Transcript

Hey, it's Steve here and I've got a question for you: What's standing in your way of breaking into cybersecurity Governance, Risk and Compliance from the outside? Or maybe you're already in. What barriers are preventing you and your team from elevating its impact?

World-class GRC means we're optimizing the balancing act of protecting and enabling the business, helping your company or organization of any shape or size to become cyber threat aware, and set in motion a cyber resilience culture that takes people from sheep to sheep dogs, from passive victims to active defenders. And that's no joke in 2025. Cyber is an existential business risk where leaders need to demonstrate due diligence and due care.

Of course, we need to first focus on identifying and protecting critical data and IT infrastructure from threat actors. That's a big part of what the blue team and the red team is focused on. But we also need GRC because we need to be able to answer questions about how reasonable a job we're doing with those security operations activities. And those questions can come from the board, from customers, and a long list of different internal and external stakeholders. GRC helps with that.

It also helps with about six or seven other things I enumerate in this course. The idea here is to help remove barriers standing in the way of making an impact with those activities, and also from a career perspective, helping you break in. And I want to pass along what I've learned in my own journey to you so that more people can find great careers in this underrated space that I happen to like a lot, and I think others would too.

But I think a lot of people don't understand what's available to them, and then even if they're in, how to optimize and do it well, and bust the myths and elevate perception and realities of what GRC work is. So that's why I started a blog and a YouTube channel, CPA to Cybersecurity. It talks about my mid-career transition, crossing over about five years ago from finance.

Currently I'm the director of GRC at a software company, and I'm also an instructor here in Simply Cyber Academy. And I love this particular gig because I'm very aligned with its mission of helping people launch and lift their careers, and its emphasis and focus on elevating GRC.

So where do we go to find good GRC training? Well, of course, we're here in Simply Cyber Academy, right? Why are we here? There's a lot more options for GRC training today than there was when I started five years ago, but there's also still a lot of fluff out there to navigate through.

So with this free course, it's my effort to curate the best of my content, Dr. Auger's and a few others, in a sequence that's formulated to take you from start to finish. How do you break into GRC? And in putting that together, a theme emerged. Like it's about elevating our mindset, our methods and our skills, no matter what state we're at in our career, you take those three things, stack them together, and it's a powerful combination to punch through to the next level.

The format of this course is essay style, blog posts or readings, along with short and long form YouTube videos. And there's homework assignments or challenges along the way where we can interact asynchronously in Simply Cyber Discord, in YouTube comments, or just by sending me an email.

So welcome to the course. Kudos for taking this time to invest in your learning, and Team SC, let's get after it!