Getting the f***k out of GRC!
Hello, everyone!
I write this seeking advice from those that were in GRC and got into a more technical role (others are also more than welcome) because I fucking HATE the job/work. I provide mainly support, by researching norms and developing documents accordingly and that's it. I hate it. I can't wait for the weekend to arrive and I dread when the week arrives. I'm not learning anything new and feel stuck/stagnant. I WANT OUT!
For context, I'm a mid-thirties European guy with a non-technical degree that took a professional one-year course on cybersecurity. Learned the basics, alongside programing (pyhton and C++), linux and windows and got a job in the GRC department. Thought it would be a good stepping stone into the industry and, after a year, I regret it. I want something more challenging and dynamic.
I'm considering, possibly, a move into SOC or Forensics (I like the investigative side of security) and am brushing up on the basics by doing CS50 and studying for the CCNA to start getting a few certifications under my belt, in order to compensate for lacking a technical degree.
So, want do you think? Is there hope for me?
Also, how did you get out and what steps did you take? Besides CCNA, what other certifications would be valuable in the long run and what other resources would you recommend?
*Further context - We're a team of four and I'm the junior. We have several clients and my colleagues are all busy to teach me the proper ropes and the boss is more concerned with time allocation than providing some support. After a year on the job, all I've done is read documentation, develop documentation and create checklists, having no empirical experience or contact with clients/audit, which is why I'm considering a move. It's not a 9-5 job and, despite working after hours a lot of the times, and being stressed out because the boss wants the work for yesterday, I'm tired and bored of the work itself, which isn't what I studied, like troubleshooting, finding vulnerabilities, secure networks, etc.
Reading some of your inputs, I now realize that I wasn't provided the adequate introduction to the GRC area. I'm not evolving or learning anything and the problem lies with the company itself.
But I still want move forward with the technical route, so please, keep providing your inputs. The more I know, the better!