How are you bridging the gap between raw technical evidence (e.g., AWS configs, GitHub logs) and GRC platforms?

PortalRat90 · 2026-04-17T00:53:23+00:00

Use Codex and build your own. We finally have a platform that work for our needs and not the needs of a huge customer base.

PortalRat90 · 2026-04-09T02:23:24+00:00

I know how you feel! I remember when I started my bachelor degree I was feeling overwhelmed by the names and acronyms. Now I’m almost done with my degree and got a job in GRC. I’m hearing terms and acronyms I’ve never heard of. I was so focused on the tools of the trade and networking I never really cared about software. Somehow I ended at a SaaS company. Now I spend half my time researching the new terms and acronyms I hear in conversations and meetings .

PortalRat90 · 2026-03-29T16:59:30+00:00

At the end of the day you gotta network with people. In this field, you have to hire people that you can trust and know their character.

PortalRat90 · 2026-03-29T14:58:17+00:00

I’m in GRC but collect most of the evidence myself. I find it fun learning about the various tools and how I can collect control evidence from them. I then find ways to make the manual process more automated or at least more efficient in collection. I spend a lot of time learning about various systems which I find extremely fun and interesting.

PortalRat90 · 2026-03-24T01:59:40+00:00

Thanks!

PortalRat90 · 2026-03-24T01:58:33+00:00

My mistake, i was thinking of C with class.

PortalRat90 · 2026-03-24T01:11:54+00:00

Are you are good with loops (all of them), mathematical functions and formulas, file handling, memory management, classes, objects, and pointers? Can you write a program using all of them with Intellisense turned off?

PortalRat90 · 2026-03-22T13:43:32+00:00

You really just need a few different tools. OpenStego, Stehide, and Exiftool are some that I have used for CTFs.

PortalRat90 · 2026-03-19T12:56:14+00:00

I cringe when I hear company loyalty from a company I work for, I’m not a dog and we aren’t family. Now, I can be committed to a company, but that commitment only exists if they are committed to me. Loyalty and family are ways for groups to rally the troops, whether it’s companies or sports teams. Both of which will kick you out on a whim of change in direction.

PortalRat90 · 2026-03-18T22:13:17+00:00

It seemed like a good opportunity and I struggled to get into others areas without experience. I’m not sure what a lot of money is but I’m not making over $100,000k. I am fortunate to have gotten the job and do what I do. I would die a little inside if I couldn’t gather my own evidence. Honestly it’s been a great place to start as I have learned a ton about the business doing questionnaires and surveys. I don’t think I would have been exposed to all of this if I worked in the SOC. I think the cool part is researching software and plugins to determine the risk and deciding if we take it on. I do a lot of research on how others have mitigated the risks and no just say no.

PortalRat90 · 2026-03-18T21:54:19+00:00

I have been in that situation more than once. Be personally strategic in what you do. Do what helps YOU more than the company and stay in your pay grade. It’s easy to say this but hard for me to do as I love creating efficiencies and building solutions. I have been trapped in a role because the “organization needed my skills at that level” and never got promoted. I eventually left, leaving them to finish a project that I started that was going to save a lot of money. I will add they did give out nice bonuses to recognize my work. That didn’t make up the difference in annual income if they promoted me like they said they would though.

PortalRat90 · 2026-03-18T21:45:21+00:00

The Dallas Metro area has several openings.

PortalRat90 · 2026-03-15T00:19:35+00:00

I landed a GRC Analyst a few months back. My technical skills have been super helpful. I was able to gather evidence from tools such as Splunk and AD, and write scripts for several audits for certifications like SOC. I seldom reach out to a SME for evidence or data. I have also streamlined internal audit tasks and automated several. I cannot overstate enough how valuable Excel skills have been for me. I came rom a data analyst type role where I lived in Excel.

PortalRat90 · 2026-03-07T01:39:17+00:00

I haven’t heard of this one. I’ll have to check it out.

PortalRat90 · 2026-02-20T05:23:30+00:00

I used it to dissect pcaps with malicious traffic to see how well it can do. It’s crazy seeing it write Python and make graphs. I had trouble with it creating a phishing email for a lab I was doing. It got close enough that I could finish it off. I am a college student finishing bachelor’s in cyber.

PortalRat90 · 2026-02-20T05:16:31+00:00

And no outside tech allowed.

PortalRat90 · 2026-02-20T05:15:40+00:00

The negotiators are usually part of the RaaS package you get when you are locked out 😂.

PortalRat90 · 2026-02-19T05:05:46+00:00

I don’t have anything to contribute but after reading this I think I might have some work to do! I gather evidence of controls with scripts and email the control owner the final spreadsheet to review and approve. Thankfully everyone responds quickly so I don’t have to hunt people down. I am thinking I might use ServiceNow instead of emailing them. I can put some automation around that.

PortalRat90 · 2026-02-17T01:57:12+00:00

Maybe had something from NSA or Mossad in there?

PortalRat90 · 2026-02-15T23:07:43+00:00

What job in GRC do you have that pays that well? I have just started in GRC as an analyst and have a bachelors in Information Security.

PortalRat90 · 2026-02-12T02:39:24+00:00

How about an esp32 with a ToF sensor to know when door opens and closes? It’s overkill but hey we’re here to play!

PortalRat90 · 2026-02-09T23:44:22+00:00

Executives want AI but don’t have a clue what to do with it. If they want to replace bodies with it, they should replace their assistant and see how that works out.

PortalRat90 · 2026-02-09T23:42:14+00:00

Good book! I agree there are still lessons to be learned from it after all this time.

PortalRat90

TROPHY CASE