This is GRC

This Is GRC | Real Skills for Future GRC Leaders

All Our Latest Posts

When I Stopped Needing to Be Right

When I Stopped Needing to Be Right

Originally published 2025-05-01 on thisisgrc.com. When I first got into GRC, I thought my job was to be the expert. You know, the one with the right answers. The one who had the policy ready. The one who flagged the risk before it explo...

3 minute read
We can't build the cybersecurity workforce on passion alone

We can't build the cybersecurity workforce on passion alone

Originally published 2024-07-10 on thisisgrc.com. I recently attended the NSec, a major offensive security event in Montreal. I enjoyed myself. The event had free beer, a good DJ, and a bunch of security nerds willing to share their lat...

3 minute read
Security Needs Data: Insights From the Data Breach Investigation Report

Security Needs Data: Insights From the Data Breach Investigation Report

Originally published 2024-05-22 on thisisgrc.com. In security, numbers can deceive. If somebody tells you a given risk has an "82% chance of materializing", run. Nobody possesses such reliable data. Numbers give pseudo-experts a varnish...

3 minute read
Why Training Every Employee is Security Theater (And What Actually Works)

Why Training Every Employee is Security Theater (And What Actually Works)

Originally published 2024-05-01 on thisisgrc.com. You know that person everyone goes to with their tech problems? "My laptop's acting weird!" "Is this email sketchy?" "Help, I can't access the shared drive!"I love these interactions. As...

2 minute read
How to Balance Security and Privacy?

How to Balance Security and Privacy?

Originally published 2024-04-24 on thisisgrc.com. Can your employer's IT department view your internet browsing? Can they spy on you with their mobile device management software? I get this question commonly. The answer depends on the s...

3 minute read
Why security must not report to IT

Why security must not report to IT

Originally published 2024-04-17 on thisisgrc.com. Last week, I participated in a recruiting activity as part of an event. The highlight was having lunch with one of my former managers whom I hadn't spoken with in a few years. He inquire...

3 minute read
Cybersecurity is all about relationships

Cybersecurity is all about relationships

Originally published 2024-04-10 on thisisgrc.com. As of writing this, a colleague I hold dear announced that she was leaving the company for personal reasons. The news saddened me. I don’t believe in company loyalty. I believe we are lo...

3 minute read
Do you need to learn to code to work in cybersecurity?

Do you need to learn to code to work in cybersecurity?

Originally published 2024-04-03 on thisisgrc.com. Are you interested in a career in information security? It's normal to wonder how long you would spend learning different skills to get there, especially coding. But, allow me to be brut...

2 minute read
Why I Became a Cybersecurity Instructor (And What It Teaches About Breaking Into GRC)

Why I Became a Cybersecurity Instructor (And What It Teaches About Breaking Into GRC)

Originally published 2024-01-10 on thisisgrc.com. Every week, people reach out asking the same question: "How do I break into cybersecurity?" They're career changers, recent graduates, professionals stuck in dead-end IT roles all trying...

3 minute read
5 Horror stories about cybersecurity consultants (and how to avoid them)

5 Horror stories about cybersecurity consultants (and how to avoid them)

Originally published 2023-12-13 on thisisgrc.com. I seldom get mad at work. When I lose it, it always seems to involve consultants. I remember one time. Have you ever had one of these "summit" meetings between managers of 3-4 department...

4 minute read
‹ Prev | Next ›