A Course That Addresses a Major Gap in Industry

Course Overview

Welcome to the Governance, Risk, and Compliance (GRC) Analyst Master Class. This class assumes no prior background knowledge and is setup to give you a full scope understanding and the practical skills needed to be an effective GRC Analyst.

Cybersecurity workforce development is focused on red team and blue team skills, but GRC is terribly underserved for training.

This course fills that gap by offering practical application of risk, audit, policy development, and security awareness skills needed for modern GRC analysts.

In this course, we will cover:

  1. An IT primer. While you don’t need to have prior IT experience, you will need to know some fundamental IT concepts to properly apply the GRC skills you learn.

  2. GRC as an information security capability. If you are going to be a GRC analyst you need to understand how the role fits into the larger information security office and how it interfaces with the business.

  3. Compliance and Audit work. A great starting point for any GRC analyst, we begin with why compliance exists and why businesses need it. We then deliver on the audit work around compliance and share a practical audit lab.

  4. Practical Security Awareness. An often undervalued skill, you will learn how to make effective security awareness content that engages your end user community and reduces cyber risk. You will use a collection of tools to develop a security awareness briefing in a lab.

  5. Cybersecurity risk. This is the bread and butter function of a GRC analyst and we spare no expense and going deep on this topic. You will learn what risk is and how to calculate it. We will assess risk in a lab to show you how you too can properly understand any business’s cybersecurity risk.

  6. Instructional Governance work. Governance is critical to adoption and business buy-in. This section will teach you about policies, procedures, and standards. We cap it off by writing a policy from scratch in real time so you can too!

  7. Getting a GRC Analyst Job. What good are these skills if you can’t get paid to use them. This section breaks down all the aspects of how to go about getting a GRC Analyst job.


It’s important to note the lecture videos are a collection of produced “lecture” style vides, and livestream “in-the-moment” style videos. Each has its own strength, but all of them will deliver value and excellence in the ultimate goal of understanding and executing as a GRC Analyst!

Course curriculum

  1. 1

    • 0.1 Welcome to the Course and Expectations

    • 0.2 Suggested Student Schedule

    • 0.3 About Your Instructor

    • 0.4 Prerequisites and Course Resources
  2. 2

    • 1.1 Introduction

    • 1.2 Cybersecurity Primer Baseline Assessment

    • 1.3 What is Cybersecurity?

    • 1.4 What does a GRC Analyst do?

    • 1.5 Where does a GRC Analyst Fit in the Cybersecurity Picture?

    • 1.6 Understanding Technology

    • 1.7 Understanding Threats

    • 1.8 Quiz- Cybersecurity Primer

    • 1.9 Conclusion and Touchpoints
  3. 3

    • 2.1 Introduction

    • 2.2 Compliance and Audit Baseline Assessment

    • 2.3 Cybersecurity Frameworks

    • 2.4 Regulations and Compliance Standards

    • 2.4b SOC2 (Next Wave Content)

    • 2.4.c NIST RMF (Next Wave Content)

    • 2.5 Practical Auditing (Practical Lab)

    • 2.5b Audit Lab (Next Wave Content)

    • 2.6 Quiz - Compliance and Audit

    • 2.7 Conclusions and Touchpoints

    • 2.8 Resume Bullet Unlock
  4. 4

    • 3.1 Introduction

    • 3.2 Security Awareness Baseline Assessment

    • 3.3 Know Your Audience

    • 3.4 Tools of the Trade

    • 3.5 Let's Raise Awareness (Practical Lab)

    • 3.6 Quiz - Security Awareness

    • 3.7 Conclusion and Touchpoints

    • 3.8 Resume Bullet Unlocked
  5. 5

    • 4.1 Introduction

    • 4.2 Cybersecurity Risk Baseline Assessment

    • 4.3 What is Cybersecurity Risk? (1 of 4)

    • 4.4 What is Cybersecurity Risk (2 of 4)

    • 4.5 What is Cybersecurity Risk (3 of 4)

    • 4.6 What is Cybersecurity Risk (4 of 4)

    • 4.7 What is Threat Modeling?

    • 4.8 Let's Assess Risk! (Practical Lab)

    • 4.9 Quiz - Cybersecurity Risk

    • 4.10 Conclusion and Touchpoints

    • 4.11 Resume Bullet Unlocked
  6. 6

    • 5.1 Introduction

    • 5.2 Governance Baseline Assessment

    • 5.3 Policies

    • 5.4 Standards

    • 5.5 Procedures

    • 5.6 Let's Research and Write an Effective Policy (Practical Lab)

    • 5.7 Quiz - Governance

    • 5.8 Conclusion and Touchpoints

    • 5.9 Resume Bullet Unlocked
  7. 7

    • 6.1 Introduction

    • 6.2 Getting a GRC Analyst Job Baseline Assessment

    • 6.3 Finding a Job

    • 6.4 Setup and Tune LinkedIN

    • 6.5 Resume

    • 6.6 Interviewing

    • 6.7 Quiz - Getting a GRC Analyst Job

    • 6.8 Conclusion and Touchpoints
  8. 8

    • 7.1 Final Thoughts