GRC Consultant studying AWS. What doors or roles this could open for me in the future?

Lazy_RabbitLazy_Rabbit Security ConsultantVirginia, USAMember Posts: 3 ■■□□□□□□□□

I am currently a GRC consultant and have an opportunity to pursue AWS certifications through free training provided by a company partnership with a training vendor. I have some downtime, so I figured I'd study for the AWS Solutions Architect Associate and Professional certifications. Plus work pays for any relevant cert I choose to get under $500, since it can look good on proposals.

Besides simply growing my cloud knowledge, I am curious as to what benefits or advantages this certification might bring me. I know having this knowledge (especially in AWS) will be beneficial to my GRC work, but I am interested in how they may be helpful in the long-term and if these certification may open up different avenues in the future, that I should look into (thinking 1-2 yrs out).

For Context: My work as a GRC consultant covers a wide range of things like: risk assessments, business continuity planning, program development, audits, etc. I also have a secondary background in cyber threat intel. I am CISSP and CISA, too if that matters at all.

Comments

  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,340 Mod
    edited July 27
    Welcome to the forums!


    It's an excellent addition to you as a GRC consultant. Almost all projects now are in the cloud so this will help you understand cloud security controls better. You can ask the right questions when you do risk assessments, and you can find gaps in designs.

    It will make your job easier as you will have a better understanding of the technology that you assess :)
    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
  • Mike7Mike7 Member Posts: 1,103 ■■■■□□□□□□
    Agree with @UnixGuy

    Cloud have some unique features which are not available for on-premise infra and makes GRC easier; AWS features such as  CloudFormation for IaC (Infra as Code),  SCP (Security Control Policies) to enforce compliance (e.g. storage must also be encrypted) and as guard rails,  AWS Config for configuration management and automatic remediation, SSM (System Manager) for patching, EBS snapshots for forensics... etc.. 
     
    I suggest you go for the training with an open mind, and understand how these features can benefit your GRC work. 




  • Lazy_RabbitLazy_Rabbit Security Consultant Virginia, USAMember Posts: 3 ■■□□□□□□□□
    Thanks for the responses @UnixGuy@Mike7. I've been working through the early training for the SAA-C02 Exam and so far have enjoyed what I'm learning and doing some hands-on stuff, which I don't get to do much of in my current GRC consulting role. Hoping to wrap up this and the Solutions Architect Professional by end of year, then maybe tackle the Security Specialty cert.

    However, while I realize it can help me better assist clients that are using AWS, along with a better understanding of Cloud as a whole, I am also curious if these certs will help me move into something either more specialized or perhaps allow me to pivot/promote. I enjoy my GRC consulting role, but I do always like to have a better understanding of what my career options/potential paths are in the long-term (especially as I continue to play around with the AWS Cloud and learn some hands-on stuff).
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,340 Mod
    @Lazy_Rabbit honestly this is up to you. If you want to take your career to a technical role, the hands on certs will always help. If you want to continue to do GRC, the certs will only help/not harm.  You can street your career whichever way you want, the certs wont do that for you but they help. It depends on what roles you apply to, what opportunities you have available...and really which direction you want to push you career towards
    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
  • Lazy_RabbitLazy_Rabbit Security Consultant Virginia, USAMember Posts: 3 ■■□□□□□□□□
    @UnixGuy Thank you for the feedback! I'm really interested in the possibility of either branching into a cloud-specific security role next, with the ultimate goal being to move into a more managerial role eventually. I like the material and learning, but always wonder/worry about the ROI of chasing too many paths or certifications in this field.
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,340 Mod
    @Lazy_Rabbit Knowledge is always a good investment, I found that with getting into management or cloud or any specific role, keeping an eye on opportunity is the main thing. Talk to your boss and see if they have opportunity for you in you current firm. Or even apply to your desired role directly,  a lot of roles will take a chance on you to upskill in the area you're interested if you have the right background and attitude


    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
Sign In or Register to comment.