Hacker Mindset in GRC: Insights, Tips, Resources

Catch my insights, tips, and resources from a live interview on the hacker mindset in GRC—full recording and takeaways below!

Hacker Mindset in GRC: Insights, Tips, Resources
Disclaimer: I have linked many resources that I found valuable in my journey. These are not affiliate links and I do not benefit from your clicks. Feel free to explore what worked for me or go find what works for you.

Recently, I had the exciting opportunity to be interviewed by Chris Whitlock at StudyGRC during their weekly meeting. This interview was special for two reasons: it was my first time on camera in this capacity, and we went live at Wild West Hackin' Fest (WWHF) - a yearly cybersecurity conference organized by Black Hills Information Security.

WWHF changed everything for me... but more on that in a future post. Before the interview, I prepped by writing out my responses, and now I want to share those thoughts with my community.

The energy at the conference was incredible, and with so much happening, it was hard to stay on track with what I originally wrote! We went a bit off course, but that's the fun part—if you missed the live stream, I’ve linked the recording at the bottom of this post.

Now, let's dive into the interview...


1. What motivated you to pursue a career in InfoSec? 

I got into InfoSec because I was feeling stuck in my previous job and wanted more opportunities for growth. In my early 30s, I realized I didn’t want to stay in the same role forever—I wanted to keep learning and improving. My cousin introduced me to TCM Security, and I was hooked by the idea of working in a field that’s always changing. Plus, I love the idea of helping people stay safe in today’s digital world.

2. Which resources or learning platforms did you find most valuable during your self-study journey? 

The Google Cybersecurity Certificate is great if you're new to IT or cybersecurity as a high-level introduction to foundational knowledge. For hands-on technical skills, TryHackMe is perfect for beginners, move to Hack the Box after you feel comfortable with TryHackMe. TCM Security also has amazing free content on YouTube, and they recently launched a free tier within the TCM Academy. I can’t forget Antisyphon Training’s pay-what-you-can courses or their free webinars! Check out their schedule!

For Security+, I used Professor Messer’s YouTube channel, Slay Security+ Discord, and Darill Gibson’s study guide. The Pocket Prep mobile app is great for practice questions and getting into the right mindset while studying for the exam.

For GRC, Gerald Auger’s The Definitive GRC Analyst Master Class is a solid resource. Although I started out studying for a role in pentesting, those technical skills—including writing my own pentest report—really helped when I switched to GRC.

Also, find a good note-taking system that works for you, whether it's Notion, Obsidian, or just a notebook. Keeping things organized is key! There’s plenty to study, don’t waste time learning a new note-taking application. Use what works for you!

3. What's your method to balance personal, work, self-study, etc.? 

Balancing everything can be tough, but I always put my family first. Life’s too short to miss out on important moments, and while a company can replace you, you’re irreplaceable to your family.

I also focus on prioritization—what absolutely needs to get done today versus what can wait. Sometimes, it means letting go of things that don’t align with my current goals, like a career in another industry.

Setting clear, SMART goals (Specific, Measurable, Achievable, Relevant, Time-bound) really helps me stay on track. It’s all about making sure your priorities match your goals. 

4. What was the most surprising or unexpected aspect of the InfoSec industry? 

What really blew me away was the InfoSec community. The kindness and willingness to help others succeed is incredible. People here genuinely care about your growth and well-being, and that kind of support was unexpected but amazing.

I wouldn't be where I am now without the support system I've grown within this community. You know who you are—and I appreciate each and every one of you! When you find your people, it's simply one big happy family!

5. What's the biggest misconception you had about the InfoSec industry before entering it? 

Honestly, I had no idea what I was getting into when I started transitioning into InfoSec—it was all unfamiliar to me. But I’m so glad I took the leap! It’s been one of the best decisions I’ve ever made for my career. 

6. What advice would you give to others considering a similar path?  

My advice is to find your own path—there’s no one-size-fits-all way into cybersecurity. Take advice from others but do your own research and figure out what works best for your life. It might take some trial and error, but if something’s working for you, don’t change just because someone else says it’s wrong.

Also, do what you love. Life’s too short to be stuck in a job you hate. If you start in cybersecurity and realize it’s not for you, or you chose the wrong path, that’s okay! Keep pivoting until you find something that fits your passions and lifestyle.

7. How do you stay current with the rapidly evolving threats and technologies in InfoSec? 

When I can, I start my day with Gerald Auger’s Daily Cyber Threat Brief. But honestly, it’s impossible to stay 100% up to date all the time—life happens. The key is to do your best and focus on what’s relevant to you.

What industry are you in, and what tools do you use every day? Stay up to date with the threats and technologies that apply specifically to your role or the role you want to be in. There are plenty of email newsletters and live feeds that can help you stay informed on what matters most. 

8. Is there anything you would've done differently during self-study and upskilling knowing what you know now? 

If I could do it over, I’d tell myself to lose the imposter syndrome. Your previous non-IT experience can be relevant if you make it so. You’re good enough, and with the right mindset and perseverance, you can succeed.

Don’t spend money you don’t need to. There are so many free resources out there—use those first! You don’t need the most expensive degree or certification to break into the industry. Invest your money in the CompTIA Security+ and a good study guide. Then, invest your time in learning and practicing those foundational skills. You can worry about spending more after you land that job.

Lastly, get outside of your comfort zone and "go make a friend". Put yourself in a [hypothetical] room full of others who are smarter than you. If you ever see yourself as the smartest person in the room—humble up and go find a new room!