Bridging the Gap: The Journey into GRC for the Military-Connected Community

In a recent interview, I had the pleasure of discussing the unique transition from military service to the world of Governance, Risk, and Compliance (GRC) with Jonathan Fisher, a seasoned veteran who mentors through Veterati and holds the Governance, Risk Management, and Compliance Professional (GRCP) certification from OCEG. Jonathan is an active mentor in the veteran community and uses various advocacy pathways to mentor, coach and advise transitioning service members, veterans, and military spouses. One of the platforms he uses to reach the military-connected community is called Veterati.

More on Jonathan Fisher

Jonathan served over 20 years in the Army and has served as a cargo helicopter repairer, Flight Engineer on the Ch-47 Chinook helicopter, and Unmanned Aviation System (UAS) Maintenance supervisor. While transitioning from the Army at the end of 2021, Jonathan took advantage of the DoD Skillbridge program to be an IT Audit intern with a startup compliance firm and became a full time employee after leaving the military. He currently works as a cybersecurity policy analyst for cloud services with the Idaho National Laboratory where he provides cloud service recommendations to the Department of Energy through vendor risk management and security assessments. He provides mentoring to the military community through Veterati and also serves as a readiness career coach for the FourBlock Pacific Northwest cohort.

Jonathan is excited to present during an upcoming BSides Security Conference on September 23, 2023 at the Idaho State University Idaho Falls campus. BSides conferences are local security conferences held nationwide that focus on bringing together cybersecurity enthusiasts to engage in knowledge sharing. Jonathan’s presentation will focus on bridging the gap for nontechnical professionals who are entering into the cybersecurity workforce and his hope is to help further the dialogue on removing the stigma that entry-level professionals should have 3-5 years of experience with advanced cybersecurity certifications and degrees. He plans on further advocating, encouraging, and supporting professional development and growth in this space.

Veterati: An Overview

Veterati is a groundbreaking digital platform that specializes in mentorship for veterans and military spouses. This unique mentorship network connects transitioning service members, veterans, and their spouses with successful professionals across various industries. Veterans can access a wealth of advice, gain industry-specific insights, and build meaningful connections to pave their way into civilian careers. For mentors like Jonathan, Veterati offers an opportunity to give back, guide, and support these individuals as they navigate new professional landscapes.

OCEG & The Governance, Risk, and Compliance Professional (GRCP) Certification

OCEG's GRCP certification is a global recognition that sets a robust standard for the role of individuals in implementing GRC capabilities within organizations. This highly sought-after credential has been adopted by thousands of professionals across various industries, and for veterans like Jonathan, it opens doors to a range of career opportunities in the multidisciplinary field of GRC.

Jonathan and GRC

Jonathan's journey from the military to GRC is a testament to the versatile skills service members bring to the civilian workforce. Having served for over two decades, his time in the military was mostly spent in aviation maintenance. However, the defining moment of his career came about halfway through his service when he transitioned from a maintainer role to quality control or technical inspector, auditing the work that had been done. This shift paralleled the principles of GRC, with Jonathan noting, "Part of what GRC is, is inspecting work that has been done prior to ensure it's done correctly and properly, and in compliance with the standards/regulations."

Jonathan strongly believes that veterans bring unique strengths to the GRC field, such as an inherent understanding of regulations and the ability to conduct risk assessments - both hard-earned skills from their military training.

Speaking of his GRCP certification, Jonathan praised its ability to broaden his understanding of GRC. "I realized that GRC principles are more business-related, and cyber is a smaller piece. You don’t have to be in Cyber to be a GRCP professional – you can be in sales or more in the business and apply those business principles." This comprehensive understanding has significantly shaped his mentorship approach, enabling him to guide veterans transitioning into various aspects of GRC, not just CyberSecurity.

Veterans & GRC: Where to Start

The biggest challenge Jonathan identified for transitioning veterans is self-doubt about their experience. In his mentorship, he combats this by working one-on-one with his mentees to help them translate their military skillsets and experiences into language that employers in the civilian world can understand. He highlights their ability to read manuals, adhere to checklists, handle third-party oversight, and other related skills they’ve honed in the service.

He shared a couple of inspiring stories of veterans he has mentored, including one cybersecurity professional who is now head of security operations. Another veteran, an air traffic controller, transitioned into the GRC field after being introduced to OCEG and completing a Skillbridge internship.

Stressing the importance of networking, Jonathan emphasized that it's not just vital for success in the GRC sector, but in general. "Networking is the key to being successful," he said. He supports his mentees by referring them to other mentors and connecting them to veteran resources.

Jonathan's Take: The Future of GRC

When asked about the future of GRC, Jonathan envisioned it as a field that will continue to evolve to become less of a 'compliance closet' and more of a business partner. He believes this evolution will be beneficial for veterans as it aligns with their training and experiences.

Jonathan's final piece of advice to veterans beginning their journey into GRC was both encouraging and inspiring. "Don’t be afraid. Don’t think that it is impossible to get into. While it can be frustrating, it is important to network and be active on LinkedIn," he advised. He emphasized the importance of sharing experiences, failures, and successes and urged veterans to remain adaptable, open, and vulnerable.

So, What's Next?

This interview not only provided deep insights into the transition from military service to a career in GRC but also underscored the unique strengths veterans bring to the GRC field. As we continue to promote diversity and inclusion in the GRC sector, let's remember to value the unique perspectives and experiences of our military veterans, and the role programs like OCEG's GRCP and platforms like Veterati can play in aiding their transition.

To further connect with Jonathan, visit his LinkedIn profile or the Veterati website.