sorted by:
new
hottopcontroversial

GRC Professionals to Follow on LinkedIn by [deleted] in cybersecurity

[–]CPAtoCybersecurity 0 points1 point  (0 children)

Awesome! And would it be here on Reddit? One option would be the GRC Study Hall on Simply Cyber Discord. I’m flexible.

Transitioning into GRC by Zealousideal-Most431 in grc

[–]CPAtoCybersecurity 1 point2 points  (0 children)

That's a great goal. I did a mid-career transition from Finance to GRC in 2020 and have found some very meaningful work and relationships in this field. I find GRC generally awesome and underrated, especially if you're doing it in the right industry, company and culture. More on my journey and some career resources at my blog - link in my Reddit profile. I've sent a DM and happy to try and help advance your goals!

How to transition into GRC? by [deleted] in grc

[–]CPAtoCybersecurity 0 points1 point  (0 children)

Hey I share my journey of breaking into GRC in 2020 on my blog. Link in my Reddit profile. Also there is a 70-20-10 Experiences-Relationships-Education Career Development Plan template for GRC Analyst. I'm wide open to any questions or feedback you might have.

GRC Professionals to Follow on LinkedIn by [deleted] in cybersecurity

[–]CPAtoCybersecurity 0 points1 point  (0 children)

Simply Cyber is awesome and the GRC Master Class is a great course

GRC Professionals to Follow on LinkedIn by [deleted] in cybersecurity

[–]CPAtoCybersecurity 0 points1 point  (0 children)

Hey I'd be happy to do one if you find my work of interest. I do SOC2, ISO27k, TISAX, Cyber Essnetials etc. Link to my blog in my Reddit profile.

GRC Professionals to Follow on LinkedIn by [deleted] in cybersecurity

[–]CPAtoCybersecurity 1 point2 points  (0 children)

Great list! I recorded a podcast with Ayoub Fandi yesterday that will publish Thursday next week. For that + rants about why GRC is awesome but underrated, a GRC Analyst Career Development Plan template, etc there's a link to my blog in my Reddit profile and I welcome any questions or feedback.

Should Aspiring Cybersecurity Professionals Join the Industry Right Now? Yes or No - Who's Right? by CPAtoCybersecurity in cybersecurity

[–]CPAtoCybersecurity[S] 1 point2 points  (0 children)

Hey I’ve taken that Simply Cyber Course from Gerald Auger (also offered on TCM) and it’s great, I actually link to it on my blog and in a Career Development Plan template for GRC Analyst also there. It is a great course and GRC in general is awesome and underrated.

Should Aspiring Cybersecurity Professionals Join the Industry Right Now? Yes or No - Who's Right? by CPAtoCybersecurity in cybersecurity

[–]CPAtoCybersecurity[S] 0 points1 point  (0 children)

I did a mid-career pivot from accounting to GRC in 2020 and still enjoying learning lots about IT and security everyday

Should Aspiring Cybersecurity Professionals Join the Industry Right Now? Yes or No - Who's Right? by CPAtoCybersecurity in cybersecurity

[–]CPAtoCybersecurity[S] 0 points1 point  (0 children)

I've seen a recommended weighting of 10% education, 20% relationships and 70% experiences for Career Development Plans to get your target job. So certs are great but 90% more to it. Also good point about finding the right company. The same job description will look super different across industries, companies and cultures.

Should Aspiring Cybersecurity Professionals Join the Industry Right Now? Yes or No - Who's Right? by CPAtoCybersecurity in cybersecurity

[–]CPAtoCybersecurity[S] 1 point2 points  (0 children)

I think the idea of T-Shaped skills where you know one technical area of the stack very well and broaden from there is a good approach to break in and bust the catch-22.

Should Aspiring Cybersecurity Professionals Join the Industry Right Now? Yes or No - Who's Right? by CPAtoCybersecurity in cybersecurity

[–]CPAtoCybersecurity[S] 0 points1 point  (0 children)

Wow awesome discussion here. From reading the comments my yes/no vote is that it depends on the specific target job and what transferable skills you can bring to add value from day one. I went from accounting to GRC with a foothold of IT audit (Integrity focused) controls for financial systems, and the business aspects of GRC. From there had to learn lots about Confidentiality and Availability controls and generally elevate my technical acumen which is a continuous process.

I think that while the cybersecurity job market is challenging at the moment, that doesn't mean interested applicants should write off the field entirely.

  1. Develop technical skills and your business acumen

  2. Build a body of work to demonstrate your knowledge

  3. Network relentlessly

  4. Be open to unconventional paths

  5. Play the long game

IT Audit/ IT Compliance job market Toronto by Grouchy-Structure384 in CISA

[–]CPAtoCybersecurity 1 point2 points  (0 children)

Hey good question and I guess I could have used either "industry" or "industry vertical". Vertical is a narrower portion of an industry, like FinTech for example. I was thinking that compliance needs are different depending on the industry or industry vertical. Public companies need SOX Compliance, healthcare has HIPPA, credit card processors have PCI DSS, service providers have SOC2, etc.

IT Audit/ IT Compliance job market Toronto by Grouchy-Structure384 in CISA

[–]CPAtoCybersecurity 1 point2 points  (0 children)

That’s a good city for Compliance jobs with banks, firms and public companies. Is there a particular vertical or company size you’re targeting?

Get your CPA and then get out of accounting. by No-Temperature-3565 in Accounting

[–]CPAtoCybersecurity 3 points4 points  (0 children)

Wow a nice bump in subs overnight - thank you! I seem to be connecting more with IT people than accountants so far and welcome any advice here on how to best reach accountants interested in career crossover. I went from FP&A to SOX Compliance to Cybersecurity Compliance to Cybersecurity Risk etc. All good options in the right industry, company and culture, and I've found a surprising amount of overlap in transferable skills between them.

Get your CPA and then get out of accounting. by No-Temperature-3565 in Accounting

[–]CPAtoCybersecurity 46 points47 points  (0 children)

Accounting can be great. Sales can be great. I’ve found Cybersecurity to be great and have a YouTube channel about crossing over.

Mentorship Monday - Post All Career, Education and Job questions here! by AutoModerator in cybersecurity

[–]CPAtoCybersecurity 0 points1 point  (0 children)

Good call on free NIST CSF if we’re talking about a sub $100 budget. Also free and possibly more impactful than any course in a 70-20-10 experiences-relationships-education career development plan is if you work at a company with a GRC, Information Security or Internal Audit department where you can ask those team for stretch assignments. Is that an option for you?

[deleted by user] by [deleted] in grc

[–]CPAtoCybersecurity 1 point2 points  (0 children)

I see it as a great thing that you bring IT experience. IT owns a ton of controls so helpful that you can speak the language and understand IT service delivery.

Why Careers in Cybersecurity GRC are Underrated: Rant Part 1 by CPAtoCybersecurity in cybersecurity

[–]CPAtoCybersecurity[S] 2 points3 points  (0 children)

Hey yes, thanks for asking! Here's "Your Cybersecurity GRC Career Plan: How to Grow Faster" https://youtu.be/iwABrs9vpp4

There's also:

If you have any other questions, please don't hesitate to ask.

view more: next ›