Risk is at the Heart and Centre of GRC

Newsletter #001

Hey there,

Welcome to this first quarterly newsletter! As a reader, you can expect news, announcements, hot takes and insights on:

  • Breaking into Cybersecurity Governance, Risk & Compliance (GRC) from diverse backgrounds

  • Elevating your GRC skills, methods and mindset

  • Certification prep and other stretch assignment ideas for your Career Development Plan

This edition includes breaking news nobody else has seen yet and a roundup of some you might have missed, so keep reading!

Today's newsletter covers

👀 Sneek Peek: Simply Cyber GRC Masterclass - What I Learned about Risk Management

Sharing with you before the world. Later this week I’ll release part 1 of a 3-part series on what I learned in the Simply Cyber GRC Analyst Masterclass.

Haven’t heard of this course yet? I found it very helpful and placed it centrally in the GRC Certification Roadmap v1.0. One of my favourite takeaways from the course is that “risk is at the heart and centre of GRC.”

📣 Pre-Registration Open for my Sept 3 A/CCRF Course: Learn NIST CSF 2.0

Since hiring managers prefer to hire certified candidates, AKYLADE certs are also central to the GRC Cert Roadmap. As an authorized instructor for AKYLADE, I’m currently developing an online course that covers everything you need to know to pass the Akylade Certified Cyber Resilience Fundamentals (A/CCRF) exam.

Pre-register here to reserve your spot and get more details in coming weeks.

🗺️ Study GRC: Certification Roadmap Discussion

Thanks so much Chris Whitlock from the Simply Cyber community for hosting me on another live stream of Study GRC. If you have questions about the following, check out the discussion highlights video.

  • Which GRC training options to pursue

  • How to position your NIST CSF knowledge/experience to an ISO27001 based employer

  • What questions to expect in a GRC Analyst job interview

🤖 Augment Risk Assessments with AI: My Demo + New Network Chuck Fabric Video

I’ve talked a bunch since February about Why Cybersecurity GRC Professionals Should Get Hands On with AI, since joining the Fabric open source project by security guru, Daniel Miessler.

From 41 videos in my Fabric/AI playlist, here’s one to start with that augments Risk Assessments, called create_threat_model.

Last week I was excited to see the epic Network Chuck release a Fabric video. It’s a good intro that covers the philosophy of the project, how to augment your work and life with AI and how to get set up. Check it out and don’t hesitate to let me know if you have any questions.

🗣️ Got Feedback?

I value your interest and feedback greatly as we build this awesome community. If you have any questions, feedback or comments, feel free to leave them on my YouTube videos or reply to this email.

Thanks for reading and let’s get after it!


When you’re ready, here’s how I can help you:

  1. YouTube videos and blog posts

  2. Free GRC Skills, Methods, Mindset course

  3. Simply Cyber courses: register here and get my study notes

  4. Akylade NIST Cybersecurity Framework 2.0 Certifications: ask me anything

  5. Templates: GRC Analyst Career Development Plan template and more