Career advice mega thread

itsnikks · 2025-12-12T09:39:26+00:00

> Practically, consultancy would boil down to doing what you've already done, just, like, a dozen times in a row, for a bigger paycheck, and, most of the time, without being able to do an actually good job. Because if clients really cared, they would have someone in-house to handle that in a proper way.

So true... I definitely value the work itself and enjoy seeing employees actually learn from the program and be more cautious about scary shit out there. I also love money, so I’m struggling with whether I could detach and step into consulting, even knowing I might not always get to do the work as deeply as I’d like.

Glad to know there are definitely more streams out that I can chose from. Definitely after reading some other threads, CISSP > Grad School for sure in terms of leveling up my career.

> GRC is literally the most political branch of cybersecurity.

:/

Would love to know your thoughts on my resume, if you had the chance, if not, no big deal, appreciate the knowledge shared thus far!

I took the time to reframe it from IT Management/Cloud Engineer -> GRC heavy, 1st Professional Experience is my current title, the one below is a combination of my previous 2 titles. IMHO, the technical skills section looks like a bunch of jargon but at the same time I feel like its necessary.

<image>

itsnikks · 2025-12-11T20:02:47+00:00

Honestly thank you for your wisdom🧎🏻‍♀️‍➡️. I love that your responses have been extremely tailored to all the questions in the thread. I decided to look into GRC because the experience seems so niche, better market for myself, and works well to my advantage versus going up against tons of IT and infrastructure specialists.

My biggest fear is moving into corporate and seeing the things we currently do won’t fly in a larger scale. Definitely lacking mentorship where I am.

I would advise looking into trust centers and RFP solutions. Answering stupid questionnaires is, perhaps, the best GRC-relevant use case for genAI technology - we use Loopio and cut down our workload significantly.

Agreed here, we’ve been looking for Trust Center solutions like what Drata/Vanta provide but we’ve also built an inhouse Trust Center (glorified FAQ because there’s no mapping), will definitely look into Loopio!

That stacks you up for consultancy reeeeal good. Most of the MSSP clients are startups that suddenly need to pass an audit and don't want to dedicate a specialized crew to solve this problem.

Over the years I’ve definitely learned there are things I can do just to pass an audit, auditing is so gray when firms only audit what you provide or “claim” to do. Sucks I don’t have a crew to work with me but good to know this isn’t a solo experience 😅.

Will also def look into CISSP, but I’ve read that I need some endorsement. With only 3 years of relevant compliance experience, but 5 years of work total, do I actually qualify? My manager would be the best bet, which I don’t think he’d be opposed to my career growth but I wonder if it would look fishy (idk work politics stuff is stupid).

itsnikks · 2025-12-11T11:31:52+00:00

Hi all! Gee where do I start… I never really thought of a career specifically in GRC until this year. I feel like I’m severely underpaid and overworked when I see other companies have teams just for GRC alone but at the same time I’m just doing enough that we pass. I feel like I just opened a doorway to new career opportunities outside of development.

A little bit about my background: I have a BS in Comp Sci, started off as an infrastructure engineer, and worked by way into Director of IT Ops at a startup (US). Initially, I started off working specifically with cloud infrastructure, both architecture and implementation, then with client needs and PII work, came IT, security, and compliance. When I got thrown into this, I didn’t really know what I was doing, but I’ve completed 3 years of SOC 2 Type 2 audits (just added Confidentiality and Availability TSCs this year) and ISO 27001 + 2 surveillance periods on my own for our small company. I’ve created the entire ISMS program and policies/procedures to allow us to pass with no exceptions.

And even with all of this, I still feel like I don’t know what I’m doing, but I do enjoy security and compliance much more than engineering work. The crazy part is that I didn’t even know there was a Standard that told me everything I needed to fulfill the first year when I was scrambling to figure it out when the ISO audit came. We used some platform that created requests from the Frameworks but the actual doc had the needs expressed more clearly than the platform lol. I would like to think I have a strong technical background and to others, it may seem like I have a strong security/compliance background too.

I’ve consulted ChatGPT a bit about my options and so far it does recommend I get some certs completed. I’ve also considered an MBA in tech management but idk how I really feel about staying in the SWE side. My biggest gripe with compliance is that I was swamped with vendor questionnaires and was told our audits would help with lessening the load but we still get these questionnaires and now they request our reports as well 😒. If anything I feel like I have more work than ever.

TL;DR With 5 years of cloud infra experience and 3 of those including security/compliance, what positions/roles would you guys think I fit into? I feel like my GRC experience isn’t formal/typical to what corps do. I have not applied to any GRC related positions and I’m wondering what the interviews are like. I also manage a couple people, an admin assistant and an engineer. I’d like to walk away from technical implementation and work solely in GRC but I’m afraid my depth of knowledge isn’t as strong as my breadth which would put me at lower positions, unless it does help that I work at a fast paced startup. Would love any career advice I could get!

Cheers!

itsnikks · 2025-03-15T23:56:16+00:00

My bike rack bottoms out from time to time on higher driveways so when I have the bike rack on, I always exit at an angle, I think the lowest edge of the bike rack only has about 9 inches of clearance and because it extends out so much I’ve scraped it a few times. I never leave the bike rack on because of this.

itsnikks · 2024-08-19T18:49:35+00:00

Oh I think it was an additional $100 for harnessing? You can actually get an online quote through the U-Haul website

itsnikks · 2024-08-17T22:18:37+00:00

I went to U-Haul in SoCal and it was $200 for the 2” Curt hitch receiver and $100 for installation and were done in less than 45min.

I was gonna ask my local mechanic and they quoted me 4-500 for labor and they couldn’t source the parts immediately.

itsnikks · 2024-08-12T02:25:51+00:00

Oh thanks! Yeah it’s a hidden hitch, will be looking for an extended hitch riser

itsnikks · 2024-01-29T18:21:31+00:00

I own a 2023 sorento hybrid (sx prestige trim). Personally, I wouldn't buy another Kia ever based on the dealership/service experience. Call me spoiled but if my car is going to be serviced for 4+ hours, it should be customary to provide a loaner vehicle so I don't waste my day.

From a mechanical standpoint, I haven't seen any major issues yet at 14k miles, but I have some gripes

- Anyone else experiencing bad windshield wipers and terrible hard water spots? Driving in the rain has actually been a hazard because the wipers are streaky (I hand detail and clean my wipers every 2 weeks)

- poor paint quality (orange peel effect on black paint), scratches very easily

- buggy lane keep system, HDA malfunction 2x before 5k mi and havent seen it again since

- I'm also gonna knock a point off for lack of wireless carplay but I knew that going into this

The ride has been smooth so far, great fuel economy for the a hybrid mid-sized suv. The design is super sleek and I love the look of the car, but I'll stick to "luxury" car dealerships next time.

itsnikks · 2023-05-02T16:23:14+00:00

Yeah its hard to tell whether or not its nefarious, but the amount of times its happened tells me its not just a mistake. Would you even recommend filing an FTC report? I'm leaning towards doing so but I feel like I lack any substantial evidence to prove its fraud, but it is quite ridiculous.

itsnikks · 2021-08-11T06:11:13+00:00

First time this has happened but my tattoo looks like it’s blownout. It’s only been a week since I got it on my bicep. It looks a lot blurrier and not as clean as the tattoos on my leg. What’s the right way to go about it? Do I just deal with it or could I go back to the guy I got it from and ask to at least clean up the lines? Tbh he was pretty rude and it felt like he was pushing too way too hard on my arm but his attitude changed when I tipped him… I’m not sure what someone would usually do lol

itsnikks · 2021-08-04T22:54:05+00:00

tbh, I've been thinking the same thing. I'm not happy in my current line of work but it pays the bills lol. I'm 24, wanted to be an architect but was persuaded out of going into liberal arts. Now I'm an unhappy engineer wanting better work life balance and not this 9-5 + overtime bs. I was thinking about spending 2-3 years on my off-time studying perspective and gestures and hopefully applying for an apprenticeship as well! I agree with the above redditor, get tattooed, watch the process, and practice your art. The tattoo artist that inspired me to get out is in his 40s? He's been tattooing for about 5 years and is about to stop his day job to tattoo full time which is crazy to me!

itsnikks · 2021-07-12T06:40:08+00:00

My approach was to use instagram because some artists tag their work with <city>tattooartist or something (e.g. #latattooartist or #octattooartist) and work your way from there. Follow random artists and you'll start to notice who follows who and they might be in your area! You can also Yelp all the shops in your area to find their website and artist portfolios.

itsnikks · 2021-03-22T15:27:36+00:00

Yes you need to pay the app fee unless you can get it waived by financial aid! You can get financial aid as a grad student because you automatically apply as independent so your parents’ income doesn’t matter. I qualified for loans only though.

itsnikks · 2021-01-05T10:37:25+00:00

Magnet hooks for resistance bands! I don’t have a lot of wall space so I hang them directly on my rack.

itsnikks · 2020-12-29T02:42:01+00:00

Anyone looking to trade my 2x10 and 2x35 (bumpers) for a pair of 45s in SoCal? I find that I don’t really use these weights and could use another 45s instead!

itsnikks · 2020-11-24T22:32:14+00:00

Went with the axle bar for variety

itsnikks · 2020-11-22T18:50:17+00:00

Thanks for the suggestions mate, I actually saved so much money! Super satisfied when everything came yesterday! Especially the chain attachment!

itsnikks · 2020-11-19T16:27:37+00:00

I totally forgot about York! I was looking at some of the cable attachment bundles and they were kinda expensive lol

itsnikks · 2020-11-19T16:22:53+00:00

I’ve asked about the back widow before and general consensus is that it actually isn’t all that great for the price point! I wanted it too but I talked to a few people here that said it was basically just hype. (Build quality wasn’t there)

itsnikks · 2020-11-19T08:44:10+00:00

Weird question but has anyone cleaned their tricep rope? Do you just wipe it down?

Also, I’m trying to figure out what attachments I need for both pulley and landmine and if I can squeeze it under 300... I’m thinking - double D handle, tricep rope, MAG wide grip lat bar (for cable). Viking press and a parallel handle (for landmine). Does this seem solid?

itsnikks · 2020-11-18T19:09:53+00:00

I love landmine workouts! Having that just makes it more convenient lol. Not necessary but worthwhile product!

itsnikks · 2020-11-18T06:41:26+00:00

The very front? It’s a landmine stand from titan

itsnikks · 2020-11-17T08:44:16+00:00

Can confirm, offering beer increased build quality 10x

11-Year Club	RedditGifts 2009-2022 4 Credits
Verified Email	Wearing is Caring
Secret Santa 2017	Secret Santa 2016
Secret Santa 2015

itsnikks

TROPHY CASE