Introduction & Seeking Guidance on GRC Career Path - Page 2

MurrayLichoro

Hello Folks,

I’m thrilled to join this community and eager to learn from professionals in the cybersecurity and GRC space.

I’m currently halfway through the ISC2 Certified in Cybersecurity (CC) Foundation program and preparing to book my exam soon. Since this program is freely offered, I wanted to hear your thoughts on its relevance to a GRC career:

With the CC certification, would I be well-positioned to start as a GRC analyst, or are there additional certifications, skills, or experience I should focus on?
What are the best entry paths into GRC, especially for someone looking to break into the field?
Are there any valuable resources, mentorship opportunities, or industry trends I should pay close attention to?

I’d appreciate any insights or advice you can share, and I look forward to engaging with and learning from this community.

Best regards,
Murray Lichoro

nkeaton

@emb021 I had to look that up. I thought was a technical acronym that didn't know. Way to bring me back to reality. ISC2 has been including more frameworks and started before the name change. I can agree that it was pretty NIST focused and maybe still is. I do feel like the CISM covers frameworks and GRC better. I definitely do not want to see another certification done away with. I am sure that you understand with a HCISPP. I was thinking about working towards earning it when the obituary came out. The CAP has a funny history though. I took the exam in 2012 right after a major exam objectives change. It was more focused on DIACAP before that and was Certification and Accreditation Professional. When I took the exam, it was focused on RMF and NIST and changed to Certified Authorization Professional. Of course now it is CGRC.