Don't Tell Anyone I Told You This, but if you are Not Technical, You Still Belong in Cyber Security. ⬇
Governance, Risk and Compliance (GRC) is a sector of cyber security that is in very high demand. Every organization has to have a set of policies and procedures to ensure the business is able to achieve objectives, address uncertainty, and act with integrity.
Let me give you an example.
Everywhere you swipe a credit card, that business has to have proper security controls in place to protect your card data. It needs protected because if in the wrong hands, your information can be used maliciously.
Because of this reason Visa, Mastercard, American Express, and Discover came together and formed an organization called the PCI Council. This council consists of some of the world’s best security professionals. Collaboratively, a set of standards was introduced called the PCI-DSS.
Any organization that processes credit cards is held to PCI-DSS standards. Today, there are hundreds of security controls that companies have to follow.
Examples:
Proper Antivirus
Firewall protection
Encryption on credit card data
Detection systems to detect possible breaches
Policies on protecting the CDE (Card Data Environment)
Proper background checks on employees that access the CDE
These are only a few examples of some of the hundreds of security controls for companies processing cards.
However, there are other security frameworks to set a baseline for organizations to protect their intellectual property, client data, and to even protect digital assets from being used inappropriately. If a person is not extremely technical, GRC can be a great pivot into cyber security.
One example of a career in GRC is a security auditing. A security auditor understands various frameworks and works with organizations to ensure they are meeting compliance standards. Many companies do not have a full understanding of security controls that need to be put in place for compliance. A security auditor’s job is to ensure that an organization has a full understanding of required security controls and to identify gaps where certain controls fall short. The job also entails gathering evidence to ensure compliance.
For a successful career in GRC one must:
Have excellent communication skills
Be extremely organized
Detail oriented
Gain knowledge of frameworks
Report writing skills
You will find there are controls you will fully understand if you aren't technical, but you will also gain technical knowledge by working with the right mentor.
Want to Work with Me? There are Three Ways I can Help:
1. If you want to break into Cyber, let's talk at ➡www.breakincyber.com/⬅.
2. If you are already in Cyber but stuck, let's talk. ⬆
3. If your organization needs a security provider that rates in the Top 250 in the United States (Pentesting, vCISO services, Security Assessments), let's talk. My PMs are always open. I'll hook you up.
Mike Miller - Break in Cyber
Don't Tell Anyone I Told You This, but if you are Not Technical, You Still Belong in Cyber Security. ⬇
Governance, Risk and Compliance (GRC) is a sector of cyber security that is in very high demand. Every organization has to have a set of policies and procedures to ensure the business is able to achieve objectives, address uncertainty, and act with integrity.
Let me give you an example.
Everywhere you swipe a credit card, that business has to have proper security controls in place to protect your card data. It needs protected because if in the wrong hands, your information can be used maliciously.
Because of this reason Visa, Mastercard, American Express, and Discover came together and formed an organization called the PCI Council. This council consists of some of the world’s best security professionals. Collaboratively, a set of standards was introduced called the PCI-DSS.
Any organization that processes credit cards is held to PCI-DSS standards. Today, there are hundreds of security controls that companies have to follow.
Examples:
Proper Antivirus
Firewall protection
Encryption on credit card data
Detection systems to detect possible breaches
Policies on protecting the CDE (Card Data Environment)
Proper background checks on employees that access the CDE
These are only a few examples of some of the hundreds of security controls for companies processing cards.
However, there are other security frameworks to set a baseline for organizations to protect their intellectual property, client data, and to even protect digital assets from being used inappropriately. If a person is not extremely technical, GRC can be a great pivot into cyber security.
One example of a career in GRC is a security auditing. A security auditor understands various frameworks and works with organizations to ensure they are meeting compliance standards. Many companies do not have a full understanding of security controls that need to be put in place for compliance. A security auditor’s job is to ensure that an organization has a full understanding of required security controls and to identify gaps where certain controls fall short. The job also entails gathering evidence to ensure compliance.
For a successful career in GRC one must:
Have excellent communication skills
Be extremely organized
Detail oriented
Gain knowledge of frameworks
Report writing skills
You will find there are controls you will fully understand if you aren't technical, but you will also gain technical knowledge by working with the right mentor.
Want to Work with Me? There are Three Ways I can Help:
1. If you want to break into Cyber, let's talk at ➡www.breakincyber.com/⬅.
2. If you are already in Cyber but stuck, let's talk. ⬆
3. If your organization needs a security provider that rates in the Top 250 in the United States (Pentesting, vCISO services, Security Assessments), let's talk. My PMs are always open. I'll hook you up.
#cybersecurity #informationsecurity #infosec #security
2 years ago | [YT] | 12