"GRC Stewardship" starts with serving a good cause: Keeping YOU Safe!
When preparing documentation and GRC policies to help defend the confidentiality, integrity and availability of assets and network security operations for any organization, we as cybersecurity professionals must immerse ourselves in the continuous process of learning, information security risk assessment and balancing network security data against business priorities, all while trying to create something that makes sense and can be adopted by anyone.
Tech-writing in the field of Information Security Risk Management isn't rocket science, and most anything you come across has already been written somewhere. The key is understanding what YOU are likely to face and how to manage those risks and potential compromises before they impact your livelihood.
Our job isn't to be front and center, or to keep our bylines out in front of the public. Cybersecurity professionals identify what risks and compromises are going to impact your operations, help you resolve your cybersecurity gaps, and then slip quietly back into the shadows.
It's not about bylines and ego, it's about helping YOU ensure that what you have built isn't going to get taken away by some threat, disaster, or some goober sitting in his mother's basement, drinking Mountain Dew in front of a keyboard. --Drew Blandford-Williams
