Table of Contents
Want to add something impressive to your GRC portfolio? Build this.
This isn't just a tutorial - it's a hands-on project that will teach you n8n workflow automation, API integration, AI prompt engineering, and how to conduct a NIST-aligned risk assessment on your own tooling. By the time you're done, you'll have a working system and portfolio-ready artifacts that demonstrate real GRC skills.
It's called GRC News Assistant 3.0.
Version 1 came from Dr. Gerald Auger in August 2024, then I collaborated with him about a year ago for version 2 doing some vibe coding with Cline.
This was right before the term "vibe coding" was coined, and before a cooler Cline-like tool called Cursor became the fastest SaaS company in history to reach $100 million in annual recurring revenue.
Why This Matters for Your Career
When you build this project, you're not just getting a news tool. You're getting:
n8n workflow automation - A skill appearing in more job descriptions every month
API integration experience - Anthropic, Notion, RSS - real-world system integration
Risk assessment practice - NIST-aligned assessment of your own tooling
Portfolio proof - A working project you can demo in interviews
This is the kind of initiative that can separate "I know GRC" from "I build solutions."
What's New in Version 3.0
No longer Python-based script requiring manual execution with output into a csv, v3 brings the following features:
Fully Automated n8n Workflow: Runs daily at 5 AM without intervention
Multi-Source RSS Aggregation: Use my list of CISA Advisories, Simply Cyber, Daniel Miessler's Unsupervised Learning, CISO Series, or set your own
AI-Powered Tier System: S-Tier to D-Tier ratings using Claude AI
Smart Labeling: 30+ GRC-specific labels automatically applied
Notion Database Integration: Rich metadata, searchable, filterable
Quality Scoring: 1-100 relevance assessment
Business Context Focus: Prioritizes business-friendly security content over purely technical pieces
Still Powered by Fabric's Intelligent Rating System
GRC News Assistant 3.0 leverages Daniel Miessler's open-source Fabric project, specifically the label_and_rate pattern that brings sophisticated content evaluation to our workflow.
Tier | Priority | What It Means |
|---|---|---|
S-Tier | Must consume immediately! | 18+ actionable ideas with strong GRC theme matching |
A-Tier | Should consume this week | 15+ ideas with good business relevance |
B-Tier | When time allows | 12+ ideas with decent applicability |
C-Tier | Maybe skip | 10+ ideas, some relevance |
D-Tier | Definitely skip | Minimal value for GRC professionals |
The AI evaluator specifically looks for content that helps you:
Translate technical risks to business language
Build security awareness programs
Advance your GRC career
Demonstrate security value to executives
Simplify compliance requirements
Bridge the gap between security teams and business objectives
Installation Guide
Let's walk through setting up your own GRC News Assistant 3.0. Don't worry - while it might look complex, each step is straightforward.
⏱️ Estimated Setup Time: 45-60 minutes
Monthly Cost: ~$3-8/month for Anthropic API (processing ~20 articles/day). Notion and Docker are free.
Prerequisites
n8n account (self-hosted or cloud)
Notion account with API access
Anthropic Claude API key
Docker (for local installation)
Step 1: Set Up Your n8n Environment
Option A: Using Docker (Recommended for beginners)
# Clone the repository
git clone https://github.com/yourusername/GRC-News-Assistant-3.0.git
cd GRC-News-Assistant-3.0
# Start n8n with Docker Compose
cd n8n
docker-compose up -d
Option B: n8n Cloud If you prefer not to self-host, sign up for n8n Cloud and skip to Step 2.
Once running, access n8n at http://localhost:5678
[SCREENSHOT 4: Full n8n workflow showing all nodes connected]
Step 2: Create Your Notion Database
This is where your curated news will live. The database structure is crucial for the workflow to function properly.
Create a new Notion database with these exact properties (names and types must match):
Property Name
Type
Purpose
Title
Title
Article headline
URL
URL
Link to original
Labels
Multi-select
GRC categories
Rating
Select
S/A/B/C/D Tier
Quality Score
Number
1-100 relevance
Summary
Text
One-sentence summary
Published Date
Date
Original publish date
Processed Date
Date
When analyzed
Source
Select
Which RSS feed
Snippet
Text
Article excerpt
Rating Explanation
Text
AI's reasoning
Configure Select Properties with these exact options:
Rating: S Tier, A Tier, B Tier, C Tier, D Tier
Source: CISA Cybersecurity Advisories, Simply Cyber Newsletter, Daniel Miessler, CISO Series
Get Your Database ID:
Open your database in Notion
Look at the URL:
notion.so/[workspace]/[database-id]?v=[view-id]Copy the database-id portion (it looks like:
2ad7a039-2c8d-803f-9216-edaebebf4419)
Share with Integration:
We'll create the integration in the next step
Come back and share your database with it
Step 3: Set Up Notion Integration
Navigate to Notion Integrations
Click "New Integration"
Configure with these settings:
Name: GRC News Assistant
Capabilities: Read, Write, Insert content
Associated workspace: Your workspace
Copy the Internal Integration Token (starts with
secret_)Important: Go back to your Notion database, click Share, and add your integration
[SCREENSHOT 5: fabric:clean_text node configuration]
Step 4: Get Your Anthropic API Key
Visit Anthropic Console
Create an account if you haven't already
Generate an API key
Save it securely - you'll need it in the next step
Step 5: Import and Configure the Workflow
This is where the magic happens. The workflow file needs some personalization before import.
Prepare the Workflow File:
Open
n8n/workflows/GRC_News_Assistant_3_PUBLIC.jsonin a text editorReplace
YOUR_NOTION_DATABASE_IDwith your actual database ID (appears 2 times)Save the file
Example replacement:
// Before: "value": "YOUR_NOTION_DATABASE_ID", // After: "value": "2ad7a039-2c8d-803f-9216-edaebebf4419",Import to n8n:
In n8n, go to Workflows → Import from File
Select your modified JSON file
The workflow will import (credentials will be disconnected - this is normal)
Connect Your Credentials:
For Notion:
Click on the "Create a database page" node in the workflow
Click "Create New" for credentials
Paste your Internal Integration Token
Save and test the connection
For Anthropic:
Click on both "fabric" nodes in the workflow
Create new Anthropic credential
Add your API key
Save and test
Step 6: Test Your Setup
Click "Execute Workflow" to run manually
Check your Notion database - you should see articles appearing
Review the execution log for any errors
If everything works, activate the workflow for automatic daily runs
Keeping Your Installation Updated
To maintain security, periodically update your n8n Docker image:
# Pull the latest n8n image
docker pull n8nio/n8n:latest
# Restart your container
cd GRC_News_Assistant_3/n8n
docker-compose down
docker-compose up -d
Your workflows and credentials are persisted in Docker volumes, so updates won't affect your configuration.
Understanding Your Results
Once running, your Notion database becomes a powerful GRC intelligence hub:
The Dashboard View
Create filtered views in Notion to maximize value:
"Top Developments" View:
Filter: Rating = S Tier OR A Tier
Sort: Quality Score (descending)
Group by: Labels
"Weekly Review" View:
Filter: Processed Date = This Week
Sort: Rating (S to D)
Perfect for Friday planning sessions
"Compliance Focus" View:
Filter: Labels contains "Compliance" OR "Regulation" OR "Audit"
Essential for regulatory updates
Making Sense of Labels
The system applies 30+ labels automatically. Key categories include:
Strategic: Governance, Leadership, Framework, Policy
Operational: Risk, Incident, Breach, Vendor
Development: Career, Training, Awareness
Technical: CloudSecurity, Automation, AITools
Compliance: GDPR, ISO, NIST, SOC
Pro Tips for Maximum Value
1. Customize Your Sources
While the default RSS feeds are excellent, you can add industry-specific sources:
Add a new RSS Feed Read node
Create publication date checker
Connect to the merge node
The AI will automatically adapt to new content types
2. Adjust the Fabric Patterns
The workflow uses two Fabric patterns from Daniel Miessler's project that you can customize:
fabric:label_and_rate node - Contains the AI evaluation logic. Modify it to:
Emphasize specific frameworks (NIST, ISO 27001)
Focus on your industry vertical
Prioritize certain risk domains
Adjust rating thresholds
Add custom labels relevant to your organization
fabric:clean_text node - Preprocesses content for better AI analysis. The modified version:
Removes unnecessary formatting
Extracts key content
Prepares text for consistent evaluation
You can explore other Fabric patterns to enhance the workflow further.
3. Create Notion Automations
Leverage Notion's automation features:
Send Slack notifications for S-Tier content
Create weekly digest emails
Auto-assign articles to team members
Generate monthly metrics reports
4. Time Window Optimization
Default settings check:
CISA: Last 3 days
Simply Cyber: Last 10 days
Others: Last 3 days
Adjust based on your consumption patterns in the "Check Publication Date" nodes.
Security Considerations
As GRC professionals, we should practice what we preach. Running automation tools on localhost comes with risks worth understanding.
Why Docker?
This workflow runs in Docker containers rather than directly on your machine. Docker provides:
Process isolation from your host system
Limited filesystem access (container can't see your SSH keys or browser sessions)
Easy updates via image pulls
~40-50% risk reduction compared to running n8n directly on localhost
Key Risks to Understand
Risk | What Could Happen | Mitigation |
|---|---|---|
Supply Chain Attack | Compromised npm package in n8n installs backdoor | Keep n8n updated, monitor security advisories |
Prompt Injection | Malicious RSS content manipulates AI behavior | Using trusted sources (CISA, Simply Cyber) reduces likelihood |
API Credential Exposure | Keys leaked through logs or container layers | Use n8n's encrypted credential store, rotate keys periodically |
Want More Isolation?
For higher security posture, consider:
Virtual Machine: Run Docker inside VirtualBox/UTM (~65% risk reduction)
n8n Cloud: Let n8n handle security (~85% risk reduction, ~$20-50/month)
I've created a full NIST SP 800-30 aligned risk assessment for this project - it's a great portfolio piece that demonstrates GRC thinking applied to your own tools.
Bottom Line
Here's the deal: You're getting bombarded with security content every single day. CISA alerts, vendor blogs, threat intel reports, LinkedIn posts - it never stops. And you know what happens? You either spend hours trying to keep up, or you miss something important. Neither option is acceptable if you want to be effective in this field.
GRC News Assistant 3.0 helps with that problem. You wake up, your S-Tier content is waiting, and you know exactly what deserves your attention that day.
But here's what I really want you to take away from this: building this thing is more valuable than using it.
When you stand up this workflow, you're not just getting a news aggregator. You're learning n8n automation. You're working with AI APIs. You're integrating systems. You're doing a risk assessment on your own tooling. These are real, marketable skills that will set you apart in interviews and on the job.
And that's what this is really about - continuous improvement of your craft. The best GRC professionals I know aren't just consuming content, they're building tools, automating the mundane, and freeing up their time to do the high-value work that actually moves the needle.
So clone the repo. Get it running. Break it. Fix it. Make it your own. Add your own RSS feeds. Customize those Fabric patterns for your industry. Then put it in your portfolio and talk about it in your next interview.
Because at the end of the day, this isn't about the tool - it's about demonstrating that you can take initiative, solve problems, and make yourself more effective. That's what gets you hired, promoted, and respected in this field.
Now go build something. 🙌
