificate do employers desire?
Thanks
thanks for your kind words mate. If by blue team you mean Security Operations Centre / SOC analyst type work? I’ve just finished filming a video about that and I’m positing this soon
After CCNA, I’d say go for compTIA Security+ to start learning the basics of cyber then do CompTIA CySA+ which is harder but well worth it. Stay tuned for upcoming SOC video, it explains it all in details :)
@@UnixGuy
Thanks a lot
@@UnixGuy What do you think about Rockstar games being hacked and the source code being leak on dark web?
Main issue with CCNA while I am all for more certs, is its Cisco based, granted Cisco is found in over 70% of enterprise networks, the real hitch here is you will be on the network and architecture/infrastructure side. Those roles tend to terminate at decent 6 figures but rarely past middle management if lucky, mainly Network Architectural jobs and that's it. So just be aware of it. Pass it soon as possible and then head straight into Sec+ and go through the 24 hours of free training that QualysGuard offers online, they are massive when it comes to risk/compliance nationwide if not globally (can't remember I'm currently less than 2.5 weeks from sitting for my net+. Quizlet 6$ a month with free trial, never memorized the ports faster than running through all 4 test variations. Best of luck! Believe AND conquer!
Hi there, just started to watch your content, great channel, very informative. D’you mind a question - to become an auditor would you still recommend a full cyber security course, as you would do for a pen tester, or is there something different to look into? Thanks a lot in advance for any suggestion!
audit pathway is a bit different, the cert in this video should be a good start but landing a job can be a bit more trickey
Awesome video :)
Glad you enjoyed it :)
Are you on LinkedIn sir?
As always amazing video full of information. I feel very lucky that I can have advice of people who have spent more than a decade in the field. That facts that blows my mind is the consistency of video uploads and with it, the quality of videos too. Much love from 🇮🇳. Also I had a question. I'm a fresher and have acquired CEH V11 and in next 3 months will pass OSCP for sure. I gave few interviews to companies and most of them said to sign a 2yr bond so I don't leave the company. Should I do it?
Thanks for your kind words my friend! Seems like you want to pursue pentesting which is a great specialisation! what job is the company offering? and whats your day to day tasks look like?
@@UnixGuy Web App pentesting
@@theybecameus I would take the job! two years is nothing, it will be excellent experience for you, learn and get your OSCP and get web app pentesting certs and practice on hack the box while you’re there! congrats!
@@UnixGuy Thanks very much for ur guidance
Wow..can't imagine how you have the grace to teach us newbies. Just started a coding course as a beginner. Is it useful to learn coding before taking a cybersecurity course? Is Caesar Cipher an encryption method that is a must-know basics? Am in totally another field of work but having concerns about it so why not jump and learn sth new to see if I am suited for it. Thanks for your sharing. Much appreciated. X
no you definitely don’t, start with this course:
czcams.com/video/6LIUhx95MCU/video.html
Hi Unix, I've been watching your videos religiously and am currently studying for security +. I have a specific question. I'm 32 and I have 12 years of experience, in logistics roles such as customer service coordinator(did a lot of customer service/analytics, problem solving), operations manager, and currently an upper operations manager. Do you have any idea, based on my experience, if I should look into a specific CS job? I'm still not sure exactly the direction I want to go. Thanks for any input.
Hi Will,
glad you’re enjoying the videos, to be honest your experience can help you in many roles, so I’d aim to apply to whatever you can get - for now - while you work on higher level certs that can help you down the road
@@UnixGuy Thanks so much, and appreciate the quick response!
@@willjewers9772 my pleasure :)
@@willjewers9772
Hope you're good. I have similar experience as you, also aiming to transition to CS.
I'd like to connect with you, how do I get in touch please?
What's your current salary per month?
Hi Unix, thanks for the info! This was extremely helpful as I'm looking to pivot into Cybersecurity Audit from my traditional Audit and accounting background as I'm at a Big 4 firm. Any suggestions on the specific frameworks I should look into for the Financial Services industry?
It depends on the country, but PCI-DSS and NIST are a good start
@@UnixGuy Thanks!!
@@J.The.Prince pleasure :)
Hey can u help how did u get into the big 4?
It's very true doing infrastructure like firewalls requires after hour or on call, I am thinking to move job as an auditor, but my concern is travel. How much travel does it require? Do you switch job as an auditor or your job allows you to work multiple tasks (firewall, penn test, auditor, forensics)? My company doesn't allow me to multiple security jobs, unless I switch position for good. Thank you for sharing!!
that will depend on the company itself! Generally speaking, audit at banks for example you probably won’t need to travel. Even in consulting, it depends on the company really. I switched jobs, it’s very rare for a job to get you to do many things because Pentesting for example is a specialty on its own and its extremely hard to stay on top of everything. Consulting companies can allow for doing many things so again depends on the company
$_$$$
Sir, I really love watching your videos where you explain everything like a big brother. How long should I work as a Cybersecurity analyst before I step into a specialised role like GRC in my career?
there is no set time! take the GRC as soon as it comes (you don’t have to actually be a security analyst beforehand
Thank you, Sir, but as per the certifications to start with and gain entry I do not qualify for CISA as I do not have that many number of years as work experience. Any certifications to start as a fresher/beginner with only 2.5 months of experience as an Intern@@UnixGuy
@@shrutishovandas5883 then follow this roadmap until u have the experience:
czcams.com/video/DRJic8vCodE/video.html
What you think about Palo Alto Networks certifications? by the way great video! You explain very concise thank you
Palo Alto certs are fine, not super popular but won’t hurt for someone who wants to learn more about Palo Alto products. I personally would pick something more popular like the certs that I recommended in this video
@@UnixGuy I can agree with you
I really love your amazing videos keep up the amazing work man!
I’m a CS freshman and am into cybersecurity. I have a couple of questions about the IT audit/GRE if you could help me with them please.
1- Which cyber security field you think is the most paying? Is it IT audit/GRE or cloud security or what?
2- While working for consulting companies am I expected to know much about the other cybersecurity fields or it’s just enough to know about GRC given that I’m only interested into this field particularly?
3- As I mentioned I’m a CS freshman so I don’t have the required work experience for certs like CISSP and CISA, this case what certs or road map that I should follow in order to get my first GRE internship at a big 4?
Thanks again for the great content!
Hey K H,
1) They all can pay well, higher salaries come from being good at what you + seniority + being in a company that pays well (
czcams.com/users/shortsz6JkFqn_Umc?feature=share )
2) Depends on what you do, but generally speaking you’re not expected to know everything specially outside your specialty
3) Do the certifications that I talk about here, they will give you a fantastic background and set you up for success:
czcams.com/video/jtLfX5_Lu84/video.html
@@UnixGuy I really appreciate that thanks!
@@hbk87yi you welcome! keep me posted!
What entry-level job would lead into an auditor position? I’m Sec+ certified and I have 4 years working on policy creation and documentation, vulnerability analysis, and a lot of audit functions including physical security of physical crypto keys for half of a military installation. I loved the auditing nature of the work. Then I did work for a consulting company with government clients for one year before the contract was terminated early to reorganize. All of this to say, I still feel entry level due to the fact that each organization is vastly different and my experience was tool specific and flexible for me. Looking to study for CISA but I would like real experience as well.
Hi Skylar, you already have audit experience! do your CISA and then you can stick it out longer and change jobs to do something different or you can try to work in consulting if you want more exposure
Thx for the information + thx for not asking to subscribe, its feels amazing :D (ps : i subscribed ofcourse ! )
thanks mate, glad you found the video useful
This is it. Would you think a data analyst or an actuary could go hand on hand with this career path?
you don’t really need actuary or data analyst skills. Actuary is a field on its on that has nothing to do with IT. Data analyst is also another field altogether. Focus on one area and get really good at it
Great content. Thanks
thanks for your continuous support James! join our discord :)
@@UnixGuy will do. Would you happen to know anything about PCI DSS framework?
@@j.a.ward13 yeah I know a little bit
@@UnixGuy I was looking to see if you had a video on it. I took a course on PCI Compliance and it was said that Cybersecurity Auditing is very lucrative and the PCI niche is rarely talked about, but is in high demand.
@@j.a.ward13 PCI-DSS is just another framework that we use as auditors, it falls under audit or GRC. There are other frameworks like NIST and ISO for example, so yes this video is the one you’re looking for :)
Is this Cyber Security Audit Job remote or does it require onsite presence? Which specializations are remote? Love your videos. Thank you
it can be either, remote or not depends on the company itself. some allow it some dont :)
Hey thanks once again for the video...Can you tell that to go from soc analyst to CS Auditor this is the road? Like do the certifications you mentioned and apply but do they consider soc experience?
that’s basically what I did, I did ISACA certs while I was working in a SOC then I moved to GRC; SOC experience is highly regarded
@@UnixGuy okay, that sound pretty awesome... Thank you so much brother... :)
I had 2 offers after graduating. One was cybersecurity auditor, and the other was business analyst. I chose business analyst and hope it was a good choice.
both are good! enjoy it
Hey, your videos are damn informational and helpful to me.
I'm working as a cybersecurity advisor with 4+ years of experience on Palo Alto firewalls, SSL certs and WAF for a trading firm.
I'm learning CompTIA Security+ to gain basic knowledge on all security areas.. I always look for good roles and responsibilities with good work life balance. Can you please advice me what trainings & certifications are good to take my career to next level.
Thanks..!!
Hey Vamsi, you have a very good experience and are positioned perfectly to do more cyber related tasks!
Work life balance can be company dependent, but I say best thing to do is to also find something that you genuinely love. Security+ is a good start and once you do it, I think you’ll be a good candidate to tackle the CISSP, it’ll teach you a lot and it’ll open doors.
The recommendations in this video are for audit/GRC, which possibly has the best work life balance. I have a playlist of all the cyber specialisations that I talked about so far, watch them and pick a specialisation that you think you’ll love and cert up in that area. Here’s the playlist: Cyber Security Specialisations
czcams.com/play/PLdI5VHN89i7XgaT-dWsthpAKOmjAF3gCR.html
Need a mentor for this field
@@fuentescrippen8549 I offer paid mentorship video calls for a very limited number of people. click on the about section on my channel to find the link
Thanks for your video. I want to get a foot into GRC, I currently have a bachelors degree in Cybersecurity, CC certification from ISC2 and was working towards Security+ this year but do you think Security+ is necessary for this role. Your video advises otherwise that’s why I would love to hear your view. Thank you.
hey mate, security+ is a good cert but I have an updated advice!
This course will give you GRC skills that you need for the job:
czcams.com/video/C6IgksBpMF4/video.html
you can do security+ after and it will make more sense :)
I intend to study Cybersecurity at huddersfield but noticed it’s merged with digital forensics. Is it actually a good course ? Moreso I have been unable to get universities offering cybersecurity audit . Could you please help with that?
There aren’t really security audit degrees, it’s just something you learn as part of a cyber security degree where you build your knowledge up on various topics.
I’m not familiar with Huddersfield, but digital forensics is a great core topic to be in a cybersecurity degree. I talked more about digital forensics here:
czcams.com/video/f452CYRijFo/video.html
Hi thanks for the vidéo great content 😊,just a question is it viable for job security,compared to more populat entry level jobs?and is possible to do it remotly full-time?
it’s possible but not easy! Watch this:
czcams.com/video/wcJcH51hmXY/video.html
Glad to have found this among the noise of cyber-tubers. Im looking to move away from being a security engineer at msp for 16years. My.jobs has overlapped with the domains in cissp/sscp. Is it worth doing the sscp if I want to get one cert soon to promote my resume ,then follow up with GRC or CISA?
hey mate, you definitely don’t need SSCP, it’s a waste of time and money, you can go straight to CISSP!
The issue with CISSP and CISA is that they’re good qualifications but they test you on the concepts as opposed to teach you how things are done in the real world
I created a practical course that teach you those skills, I recommend you do it first then jump straight into something like CISA then CISSP. Here are details of the course:
czcams.com/video/C6IgksBpMF4/video.htmlsi=YI6JzHVlieI3eOje
To do the data discovery do you recommend any tools? May I know which tool did you use? Thanks
I don’t have a particular tool recommendation, many tools works exactly the same. This is a conversation best had with your team, analyse a few tools, get some demos in, figure out the pros and cons, etc, it’s a learning process
Thank you. I cleared your videos in 3 days.
I took notes honestly😅
Buh currently I have a professional exam to prepare for so well in 4 months. I created an account in ISC 2 will I loose the access to the free course I got
Can I learn the coding for someone without any tech knowledge on my own-
Ejpt is expensive😢
I will check out the blue team courses.
Buh I wanted GRC (before I saw your well detailed information on other aspect which made me happy to get to decide )do I need the coding knowledge to grow in GRC
you don’t need coding for GRC. You can learn coding as explained here if you want to:
czcams.com/video/rIOvsj7jBuQ/video.html
Hi mate.. thanks for this video. What level of programming do you need for this role or is it not necessary?
zero, no programming required :)
@@UnixGuy perfect ;)
@@ShrawanRegmi haha, good luck
@@UnixGuy lol thank you.
Hey, thanks for your advice. If I work at at bank (recently started) in the governance team (data protection) and would like to follow the auditor path? Do you recommend going for those certifications and stay in the bank or aim to get into the 4 firms you mentioned? I am finishing my cyber security cert at TAFE. Also, I checked the CISSP training and it’s pretty costly the training and 5 years experience in the field is required to take the exam. Which certification should I am if just starting. Thanks!
Hey, first of all congrats on getting your role, you are in one of the best positions to be at the moment! You don’t really need to work in consulting firms, you can learn everything you need in the bank, get paid more than consulting and have a bettet work life balance.
The most important thing for you is to do well in your current role. Go above and beyond, learn the boring things that no one wants to learn, always be positive and willing to do the work - that’s the most important thing, I elaborate more on this in this video:
czcams.com/video/OzpS0wXssQ4/video.html
Second thing is focus on getting your TAFE cert, learn everything in the course to the best of your knowledge. The certs I mentioned (CISA and CISSP) need 5 yrs of experience so something for the future. the next cert for you should be CompTIA Security+ and learning on the job :)
@@UnixGuy Perhaps you can suggest something additionally for beginer at this role ? I already have sec+,and now looking into direction of something like iso 270001 lead implementer,maybe Clous Security Alliance auditor cert or ITLFv4.Hope you may give us some of your knowledge on this topic.Because most of the Audition certs required at least 2 years of experience or expensive like the from SANS.
@@ilyavasiliev538 hey mate, all your suggestions are good and can help! What you need is foot in the door so focus on gaining exprrience.
Isn't GRC much more than Audit? How about leading governance activities (committees, forums etc., ensuring adherence to policies and standards), risk (risk appetite, stability and resiliency, KRI) and compliance (ensuring effective controls are in place)? Also there is a bunch of regulatory and external exams to deal with. Curious about your thoughts here.
correct GRC is a lor more than audit! This is an old video, much has changed since then and I’ve solved the problem of lack of proper GRC training! Watch this:
czcams.com/video/C6IgksBpMF4/video.html
I am currently working in a similar high level view position (cybersecurity strategy). I am worried that as time goes by I wont acquire technical skills. I feel that most of the people working in such positions lack basic IT fundamentals. What is your take on that? How can you audit or assess security capabilities such as network segmentation if you got minimal netoworking experience? It seems to me that most of the work is very shallow...
There is an element of truth to what you say. I have years of technical skills behind me so I’m not worried but for folks who never worked in technical fields they can have a gap.
There are many things you can do, best one is to work on certifications specially ones with lab component, this will keep you sharp and strengthen you as an auditor.
I’m a nurse based in Australia and looking into transitioning into GRC. There are so many information online, not sure where to begin. Can you please give me a roadmap or what is the best place to start?
There are no entry level GRC certs. I recommend you follow this roadmap:
czcams.com/video/DRJic8vCodE/video.html
it will give you a roughly guideline on how to start
Hi, I recently got an opportunity to join a cyber security company as an intern. I am pretty much interested in cyber security auditor role. Could you please tell me how I can take best benefit out of this like what things I should must do while doing this internship. I am planning to understand how a security auditor do PIA on company privacy policies and to learn more about risk management.
you are in a perfect position to learn! show up, be on time; ask questions and do certifications in your own time , start with the google cert: czcams.com/video/6LIUhx95MCU/video.html
actually i dont like to work in bank does the security focus mostly on bank or like financial services , because i dont like it . Hopefully is there answer for this mr. Thnak you
No security is not specific to banks, every organisation needs security so you absolutely don’t need to work in a bank :)
Hello @unixguy I have been in it and cyber for 10 years in a big company. I want to start a consultancy doing pci audits etc. I have CISSP and CCSP and think I need to pass the QSA. Which is the best audit cert to get beforehand is it ics2 or csa ? Thanks!!
For consulting purposes, this one:
czcams.com/video/C6IgksBpMF4/video.html
Currently doing IT Audit straight out of college, is this similar to cybersecurity audit or something different? And if it is different any recommendations for what to do to switch to more of a cyber role?
this is cyber security audit!
to switch you need to do certifications in another specialisation, watch my videos on other specialisations
I came across this months ago but I didn’t know how to get into it. And what to do once I got a certificate.
Start with this video:
czcams.com/video/GPmVphOqSGY/video.html
gou essentially need to build your experience/knowledge/certs
Do others follow the path of GRC/Auditer, to Penetration Tester? I don't really wanna go into management, but I think starting at GRC is beneficial.
not really, there is little correlation between GRC and pentesting. If you want to be a penetration tester, follow this roadmap:
czcams.com/video/8K7iAJ9BNl0/video.htmlsi=PBD4vrurzqjlp72c
Hey! Do you think I'd be able to land a job like this with a bachelor's in business? I have loved cyber security since high school but went down a different path for my degree due to a bunch of complications. That being said, I feel like this specific field may benefit from a good background in business in comparison to other cybersecurity fields. I'm assuming if I could manage to get a job in this field with my degree I'd need a serious amount of cyber certs, if that is the case do you have a number one choice? Thanks, I deeply appreciate your willingness to respond to all of these comments.
hey Chad, yes you absolutely can! what will hold you back is lack of experience rather than a degree.
Either way, you will need to build your knowledge/expertise through certs and studying. I recommend you start with this video to get an idea:
czcams.com/video/ug_ruisDUXc/video.html
and also make sure you watch this:
czcams.com/video/GPmVphOqSGY/video.html to understand the value of experience
for certs, do the ones here:
czcams.com/video/jtLfX5_Lu84/video.html
@@UnixGuy Thank you for such a timely, and concise reply. You're the best, UnixGuy!
@@chadkingly no worries at all 👏🏻
I have almost 6 years of experience in cybersecurity, worked as a SOC analyst and currently into endpoint security stream. Can I move into audit or GRC. How to change my career path. Where I can start. Your suggestions will be helpful
of course you can! do the certs i recommend in this video
hi.. thanks for this video. as I would have it, i have a lot of zeal and passion for cybersecurity and sourcing CZcams for areas of specialization led me to your page. I'm new to this field, taking some online course under CISCO networking academy. Pls i will need your advise in the direction to go in order to climb up the ladders in cybersecurity
Hey mate, Cisco academy will prepare you to br a network engineer not a cyber security professional. Start by watching this video:
czcams.com/video/GPmVphOqSGY/video.html
then watch my videos on each cyber security specialisation where I lay out the certification recommendations
@@UnixGuy thanks a ton for your advice and your video too. i will definitely follow as u said
What is your advice to someone who wants to begin a career in cybersecurity with no experience
I summarised my advice in this video:
czcams.com/video/GPmVphOqSGY/video.html
I should start soon an internship in cyber threat intelligence and that's my first job experience after master degree, do you have any advice regarding path/focus/skillgap ecc?
i have an older video about threat intel : Cyber Threat Intelligence Explained
czcams.com/video/qp8ZEyUURiw/video.html
(the quality is low)
The best preparation would be to have an understanding of broad cyber concepts, that will always make the intel more useful, start here and maybe do CC or at least brush up on the topics there:
czcams.com/video/jtLfX5_Lu84/video.html
Hi, I currently work at a Big 4 in cybersecurity
I’ve been on a longer term engagement since I started for about 2 years doing third party security auditing for the third parties that my client has.
At this point I’m looking for something new but I’m not sure where to leverage my current experience to find new opportunities that allow me to continue to learn and grow.
My end goal is to find a position that’s highly paid but also has a great work life balance (don’t mind managing a team - I prefer non-technical work), do you have any advice on where specifically it would make sense for me to specialize in?
the experience you have is fantastic, you can leverage that and do it in a bank or you can do technology risk management. do the certs I mention in this video as they will expand your knoweldge and make you more employable :)
Right now I’m looking for something that’s still high level and non-technical but slightly less repetitive as the third party security assessments that I’m doing. Would you recommend trying to find a project that does external auditing and provides recommendations to the company’s cyber strategy? I noticed in one of your recent videos that seems to be what you do currently and was wondering if you’d recommend trying to go straight into that or trying other things first to gain more experience.
@@theihsanproject you dont need to be in external audit, you can go into advisory work (which is what I do). You’re bound to run into repetitve work but yeah seem that advisory is where you want to be (check my day in the life video for an idea)
Thank you so much for your responses you’ve been super helpful
I watched the video - so in advisory are you essentially advising the business on their holistic cyber strategy/posture and providing recommendations?
Is this also where performing cyber risk assessments on organizations would fall under?
@@theihsanproject yes but I also do a lot more, some advisories are about incident response or DLP or whatever the client wants :)
What certifications you recommend for a 1 year of experience in Cyber GRC. ISO 27001 is one of them, I'm thinking to go for ISC2 SSCP next.... What else would you recommend here ?? .. Also, I see GRC folks learn Cloud but I'm having a problem to connect the dots here...like how ?? Is it implementing the policies like incident management, BCP/DR in the cloud ?? Please correct me if I'm wrong,
To be honest most of the learning will happen for you is on the job rather than from certifications. ISO is a good and any foundational cyber security certification like security+, this way the requirements for CISA or CISSP become 4 years instead of 5
Cloud certs are great because it’ll give you knowledge of the underlying technology which will make a stronger assessor as you understand what you’re assessing. Policies is something you learn on the job, but security+ then certs from ISACA and ISC2 council are great next step
@@UnixGuy Great!! Thanks for the quick reply.
@@tahaqureshi1184 no worries at all :)
Don’t some of those certificates require 5 years of experience and also don’t you have to be hired first and then be sponsored by your company to apply for certain certifications?
correct! which is why I took it upon myself to solve this problem! I created a GRC traning for beginners that will give you everything you need to land your first cyber security GRC job. It will be released next week, stay tuned:
czcams.com/users/shortsBRmx7LAnqkM?si=1erzoEg2jT8Uz0Bp
ik this chick in cyberauditing and in her 2nd year into it is making about $130k which is good for the location
yep, not uncommon at all!
Hello, Your videos are full of good contents and I couldn't help gluing to watch till the end.
I have been a project manager in IT (not technical). I am now considering starting GRC. Please how would you recommend that I start this career? I want a good career that I can be an expert at and eventually consult in. Please advise a confused person 😢
Thanks for your kind words Karamah, to start in GRC I recommend you follow the plan that I laid out here:
czcams.com/video/s9LDWLfFOp8/video.html
@@UnixGuy Thank you so much. I sincerely appreciate this 🙏🏾
@@karamahmohammed4901 no worries at all :)
Hi I know basic functions of a computer but I want to learn more about cyber security and tbh I’m in a point in my life where I desperately need to make money but want to do something with technology. Do you know of any specific schools or programs that’s are worth entering?
I don’t know your personal situation and where u live and what u can afford etc, but start here:
czcams.com/video/ug_ruisDUXc/video.html
Hi, I really love and appreciate your videos. I just passed my CC exam from ISC2. Would studying for CISA and passing the exam only get me a foot in the door for an IT audit job ? I have no IT audit experience, but I have card center experience and now I'm based in Australia
it’s a step in the right direction but certs don’t guarantee a job. getting your first job is a big challenge and it will take time so you need to be willing to apply to a lot of jobs and get to a lot of interviews
@UnixGuy thanks for your reply
I won't be getting the cert for CISA once I pass the exam as I dont have 5 yrs experience. I will be maybe a associate CISA. Will that suffice to be applying for jobs ?
@@user-gp3nx6gr7w i recommend you watch this video to undersrand what it takes to get a job:
czcams.com/video/DRJic8vCodE/video.html
do someyhing like the google cyber cert to learn more, too early for cisa
Tell me one thing Sir, Can a guy like me (Network Engineer) get a job as Auditor/GRC after doing these certifications? Or do i need to work first as cybersecurity engineers or analyst in order to get a CISO kind of positions??? Please help in this topic Sir.
Or it will be better if you can make a whole video in this topic. A lot of experienced guys might have the same question as me.
hey mate,
unfortunately therr is currently no good training that can take you to becoming a GRC professional yet! im working on something cool that will fix this soon so please sign up my weekky free email newsletter because I will announce it there first @ unixguy.com
Meanwhile, I recommend you start by doing this cert to gain some cyber security knowledge and to bridge any gaps you may have as a network engineer:
czcams.com/video/6LIUhx95MCU/video.htmlsi=kUiCSvyaQmrvaVou
Hi, Unix I am a 1st-year student doing masters in IT in cybersecurity at western Sydney University and I have no previous IT experience I just wanted to know what else I need to keep in focus for landing my first job in cybersecurity after completing my master's.
Please guide me.
Thank you
Hi Nikhil, follow the plan in this video:
czcams.com/video/ug_ruisDUXc/video.html
I am doing a Masters of Cyber Security from Griffith university. Earlier I have done a Masters of IT from India but didn't have relevant experience. Could you please help me with the certification or job related tips by which I can get a job before completion.
I have videos about each cyber security specialisation, watch them and write down certifications recommendations :)
How did it work out?
Sir please respond to my question. Is GRC or cybersecurity Audit are difficult job to do. I want to do this job role . shall i proceed ?
Audit falls undet the umbrella of GRC, follow this:
czcams.com/video/C6IgksBpMF4/video.html
Sir !! I'm Hiron from Bangladesh. I'm working as a salesman in a supershop But i want to change my career. I mean now I want to be a cyber security expert. Now the problem is in my country there is no option to physically gain any kind of "Cyber security" degree from any institution. In this situation please give me proper suggestions or instructions on where I can start learning or which colleges/ universities/ institutions do offer specially cyber security courses online? ( In your youtube video, you mentioned that anyone who wants to be a cyber security engineer should take on a cyber security degree not to take computer science or any other degree.)
If you have any other opinion that would be better for me, please tell me.
Thank you so much, sir.
Hi Hiron, my question is do you have a bachelor degree? if the answer is yes, then there will be many options for you to do masters in cyber security.
Alternatively, if you don’t have a bachelors degree, then it might be a good idea for you to do a degree in IT or Computer Science in Bangaldesh, then you can learn cyber securitu through certifications :)
Thank you so much, sir.
@@hiron-x544 no worries at all :)
Even from Bangladesh you might be able to attend online classes at Bellevue University in Nebraska, USA. There are people in my classes from different countries. They offer degrees in Cybersecurity.
@@ignovia2122 , Thanks for your information sir! But it's so expensive to me.
Is this very different from GRC? Could GRC experience lead to an auditor position?
They’re both very similar! and Audit can be part of GRC. Different naming conventions and the titles aren’t always accurate, some GRC people do more than just audit, some audit people do GRC and other stuff, the paths are very similar
@@UnixGuy Do people address these jobs as ICT Security Specialist, GRC Specialist, GRC, Compliance Analyst ?? because these roles titles confuse me as they do not explain much in the job descriptions.
Hello!! Im a Computer Application graduate and starting to stuy cybersecurity in September. It will be very helpful for me if you could help with some of my doubts and wanted to know ur recommendation for certain certifications
watch my videos, cert recommendations are clear
What is the highest introverted cyber security jobs with the highest pay?, I don't care for me a manager or auditor.
seucurity operations, I explained it here: czcams.com/video/HohIYcNd_VM/video.html
I just passed my Security + and am looking for work now , I would like to get into red team and am thinking about the PNPT , is that a good cert ? Does HR usually recognize it? And is it a practical exam in your opinion ?
yes PNPT is very good, i talked about it in this video:
czcams.com/video/OR8G_Vi5B1U/video.html
@@UnixGuy thank you
@@itzdon8088 no worries at all
@@UnixGuy any labs you would recommend? Looking to put at least 3-5 on my resume because I have no IT experience just security + .. I have a Mac air m1
@@itzdon8088 if u do the eJPT and PNTP thats plenty of lab work included
actually what is the highest paid role in security carrer?
I answered this in this short video:
czcams.com/users/shortsz6JkFqn_Umc?feature=share
That’s a difficult question to answer. It’s not a role specific but depends on how good the person at what they do and the type of organisation. Get so good and whatever specialisation you like and the money will follow.
I don't hear many people talk about cloud cyber security or is this more of a senior position?
it’s not a senior position, I’m gonna create a video about VERY soon so stay tuned, but meanwhile start here:
czcams.com/video/8gks3pe69hQ/video.html
This sound like it got decent overlap with GRC, do you agree?
this is an older video, this is not an overlap with GRC, this is a subset of GRC.
czcams.com/video/C6IgksBpMF4/video.html
The best teachers are the ones who can explain the subject to the dumbest person in class and they will grasp the concept.
yep agreed, how does it relate to the video?
How to study for and get this role if I have no work experience?
this video explains the process:
czcams.com/video/GPmVphOqSGY/video.html
Can you name some best cybersecurity tools to start the career
no such thing as ‘best cyber security tools’, start with this video:
czcams.com/video/GPmVphOqSGY/video.html
Wouldn't auditing and GRC be different? GRC is more about implementing the controls for compliance and risk mitigation, whereas auditing is about assessing existing controls to determine whether the organization has a comprehensive security posture and then making recommendations. GRC is basically doing the work, and auditing is giving a second opinion on the work.
Please correct me if I'm wrong, but that is my understanding.
EDIT:
After doing more research, I think auditing can be considered a subfield/specialization within GRC.
thats correct, you stated the defintions of both audit and grc. I tried to keep simple for othets to understabd
@@UnixGuy Thanks for the quick reply! I am new to cybersecurity and have been trying to find the right specialization for me.
I find both GRC and auditing very interesting, and cannot decide between them!
I also wanted to ask, you mentioned the CISA, CISM, and CISSP certs, but would you also recommend the CGRC?
@@TexasIronLegend all good! To be honest there is no good cyber GRC certs, nothing beginner friendly either.
I recommend you start with this one:
czcams.com/video/6LIUhx95MCU/video.html
also sign up to my free newsletter at unixguy.com because I will announce something GRC related soon 😎
@@UnixGuy actually, after doing more research, I think auditing can be considered a subfield/specialization of GRC.
any recommendation from where to start ?? like a roadmap
if you’re asking for Audit; then the certifications I mentioned in the video are the roadmap. For general cyber, this is a good start:
czcams.com/video/ug_ruisDUXc/video.html
Hi, I was wondering how much experience is required for this role?
What role can I start with?
I have a year of experience in web development and am jumping into cyber security and studying CISSP.
Is It beginners friendly?
hey mate,
It’s really hard to answer this question because it depends on many factors, the more experience you have the better.
CISSP is definitely not beginner friendly, those certificates are a good start and are all beginner friendly:
Top 3 Cyber Security Certifications for beginners | Roadmap
czcams.com/video/jtLfX5_Lu84/video.html
@@UnixGuy Thanks! 👍
@@aruha2847 no worries at all
I’m a part qualified management accountant how would I transition to cyber security audit
start with this cert:
czcams.com/video/6LIUhx95MCU/video.html
hello guys I'm a cybersecurity student in Philadelphia university in my 2year and in the last 6 month my father want to divorce from my mother and he stopped sending money and stop paying for my university and he tell me if you want to stay with your mother let her take the responsibility for you and he is working in another country iknow like you wtf I'm saying but if anyone can help me and my mother i would be soo thankful and for people saying why don't work in my next holiday i will start working I can't doo work and studying and thanks for reading
sorry to hear that
If i have good skills and oscp certificate how much can I earn from it security company ? Any idea
Go to a job search site or LinkedIn, type ‘OSCP’ in the search box and see what salary ranges offered, that’ll give you an idea
What I wouldn't give for a semblance of work/life balance in cybersecurity.
Hey Trisha, I'm releasing an updated video about GRC, which as a lot of work life balance, I recommend you keep an eye for it :)
@@UnixGuy Looking forward to it. I have my CISSP, CISM, CCSP, and SANS cert. Thinking of doing CISA and either CRISC or CGRC after that.
@@TrishasVideos I believe you have enough certs, I don’t think you need more to be honest! Im releasing a grc training course focused on pracrical skills, assessments , you’ll find it useful, hopefully be live with the video in a couple days
Bro is studying Masters in Cybersecurity in Australia? if ok please suggest some good universities to study in..
it’s expensive and I’m not a fan of those degrees, way overpriced for what can be learned through certs
I am confused so you were a consultant ...........the bank put up a tender for an external audit your price and speed were to there liking so they contracted you to do an external audit you didn't work for them right? see confused? how did you get that contract.....ie how did you prove to them that you had the capabilities to do the auditing?
because the contract didn’t come to me direcrly, I work for a consulting firm that specialise in this. that’s how we’re vetted
ok got it ...not want to go out on your own ?make even more dough ...but increased headaches i know....?
ok got it ...not want to go out on your own ?make even more dough ...but increased headaches i know....?
@@weniweedeewiki.6237 I’m not interested in doing that, pretty content being part of an organisation
@@UnixGuy hey thanks for the speedy reply .I am watch this space just starting out tho ...Have experience form other sectors which have nothing to do with computers ...Set up and ran a Dental laboratory and then went into retail which was Rubbish BUT stuck at it for way to long became complacent.....then I was offer a check to leave......I COULD GET OUT there fast enough ......that was 3 months ago i have spent the last month preparing for my ccna which is 0n 1/2/2023........
hi sir,I want to make a career in cyber security but i don't want to get into coding as i don't like it. could u suggest some roles in cyber security with no coding requirement. please
yes Cyber Audit doesn’t need coding!
@@UnixGuy hi please can you give a road map , like which certification i should start with.
As I have no experience in cyber audit.
im a beginner in this field
@@yatinpathania8889 this video explains it:
czcams.com/video/GPmVphOqSGY/video.html
beging with security+ then build from there
It's boring and technically unsophisticated that's why. I haven't worked as one but on my previous job a few years ago I had to review pages and pages of Id's to ensure that they were using the right libraries, datasets etc and yes, it can get tedious at some point but you had to do it and do it right. So even if I wasn't an auditor, I have a good idea what it entails. And as you said, these types of jobs are not expected to respond on the fly or be 24/7 available.
anything can get tedious, it’s all relative. Audit is bigger than what you described, there is a lot to be done and different avenues
each to their own :)
@@UnixGuy oh yes, I know that, and regarding what I mentioned, it was just a sample of a task that I did on a regular basis which gives an idea what it means to work in a regulatory and compliance type of work, I am very well aware of that. And by the way, I am tapping into GRC which is also related.
@@morisn fair points! I think GRC is really underrated and underserved! I created this for GRC to solve the problem:
czcams.com/video/C6IgksBpMF4/video.htmlsi=3s0PNuNbHFpouYes
I am a sap secuirty consultant and have 6 years of experience. I wanted to shift my domain to cybersecurity audit . Can i find good jobs after i shift to this domain. Kindly reply.
yes you can! do the certs I recommended in the video
Hi,
Can anyone take the CISSP from ISC2 or do you need 5 years of experience as with the CISA etc certifications? Thanks 🙂
Hi Angelica,
CISSP has the same 5 years of experience requirements like CISA. You can pass the CISSP exam which will make an ‘associate of CISSP’ until you get the experience requirement.
My recommendation is if you don’t have 5 yrs experience, there is a lot that you can do in rhe mean time! Do these certifications:
czcams.com/video/jtLfX5_Lu84/video.html
or even some of the NYU courses here:
czcams.com/video/ug_ruisDUXc/video.html
you can build your knowledge slowly and surely
@@UnixGuy Thank you for your prompt reply. There really is no one else like you on this platform. I really appreciate it.
@@Angelicasha-tc1wq happy to help when I can Angelica 👏🏻 good luck with your journey and join our discord if you want to connect with likeminded individuals :)
@@UnixGuy Thank you 😃
Soc analyst has scope in future???
yes a HUGE scope! just finished filming a video about it, will be published in a few days - stay tuned!
Security governance jobs will be impact by AI?
Will AI replace Cyber Security jobs?
czcams.com/video/5sCrHjDMsiU/video.html
This sounds like biiiiig $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$... I found my passion 😮😮😮
🫡
All the certification you mentioned are not entry level. You need 5 years experience to get any of them.
you are right Dean, which is why I created this video to talk about entry level certifications that don’t require 5 yrs of experience:
czcams.com/video/jtLfX5_Lu84/video.html
what is an inforamtion security manager?
someone who manages the information security department
Thank you for the fast response! im 17 and want to get into cybersecurity but I dont really know what part of cybersecurity I want to do or how to start what would you suggest? @@UnixGuy