Bonus Episode 5: How Do I Get Ready? School, Certs, and Skills

Lily Yeoh breaks down what you really need to enter GRC, from choosing between a degree or certifications to knowing which starter certs are worth your time. She explains how to get hands-on experience before your first role, the soft skills that actually help you stand out, and the one practical skill that’s shaped her own career. This episode gives you a clear, grounded starting point for building a future in GRC.1. GRCP — GRC Professional⁠OCEG⁠-Great intro to governance, risk, compliance, ethics, and audit basics.2. CCEP — Certified Compliance & Ethics Professional⁠SCCE⁠-Focuses on compliance, ethics, investigations, and corporate policy.3. ISO 31000 Risk Management Certification⁠Various accredited bodies⁠-Covers organizational risk frameworks and is accessible without technical depth.4. CompTIA Security⁠CompTIA⁠-Security fundamentals that support GRC roles tied to IT and cybersecurity.5. CGRC (formerly CAP)⁠ISC2⁠-Intro to governance, risk and security authorization. Good for early GRC careers.ADVANCED LEVEL CERTIFICATIONSThese require experience, deeper security knowledge, or exposure to audit, risk, or governance functions.6. CISSP — Certified Information Systems Security Professional⁠ISC2⁠-High-level security governance, risk, architecture, and leadership.7. CISA — Certified Information Systems Auditor⁠ISACA⁠-The gold standard for audit, controls, and assessment work inside GRC teams.8. CRISC — Certified in Risk and Information Systems Control⁠ISACA⁠-Focused on IT risk, business risk, mitigation, and control design.9. CISM — Certified Information Security Manager⁠ISACA⁠-Security governance, program management, and risk management at scale.10. CGEIT — Certified in the Governance of Enterprise IT⁠ISACA⁠-Enterprise-level IT governance, strategic alignment, and performance risk.