This is GRC

This Is GRC | Real Skills for Future GRC Leaders

All Our Latest Posts

The Truth About Cybersecurity Certifications

The Truth About Cybersecurity Certifications

Originally published 2025-09-17 on thisisgrc.com. Let's piss off every cybersecurity influencer, bootcamp, and certification body whose marketing strategy relies on the deception that there are "millions of unfilled cyber jobs," shall w...

4 minute read
It's Cool to Hate Security Vendors

It's Cool to Hate Security Vendors

Originally published 2025-09-03 on thisisgrc.com. If you spend enough time on LinkedIn, you'll encounter these posts by security directors, VPs or CISOs. Mocking cold calls. Taking a jab at conference booths. Gaslighting SDRs that do ba...

3 minute read
What Makes a GRC Specialist Great?

What Makes a GRC Specialist Great?

Originally published 2025-08-20 on thisisgrc.com. Don't worry. I'm not about to spend the next 1,000 words of your time telling you about how great I am. I'm still figuring this out. Think of it like an ideal to reach.What I do know, as...

5 minute read
Presence Over Process

Presence Over Process

Originally published 2025-08-06 on thisisgrc.com. I’ve spent most of my career in GRC trying to find ways to make security relevant. And somewhere along the way, I realized the difference isn’t in the frameworks. It’s not in the policie...

2 minute read
The Future of GRC in the AI-Hype World

The Future of GRC in the AI-Hype World

Originally published 2025-07-23 on thisisgrc.com. If you work in GRC today, you've probably noticed the tsunami of AI hype washing over our industry. Every vendor, consultant, and LinkedIn influencer seems to be positioning themselves a...

3 minute read
Security Questionnaires Aren't Making Anyone Safer

Security Questionnaires Aren't Making Anyone Safer

Originally published 2025-07-09 on thisisgrc.com. Let's be brutally honest about what Third-Party Risk Management currently is: a soul-crushing bureaucratic charade that wastes everyone's time, kills business momentum, and miraculously ...

4 minute read
Beyond Compliance

Beyond Compliance

Originally published 2025-06-25 on thisisgrc.com. Your compliance program is about to be automated out of existence.Let that sink in for a minute.While you're busy color-coding spreadsheets and perfecting your NIST mapping, AI is alread...

5 minute read
The Communications Game

The Communications Game

Originally published 2025-06-11 on thisisgrc.com. Here's my story about how I became convinced that communications was the core skill to master when working in GRC. Now, let me preface this with a big caveat: I'm not going to pretend I'...

4 minute read
We Can’t Train Everyone. That’s the Truth.

We Can’t Train Everyone. That’s the Truth.

Originally published 2025-05-28 on thisisgrc.com. Every few weeks, I come across another frustrated post from someone trying to "break into cybersecurity". The story is familiar: they’ve done the bootcamp, passed a certification, maybe ...

5 minute read
GRC is Technical

GRC is Technical

Originally published 2025-05-14 on thisisgrc.com. I’m about to say something that might ruffle some feathers. But here it is: GRC is technical and it’s high time we stopped pretending it’s not.This may sound harsh to some. I’ve heard th...

4 minute read
Next ›