Breaking In, Standing Tall: A Rookie’s Guide To Confidence In GRC - Funke Omolere

Quick show of hands. Um if there's anyone here that ever felt um they didn't belong in cyber security. Is there anyone sometimes feel like that? Exactly. My name is Funk and I didn't start in um cyber security. I study sociology. Uh but right now um and my first role is in GZI and I'm sure a lot of people ask me that questions. How do you get there? What did you do? How did you get into um cyber security? And I always say your background is not a barrier. Not a technical start. you know people always think about it like this is not a limitation for you not starting or not having that technical background um it

it just sharpens your perspective you have to understand exactly what you're looking for when it comes to cyber security then critical thinking is part of it if you have that critical mindset you think about a lot of things you ask questions you know um [laughter] you ask a lot of questions And yeah, you you belong here. Um, growth mindset. This is so key. If [clears throat] no matter what you're doing at the moment, whatever you do, you need to have that growth mindset. Either way, growth mindset is so key, curiosity, willingness to know things, willingness to um, you know, to ask questions to do different things. So, your background is not a barrier. So if you're looking to

go into cyber don't think about your background but just have this set have this you know curious mindset ask questions understand how do you get there when you learn early in GC no one expect you to know everything so if you have that mindset no one except no matter how good you are you can learn everything in a day my first um role in Sabah was isogen 7,0001 analyst and my company I did um the the company I work for then they were looking to do is 70001 and it's something I haven't done before and I was thinking I'm the lead on this role I need to know what to do I need to ask right questions I need good

communication with different stakeholders how do I do this I've done I 701 um exam leading implement. So all these things just keep coming. How do I understand? What do I need to do? So that's your day one reality. What really matters is understanding the system, the people. These are key. You're into you're in an organization and you want to understand what people do. You want to understand the system. What exactly does like how her decision made? These are also key. Um learning from your mistakes. this errors you you make mistakes but the most important thing is to know how to you know learn from it then I'm talking about building real technical confidence you know I talked

about you don't have to be technical to join or to do cyber security but at the same time you you know you get to an organization you work with engineers um they tell you things you look at controls and you're wondering what does This control say what exactly am I looking for? How do I talk to someone in change management or infrastructure? What exactly are they doing here? Exposure practice you know confidence um emerges through consistent answer and experience. This is where you ask questions. What exactly is this country saying? What are in engineering? What exactly are they doing? So those questions you you you ask learn from engineers sit with technical teams understand their

process talk to them what exactly are you doing here let me understand your process is so key if you understand the process I've done a lot of audits that I just g evidence I don't understand it I just g I send it out oh the auditors this is what they're looking for but why are they looking for this evidence what exactly this process. Are you sure you're sending the right evidence to the auditors? So, this is where you understand what you know engineers do. This is so key. Understand control intent. Controls um grasping the purpose behind control strengthens decision making. And I talked about that already. Looking at a control, all you want to do is what is

this control saying? Do we have this in place? technical people, engineers, they do their own thing, but from your own perspective, this is what we're looking for. This is what [clears throat] I need you to do. This is what this is. You set expectations. They tell you what they do, but at the same time, you from that point of view, you see where the gaps are. So that really, really helps you. Collaboration is your superpower. This is key. You need to know collaboration is key. collaborate with different teams. I work with engineers, legal depending on the project you're working on. You can't do it in isolation. It's so key. Partnering with engineering, this is this is key. Um also share

context, provide clarity is very key also. If you're telling me I need this, what exactly are you [clears throat] looking for? Why are you looking for that thing? So those things are important. It built trust. Trust is key. You do audit every year. You come, you meet them every year. How do you build those trust? Because you don't want to be that kind of person. They say, "Oh, she's she's back again." You don't want to be like that. So, building trust, setting those expectations are very key. I'm talking about modern jeaning. Um, no. We gather evidence, screenshots, things like that. But right now, things are changing. We're looking at automation. We're looking at ways we can automate

our process. You know, this is where GC is going. And I'm sure a lot of you you read about GC engineering. What does that even mean? You know, automation. We we talk about AI. Now, we need to start thinking about different processes. How can we automate our process? What exactly are we doing right now that we can automate? What is that process that takes our time? How can we automate it? How can we talk to automation team or engineering team like we can automate this process? So when you're in GC, you're not technical but you still work with them and also find ways you can automate those processes. So it's not you know vigorous for you.

Human judgment. This is still important. A lot of people think, "Oh, he is here. It will take my job." But there's still that human loop. No matter how good a is, you still, you know, the controls. You know the reason why you want this in place there, we still need women. We still need people that can say, "Yeah, this is what we're looking for.

More jealous in mindset, your strength matters, you know, clarity, communication, analytical thinking, analysis skills. These are so important. Curiosity, be curious, ask questions. It's it's okay. Look beyond checklist. Um, I posted a a post on my LinkedIn starting GLC. I don't ask questions. I don't understand what I'm doing. But right now, you need to understand what you're doing. It's so important. Understand the controls. Understand why this is needed. Understand the processes. It's okay. Your unique perspective becomes powerful. Your background make use of that irrespective of where you're coming from. Standing tall in your career, understanding over perfection. Confidence grows through genuine comprehension, not flawless execution. Don't overthink things. You can do anything. You put your mindset to we

learn. Um the guy that spoke recent last was saying something about put your mind to it. whatever it is. He said he works in, you know, um um he's a waiter or there about, but now he's in red team and you be wondering like why, how, what's your mindset. Ask better questions. Ask good questions. Collaborate. You have a project you're doing, collaborate with everyone, anyone you know you're doing this project, legal, engineers, infrastructure, either way. Learn continuously. For me, learning is so key. No matter how you are, where you are, you have to learn. Your presence matters. Are you sure? In meetings, you set up meetings with people. You have to be there early. They

need to know you, you know, you're always on time. You don't set up meetings that people are waiting for you. It matters. Send them meeting notes after the meeting, you know, things like that. let them know um is important especially what you're doing. So the message I take with you is stand tall on your journey with confidence. Don't think too much about I don't have technical background because you can actually get all those things. Stay curious. Keep asking the right questions. Learn intentionally. Learning intentionally means this is what I want to do and this is how I want to do it. When you know what you want, you learn intentional. You're not learning but you're very intentional

with your learning. You have a road map for what you want to do. Things are changing. So be don't be static. It's so important. We're all talking about here right now. What are you doing in your organization? How can you make use? It's not about writing exam, but how do you put that into um what you're doing? So that's the meaning of like you be intentional about learning, lead forward, jazz, you you know your clarity, your collaboration, your courage. Thank you. [applause]

Huge thanks for that. Uh, do we have any questions anywhere? Right. Here we go. >> Yeah.

>> I um yeah, not from a technical background. I did um some training thanks to my husband. um is um is into cyber security and um he's been training people. Uh I was doing project management. So uh and I realized they trained people that are not even doing project management. They're getting cyber roles. And he just said try the training and I did a training. I fell in love with GLC and I said this is what I want to do. I did my ISO 701 and that's how I started uh my journey and I kept learning from there. Thank you. >> Sure. Um still even on training um in this era where there's a lot of things

to learn, right? There's AI, there's cyber, there's a lot of things. How do you filter the noise to create a road map that's tailored for what you want to achieve? >> That's a good question. Um, I keep telling people there's so much out there. Um, it's so important to know what you really want. I spoke to my manager yesterday. Uh, we're talking about AI and he said something next year I want you guys to write an exam like any exam on AI and the question I asked him was what sort of exam do you think we should? He said honey like because at the end of the day look at what you're doing. They have to understand your role

in the organization. Then if I do this exam will actually help me for example you're leading ISO 4201 in your organization or you're about to start that project okay maybe I should do IS4201 lead implement or lead auditor that would help me I know what I'm looking for so that is so you understand where you are and where you want to be because what you want to do is you want to write an exam that would help you in that organization you just don't want to write any exam or you're working on cloud and you're saying okay let me do AWS you know the hey practitioner let me start with that to understand cloud so it depends on what

you want and your road map so that would help you so you're not going overboard amazing thank you oh got another question down there [sighs] >> um what's your opinion on some of the comments people say that a role in jersey isn't entry level. >> A roll in jersey isn't >> entry level is not is not an entry- level position. >> People say that I mean you know when we say GLC it all depends. So people should not have that mindset like you're entering GLC as an entry level. You cannot enter any role as an entry level. It depends on what you're doing. It depends on where you are at the moment. So, it doesn't have

to be GC. There are some rules that entry level in cyber security. Cyber security is is wide. But what I want people to know is when it comes to GC, don't have that mindset like, oh, okay, I'm not going to do anything technical. Even though you're not technical, but have an open mind like I'm willing to learn. You don't have to be technical but have that mindset like I'm willing to learn to [clears throat] understand or to work with engineers because engineers does not know all this controls governance things like that but you do. So how do you meet them in the middle so it's just that mindset when you have that mindset willing to learn technical things you'll

be fine. Another question right on the front. >> Um, great presentation. Um, what I got from your presentation, uh, whenever you come into a company and you don't know too much what's going on, take notes on stuff to help you get so cyber security. Is there any other resources that you recommend where people can probably work upon it in their head or go to to get on terms that engineers maybe have uh have spoken to you in meetings or concept or modules that you might find in >> um what I usually do is let's say I'm [clears throat] working on a project and I don't understand two things I research, I just go on Google just to

understand it. If I have friends in engineering, I meet with them or set up another call with those engineers and say I need to understand this. What I usually do also before a project, I research it. I understand the project. If I don't, I meet with the engineers to set those expectations. What exactly is this? But one thing is I go online, Google your friend. I go on Google then LinkedIn is there. There's so many so so many. But one thing I usually say is have that mindset to research. It's okay. You research and you see it or you even see someone doing the same thing on LinkedIn. Reach out to them and ask us

questions. That's what I do. >> Thank you. >> Any other questions? Going once, going twice. No. Thank you very much indeed. >> Thank you very much.