The Harsh Reality of Working in GRC In Cybersecurity That No One tells You 

Thanks, Nicole! Years ago, our cybersecurity team updated GRC rules and changes that disrupted many systems. As many more people in our large organization have better "cyber hygiene" practices today, most clients understand the importance of GRC (and the technical applications of it). My guess is that after several years of being "in the trenches", working in GRC would be a positive change for many cybersecurity professionals. I'm glad to hear you are enjoying it!

After 20 years of being in IT and troubleshooting, I am so ready to be bored. I completed UnixGuy's GRC course in March. I am now in a NIST CSF course. Been a bit frustrating looking for a job. I see so many "entry-level" GRC Analyst\IT Audit jobs asking for 3 years of experience. I would not even apply, but that changes today. I will apply anyway. As the saying goes, "You miss 100% of the shots you do not take."

At least GRC isn’t an “on call” position like a SOC analyst is. You worked your scheduled hours and then you fuck off home. No qualms about it. The negative stigma of a “dull” career certainly outweighs that of a stressful and entropy-riddled workload. 🙃

Thanks Nicole. I love the flowers on your porch!

How did you transition from 'High tech' to 'low tech(GRC)' ? Can you post or DM some pointers or advice?

howcome a less stressful job gets paid more? is it because GRC people are business minded and so they know how to negotiate better? Or maybe the business doesn't value cyber security so they don't want to pay much to technical people? Thanks

Can you recommend courses or bootcamp to get into IT Audit or Compliance? I have experience as a Product Owner and Business Analyst and I'm tired of writing tech requirements and would like to transition into something more "boring and predictable".

Even if some people see it as a boring job, they don't know that how important GRC is in the field of the Cybersecurity and IT. It's all about following regulations and procedures (and more to it) and without it, everything would just start crumbling down.

Can I do GRC 💯 remote from outside the USA? Yes, I’m American.

Thank you for this. I am trying to move from a cybersecurity engineer to a GRC role.

Hey GRC isn't bor- oh yea there is something wrong with me..... That checks out. I have experience on the technical (15 years) and the GRC side (5 years) and think that I enjoy GRC so much now because I have that technical background so I understand how things work day to day and how frustrated the technical team can become without proper consideration and communication. I really like my role in GRC and love that I get to experience new frameworks and constantly need to stay updated and read in.

Thank you Nicole and I have one question, how can I get job in cybersecurity from home?

Hello I'm in the process of obtaining the following for 3 certifications from SANS ... SEC275 Foundations & GFACT Certification... The second course you will take is SEC401 Security Essentials & GSEC Certification.... The third and final course you will take is SEC504 Incident Handling & GCIH Certification ... I have zero IT experience and just wanted to know upon completion of these certifications what type of job can I get?

Oof. GRC is unsexy, but hardly boring. Technical background is a huge +, but critical thinking & people skills are the prereq. You're solving security probs for people/the biz, as opposed to trouble shooting or patching.

Hi nichole,i am doing graduate degree in electrical and computer Engineering.my interest is cybersecurity, i am new in this field.for us rules as a international student i will not permit for grc because its has more security.after geting citizen i will get access probably. Right now for technical side cybersecurity job what courses do i need to do.please suggest me mam.Thank you for your time❤

Bro I swear every time someone tries to help the world community someone has to combat that. Each person is different what sticks for some won't for others. We don't have to have a video that combats everything lol. This is getting a little wild. The titles are always like you're getting ready to watch a horror movie as well. On God.

The horrible bad agony that no one is telling you because they dont want you to know the truth, click here now that i have you hooked with the title!

hellloooooooooooooo

Women, not made for innovation, just know how to follow! and they call it entrepreneurship

All women, move to GRC please. Gonna make Companies way safer

I just want to work, I don't care what the role is. I am about to become a a homeless man with two degrees. So much for all that effort I put into getting a 4.0 GPA.

My dilemma is that I like the technical side, and a lot. Since I started a deep-dive transition into cybersecurity, I have tried a couple of CTF challenges, and I can't say that I didn't enjoy the experience. So... What's the problem? It's too involving, and I've been the type of individual who does not 'go to bed' until a problem gets fixed. And that can be a problem. Mainly, at my age. I am over 50 and I know it's harder to keep up with the technical stuff. Besides, I have been in leadership roles for most of my career until I was laid off. So now that I want to re-enter the workforce but in a cybersecurity-related role, I know that GRC is the way to go. But... I love the technical aspect, too. I wish I was 30 to dive deep into it, but I don't feel I can keep up. And that's my dilemma. Thanks for the Video!

This simple honest explanation of what it's like for you working in grc vs tech roles is really helpful to hear for those of us trying to figure out what direction to go.

Awesome content....good to see other folks working in the same field having similar challenges. One good perk of working in GRC is that you don't called at 12:00am at night to perform emergency audits or assessments.

I need feedback? I saw somewhere that for GRC roles only Security+ CompTIA is required? Should I still go for Network+ too? How do I start my path on GRC? Are there any small projects in GRC I can work on as a newly graudated student to add to my e-portfolio?

I've been doing this job, very well treated and everything goes well, but I am now trying my best to do the transition to cloud architecture. GRC is drying my brain!!

So what exactly they need to have on your resume to get a GRC position or posture yourself for it and also what is the day in a life foe someone who does GRC

You're just like me, though I'm much older. Tired of troubleshooting, tired of being on call, and the threat of a breach means I'll never see the outside of the office thanks to some 9-5'er clicking on a fake email link some foreign actor sent. My boss would panic call me every five minutes while I'm driving to a site. Also some of our catty end users I can also do away with. I go home stressed on a bad day, and even the Sunday morning dread starts to creep in. It takes a full weekend for me to destress from the week. We're focusing more on HIPAA and I've done a lionshare of documentation and reports via email and Excel. Just need to get better memorize NIST standards and other words. Have IT experience and Sec+, though more places are demanding CISSP (overkill, but ok).

GRC is never fun. Been doing the technical side for years and while yes things can break (looking at you MSSQL and your TLS 1.0/1.1 dependencies for install), it's more fun.

I like both GRC and Technical. I am an IT Manager, but sometimes I go out and do Tech stuff to help my guys. ✊🏼😎

I've been working in the IT field as a Helpdesk analyst for around 4-5 years and I'm ready to transition from IT to GRC in a heartbeat. The stress working in IT is killing me. I don't want to do Helpdesk anymore. Just my honest opinion.

I went from being a SysAdmin to GRC fairly early in my career. I didn't want the stress + having to be on call. I have worked for bleeding edge tech companies, so I still needed to stay up to date with technical stuff, even if I wasn't going to master said technologies or tools etc. It works for me, at least for now.

I wanna get into cybersecurity & the technical side seems fun. However, it seems it’s a long learning curve & I’ll probably wanna learning everything burning myself out

I have sales operations/deal desk ops experience and all we do it evaluate risk and compliance for deals and what states we can serve in. I wanna do GRC because I’m tired of the “everything is an emergency” atmosphere of sales. 😂

Hi Nicole, Good Day! Thank you for sharing your experience working in GRC. I have 5+ years of experience working as System Administrator. As you mentioned in the video if someone already has a technical background, it'll be easier to get a job in GRC. I would like to know how easy/difficult it would be for me to pivot from System Administrator to GRC field? How can I tackle the question on my past experience since I don't have any prior experience working in GRC? Should I apply for entry level jobs? Kindly please guide Thank you!

Jackson Ruth Hernandez Helen Martinez Betty

Technical positions have more roles per company. Learn how to script to check your configs.

GRC is awesome! 😂😂

GRC is the most important aspect of security, full stop! Thanks for your insight @nicoleenesse

I just finished my cyber security career and I am on my way to complete Security+ & Network+ but I have no experience as I have not started any job yet... I had been induced under the idea of pursuing DevSecOps... but how do I get started in GRC? I live in Ontario, Canada.

I began a technical career in 1979, and grew with the IT industry. I pivoted to Cyber in 2005, and retired in 2022. I found it had it's own form of stress, in the DOD community, GRC is heavily involved in the "Authority to Opperate", which is detailed, and on a tight time schedule.

Nicole, I have a Master's in Cyber Security from USD (san diego), Network+, Security+, and I have just about given up on getting a job in cyber. I have a renewed interest in GRC. I am planning on studying/passing the CISA then move forward to CISM and hopefully land a job sometime on that pathway as I will be applying as I pass study for these exams. Any suggestions? FYI, I have been an ICU nurse for the past 14 years so my ears perked up when you mentioned nurse in the video.

The gold rush for non-technical cyber security ended about two years ago in my opinion. There's no shortage of people who can do this job, and it usually pays pretty well. My experiences with the market thus far are forcing me to add the ability to code on top of penetration testing so that I can differentiate myself from the competition.

Kindly make a video on the prefect CV for GRC role

I'd love more information on how to break into GRC. Also, if you don't mind, I'd like to get a copy of my resume to you.

I was a long haul trucker for 10 years before going back to college for cybersecurity. I'm looking for a GRC role because I don't mind boring lol

I just landed my first technical role as a SOC analyst. How should I go about transitioning into GRC from this role in let’s say 1 year?

GRC isn't stressful until you have to lead your org through a HITRUST Assessment.

Literally clicked into video after hearing being over thirty and an old woman! 😂 you’re funny. But here I am watching.🎉

What would be the average starting acceptable wage for a GRC position

I love GR.....wait. I see what you did there.😁

Grc is clearly the better one for most people.

hey great video! What technical experience is valuable before getting into grc? I heard cloud and/or security exp would be valuable.

My company treats the SOC analysts like the trash of the earth.

😃👍

Which one is better? Have more opportunities ?

Thanks for sharing. Do you test some controls to see if they were well designed and operating effectively as GRC analyst ? »

Thanks for this insight

If you knew how much I like you ,Enesse. You are beautiful. I am in cybersecurity as well, by the way.

Nicole is web development and front end development top of the cybersecurity job line hiring

Hi Nicole. I’ve message you on LinkedIn regarding your program. I’m looking forward to hearing from you soon.

Hi Nichole, can I reach out via email for some tips and advice?

GRC is for bla bla bla women and Technical for real men! (Grabs flame shield)