When I first decided to move into cybersecurity, I didn’t know how wide the field really was. To me, cybersecurity was just… cybersecurity. I didn’t yet understand that it had many different roles, paths, and specialisations.
That clarity only started to come after training.
During my cybersecurity training, I was exposed to different areas, but I still hadn’t made a decision. I was learning, observing, and trying to understand where I fit.
The Internship That Helped Me Be Honest With Myself
I got an opportunity to intern remotely at a cybersecurity company for one month. During that time, we were taught more about penetration testing and report writing.
And this is where something important happened.
I was bored.
Not because the work wasn’t important but because it didn’t spark anything in me. I paid attention to how I felt and chose to be honest with myself. I realised that this side of cybersecurity didn’t excite me, and pretending otherwise wouldn’t help my journey.
That honesty mattered.
Discovering Cyber Threat Intelligence
Later on, I took a course in Cisco Cyber Threat Intelligence. This experience felt completely different.
I loved it.
It sparked my curiosity. I enjoyed understanding threats, patterns, behaviours, and why attacks happen not just how they happen. For the first time, I felt engaged instead of forcing interest.
That curiosity pushed me further.
The Moment I Found GRC
I started watching more videos on YouTube, especially content related to risk management. That was when I came across GRC; Governance, Risk, and Compliance.
Something clicked.
I found myself drawn to this side of cybersecurity and couldn’t immediately explain why. So I asked myself a simple question:
Why am I drawn to GRC?
Connecting the Dots With My Work Experience
Out of curiosity, I typed that exact question into ChatGPT. I explained my background, that I had been a flight attendant for over a decade.
The response stopped me in my tracks.
I was told that I was likely drawn to GRC because compliance, regulations, procedures, and safety rules had been part of my life for years.
And that was true.
As a flight attendant, compliance wasn’t optional. Regulations had to be followed. Procedures existed for a reason. Safety depended on structure, accountability, and consistency.
I wasn’t starting something new.
I was recognising something familiar.
Why GRC Makes Sense for Me
GRC focuses on:
- rules and policies
- risk awareness and management
- incident response planning
- business continuity
- accountability
It’s about understanding what could go wrong, how to reduce the impact, and how to respond when things don’t go as planned.
That mindset felt natural to me.
On A Final note….
Choosing GRC wasn’t about chasing a title or forcing a role.
It was about paying attention to my interests, my curiosity, and my past work experience.
Cybersecurity is a big field.
Finding your place in it starts with honesty.
For me, GRC didn’t feel foreign.
It felt like home just in a different industry.
