This is GRC
This Is GRC | Real Skills for Future GRC Leaders
All Our Latest Posts
Are You Prepared for Next-Gen Phishing Threats?
Originally published 2023-09-27 on thisisgrc.com. I hate to admit it: I was caught once by my company's phishing simulation campaign. I was late to pick up my kids, I knew my password was expiring, I entered my credentials. And the rest...
4 minute read
Centralized vs. Decentralized Security: My Professional Take
Originally published 2023-09-20 on thisisgrc.com. I attended a "lunch and learn" event featuring an established Chief Information Officer (CIO) a few years ago. The discussion centred around information security challenges in large ente...
4 minute read
Neurodiversity in Cybersecurity: How People with ADHD and Asperger's Find a Home
Originally published 2023-09-13 on thisisgrc.com. My nonverbal communication can be so awkward that I've often thought I had Asperger's syndrome. I never bothered to get "diagnosed". After all, what does it matter to get such a label wh...
3 minute read
The Cyber Threats in Universities Nobody's Talking About
Originally published 2023-09-08 on thisisgrc.com. This week was the back-to-school frenzy. These days, with four boys, the whirlwind is all about survival for me: kindergarten, primary and secondary school simultaneously. This chaos bre...
5 minute read
10 Harsh Truths About Cloud Security
Originally published 2023-08-30 on thisisgrc.com. I completed over 400 cloud third-party risk assessments. Working for a cloud vendor, I also participated in over 200 due diligence processes. I'm on both sides of the fence. This positio...
7 minute read
Why is security so expensive?
Originally published 2023-08-23 on thisisgrc.com. It was a challenging customer audit. The customer wanted us to have a specific piece of security technology. My attempts to explain how the alternative measures we had in place met the s...
4 minute read
Why the Media Should Stop Reporting on Security Breaches
Originally published 2023-08-16 on thisisgrc.com. A crucial part of my job involves advising incident responders about the definition of a "security incident". This is not as straightforward as you think! Sure, ransomware is easy to ide...
4 minute read
Common Security Analyst Mistakes to Avoid
Originally published 2023-08-09 on thisisgrc.com. Let me tell you a horror story about a security consultant. That person had been hired for a specific mandate. By the end of it, people were actively running away from him. They asked ot...
4 minute read
How much does a security breach cost?
Originally published 2023-08-02 on thisisgrc.com. "We wouldn't want our payroll information leaking and everyone to know their colleague's salaries!" This is one of the most frequent remarks I hear when discussing security with senior l...
4 minute read
Why "Just hire entry-level cybersecurity professionals and train them" isn't as easy as it seems
Originally published 2023-07-26 on thisisgrc.com. We have all seen these absurd job postings. Entry-level cyber security analyst: three years of experience is required. This is beyond frustrating. Newsflash: I’m not about to defend them...
6 minute read