Related Posts
More Posts
Additional Posts in Cyber Security Professionals
Hi Everyone,
Need your suggestions please
I come from a cyber strategy background with very little technical experience.
I want to make a shift towards Devsecops,
Could anyone please suggest what is the best way to build the needed skills /do projects online for the relevant experience?,
Thanks,thanks a lot in advance,!
Deloitte DEVOPS
Infosys
New to Fishbowl?
unlock all discussions on Fishbowl.




Any specific reasons you are switching to grc from vapt?
Your opinion Would help everyone.
Sure.
Tbh, I am not really interested in too much technical stuff. With one year span in vapt, I have derived sufficient knowledge in VAPT.
I am more interested in Risk Assessments, compliance Auditing etc.
Subject Expert
Same with me as well. I got bored now doing same VAPT. I need to broaden my skills.
Best way to switch is to get used to a framework and a standard. Start off with Nist csf and iso 27001. If you have the money I would suggest looking up dual certification as an iso 27001 lead implementer and auditor its usually a 2 week training with a reasonably easy exam at the end.
Reach out on DM if you want to discuss further
Subject Expert
Will the be too much of manual tasks in risk compliance and audit?
That's quite true. But it needs less efforts than VAPT.
All you need to do is assessing evidences against controls in most of the cases
Subject Expert
Need to go through current documents thoroughly then 🥺
Check what exactly the switch will demand of you, because one of my friends switched from GRC to VAPT claiming the work was too boring and uninteresting haha!