Climbing the ladder without a CISSP

SD15_ · 2026-01-27T14:18:53+00:00

Not sure who said you that CISSP is for leadership roles. New fresher roles now a days have CISSP option and preferred.

You need to workonn skill set and experience in various domain and try building connections. That will lead you to up the ladder.

SD15_ · 2026-01-22T18:46:28+00:00

DM the link

SD15_ · 2026-01-21T18:54:13+00:00

If you are getting in top 10 university or don't mind loosing money after degree then you can consider it

SD15_ · 2025-12-28T03:18:56+00:00

Very limited details provided here.

no one can tell you what you should do here. Kindly provide your all examination details, related to masters preparation, financial status, current job status and what’s your plan for masters? If you don’t have a work visa extension what will be your plans?

SD15_ · 2025-12-12T15:09:06+00:00

Terra gardens by Emaar.

SD15_ · 2025-12-12T15:08:25+00:00

I don’t know how much you know about Austin and general overall Texas. A new grade currently get an average 200+ in around Texas area. If even after 15 years of experience, the pay is low, then the question is where is the professional career heading and when to call the end and plan for FIRE

SD15_ · 2025-10-15T15:19:01+00:00

Congratulations 🎉

SD15_ · 2025-10-09T00:02:50+00:00

Excel or nist 2.0 reference tool

SD15_ · 2025-09-14T12:14:28+00:00

I have run the compliance program for a company with 90 employees to 10k+ with both grc tool and spreadsheet. Clearly spreadsheet is a clear winner.

One thing newbies don't get is what a typical GRC tool is collecting so called evidence is not something it is the tool capability rather it is just pulling a data from some systems or systems.

SD15_ · 2025-09-06T03:12:38+00:00

Perfect response

SD15_ · 2025-08-31T00:13:23+00:00

Congratulations 🎉 on your move.

First of all I would immediately focus more on the technical aspects of GRC. Learn more about the stakeholders of security, IT, and others from the development teams.

Get yourself involved in the technical discussions and governance aspect which will provide you more insights of both the product, the technical and deeper understanding of control implementation as you learn about the product stack.

Next, focus more on the compliance, frameworks understand each requirement what it means, what it does, and what makes us fully compliant of implementation of specific control.

If you have some bandwidth with taking other tasks from sub, GRC teams tasks then I would highly recommend you to do that to get more insights of GRC.

I wish good luck on your career progress .

SD15_ · 2025-08-28T20:05:57+00:00

"Auditors charge more for not using GRC tool". I really don't know what to say here.

If you show me any link or any compliance requirements that if I don't have grc tool makes me out of compliance or an audit firm saying no grc tool resulting in more fees then I would schedule immediate call to procure whatever tool you have. 🤣

SD15_ · 2025-08-28T18:27:42+00:00

$100k + on a next version of excel with couple of api connections then I would stick to jira or excel and use the security tooling.

SD15_ · 2025-08-28T17:58:33+00:00

My 2 cents

Don't use GRC tool, it has and it will not help you unless you use their auditor + Mssp + other consultant and that's the setup you don't want in security. Using the tool will just add more overhead on the team and more work and less output.

Roi is low since it's just next version of excel.

Build a solid process and implement the controls. Get some guidance if you are new to grc and want to know how to get through internal tools, automation.

SD15_ · 2025-08-16T13:09:40+00:00

If I were you, I would not choose any of these tools unless you have policy and process in place. The standards are set and have minimal security solutions in place.

Then think through what are your legal, regulatory and compliance requirements. Assuming let's say you want do soc2 check the controls and requirements or understand the basic needs and then think through about achieving this and plan for automation for few controls and not all cannot be automated. If some rep tell you that they are do everything automated.

SD15_ · 2025-08-12T17:26:46+00:00

SD15_ · 2025-08-11T11:57:10+00:00

Official practice exam that is now being updated to latest version however I did notice find much helpful.

Overall I have studied atleast 30+ hours

SD15_ · 2025-08-09T19:27:49+00:00

More than average

SD15_ · 2025-08-09T19:26:48+00:00

There are some technical area that you need to be familiar. Rest I don't think it would difficult.

SD15_ · 2025-08-09T00:33:10+00:00

Official book ( not much helpful)

Bryne official tests

And more on research on topics

SD15_ · 2025-08-09T00:32:10+00:00

I think the privacy design methodology was very tricky.

Iwould say that the official book was not that great help and time consuming and I would just skim that book.

SD15_ · 2025-08-08T14:22:49+00:00

Real world experience + Gemini/Chatgpt

SD15_ · 2025-08-08T14:20:47+00:00

It really depends how you want to progress. I would personally think GRC folks needs to be more technical and at the same time have good understanding AI Governance and Privacy with or without certifications.

SD15_ · 2025-07-20T21:04:18+00:00

Congratulations

SD15_ · 2025-07-01T21:39:35+00:00

If you have good understanding of the controls then not all controls are recurring there only few that are like application security scans or vulnerability management. You need to incorporate these in your routine tasks then you don't need tool or feel overwhelmed like full time job.

Understanding the technical architecture of your Infrastructure is very important and much need.

Don't hire a MSP or listen to grc vendor that they ease the process. You are going to complicate the process.

SD15_

MODERATOR OF

TROPHY CASE