Dan Chui
Happy Bytes
cybersecurity

From Risk Management to Cybersecurity: My Journey into SOC & GRC

From Risk Management to Cybersecurity: My Journey into SOC & GRC
0 views
3 min read
#cybersecurity
Table Of Content

From Risk Management to Cybersecurity: My Journey into SOC & GRC

For over a decade, I built experience in credit risk management, financial analysis, and internal controls. While these fields gave me a strong foundation in evaluating risk and designing safeguards, I began to realize that the challenges shaping the future were increasingly digital. That realization sparked my transition into the world of cybersecurity.

Why Cybersecurity?

Cybersecurity appealed to me for two main reasons:

  1. Relevance – Every organization today depends on digital infrastructure, and the risk landscape is constantly evolving.
  2. Transferable skills – My background in financial risk and compliance gave me a natural bridge into governance, risk, and compliance (GRC) within security. At the same time, I wanted to expand my technical skill set to include security operations (SOC).

First Steps: Building the Foundation

To kick off this career pivot, I earned CompTIA Security+, which provided a structured way to cover the fundamentals:

  • Threats, attacks, and vulnerabilities
  • Security operations and incident response
  • Risk management and compliance frameworks

Passing Security+ gave me confidence that my existing risk management background could integrate with newly acquired security knowledge.

Expanding the Path: SOC & GRC Together

Instead of choosing only one track, I decided to pursue a dual path:

  • SOC (Security Operations Center)

    • Hands-on labs with Wireshark and Nmap
    • Building detection and triage workflows with Splunk
    • Enrolled in TryHackMe’s Security Analyst Level 1 (SAL1) learning path

  • GRC (Governance, Risk & Compliance)

    • Training on ISO/IEC 27001 Foundations
    • Creating a starter risk register and mapping controls
    • Enrolling in MIT’s Cybersecurity for Managers program (Fall 2025)

This way, I’m building both the technical detection and response skills and the framework knowledge organizations look for.

Portfolio Projects

To make the transition tangible, I’m working on a set of portfolio projects that anyone can follow along with:

  • SOC Lab Reports → documenting investigations from TryHackMe labs
  • SIEM Log Analysis Report → using Splunk to simulate incident detection
  • Incident Escalation Playbook → simple workflows for alert triage
  • Vulnerability Scan Report → scanning with OpenVAS or Nessus Essentials
  • ISO 27001 Risk Register → mapping risks and controls for a mock environment

These projects not only help me learn, but also show potential employers that I can bridge governance and operations.

Looking Ahead

My goal is to secure a role as a SOC Analyst or GRC Analyst by Spring–Summer 2026. Until then, I’ll continue sharing:

  • Study roadmaps for certifications (ISC2 CC, ISO 27001, etc.)
  • Lab walkthroughs and lessons learned
  • Templates and resources for others making the same journey

Final Thoughts

Transitioning into cybersecurity isn’t easy — but with a structured plan, transferable skills, and a willingness to learn hands-on, it’s absolutely possible.

I’ll keep sharing my progress here, and I hope my notes and projects can help others considering a similar leap.

👉 Stay tuned for upcoming posts where I’ll break down SOC labs, SIEM reports, and ISO 27001 controls in more detail.