
Learn From an Active Expert
Hey guys, my name is Bruce. I have been doing cybersecurity since 2000. My experience includes roles at NASA, USAF, Verizon, and other organizations. I started this community to guide you through the complexities of Governance, Risk Management, and Compliance.


Your GRC Success Toolkit (Start Free)
-
Free Download
GRC Roadmap
-
Free Download
Field-Tested Resume
-
Subscribe Now
GRC Insights Newsletter
-
Join Now
ConvoCourses Community
Reviews & Ratings ⭐⭐⭐⭐⭐
(4.8 based on 500+ reviews)
-
⭐⭐⭐⭐⭐
JohnD., GRC Analyst
"This roadmap made all the
difference for my career!" -
⭐⭐⭐⭐⭐
Samantha
T., Cybersecurity Specialist"Clear, precise,
and highly actionable." -
⭐⭐⭐⭐⭐
Amazon Customer
"Exactly the
insight I needed to advance quickly."
Frequently Asked Questions
Aren't there free resources online? Why pay for a course?
We have free resources too as well as paid services and programs that give you the perspective of a GRC subject matter expert working in the field.
Is GRC Too Technical?
No, we simplify complex frameworks into understandable guidance for everyone. Unlike other parts of IT and cybersecurity, GRC doesn't always get super technical.
Do I Need Specific Certifications?
Not immediately. Start learning practical, real-world skills first, then easily transition to certifications.
What Will I Actually Learn?
Real-world applications of NIST 800, NIST Cybersecurity Framework, RMF, Security Controls, Risk Management, and more.
Is it relevant if I'm Already in IT?
Absolutely. Grow your career in cybersecurity, compliance, governance, and risk management. GRC often pays more than regular IT work and offers more flexibility to get into management or other aspects of cybersecurity.
Risk-Free Guarantee
Join Risk-Free!
Not satisfied with your experience? Easily cancel anytime—no strings attached.
Cybersecurity GRC Books & Media
-
Print books GRC Cybersecurity
Cybersecurity books printed and sent to you! These cover all aspects of...
-
ebooks GRC CyberSecurity
Quick downloads to your favorite GRC cybersecurity books.
-
Audiobooks GRC Cybersecurity
Get your GRC and Cyber learning via audio! Great for long lines...
Recommended GRC Products
-
RMF ISSO Foundations (COURSE)
Vendor:ThinkificRegular price $295.00 USDRegular priceUnit price / per -
Information Systems Security NIST 800 2-in-1: RMF Foundations & Controls (AUDIOBOOK)
Vendor:ConvocoursesRegular price $25.00 USDRegular priceUnit price / per -
ISO 27001: 2022 Information Security Management System Guide ISMS (AUDIOBOOK)
Vendor:ConvocoursesRegular price $10.99 USDRegular priceUnit price / per -
ISO 27001:2022 Information Security Management System Guide (EBOOK)
Vendor:ConvocoursesRegular price $14.00 USDRegular priceUnit price / per -
Cybersecurity Fundamentals: Best Security Practices (AUDIOBOOK)
Vendor:ConvocoursesRegular price $6.00 USDRegular priceUnit price / per -
RMF Security Control Assessor: NIST 800-53A SCA (PAPERBACK)
Vendor:Bruce Brown, convocoursesRegular price $40.00 USDRegular priceUnit price / per -
EBT Accepted
Vendor:Convocourses GRC Cyber securityRegular price From $16.00 USDRegular priceUnit price / per -
Cybersecurity Fundamentals: Best Security Practices (PAPERBACK)
Vendor:Bruce BrownRegular price $22.95 USDRegular priceUnit price / per
Learn from GRC professionals who are in the field.
Join ConvoCourses community for advice 24/7!
Search "ConvoCourses" - 1:00 PM MST LIVE on Youtube/Tiktok/FB
Learn from GRC professionals who are in the field.
Join ConvoCourses community for advice 24/7!
Search "ConvoCourses" - 1:00 PM MST LIVE on Youtube/Tiktok/FB
Learn from GRC professionals who are in the field.
Join ConvoCourses community for advice 24/7!
Search "ConvoCourses" - 1:00 PM MST LIVE on Youtube/Tiktok/FB
Learn from GRC professionals who are in the field.
Join ConvoCourses community for advice 24/7!
Search "ConvoCourses" - 1:00 PM MST LIVE on Youtube/Tiktok/FB
Learn from GRC professionals who are in the field.
Join ConvoCourses community for advice 24/7!
Search "ConvoCourses" - 1:00 PM MST LIVE on Youtube/Tiktok/FB
Learn from GRC professionals who are in the field.
Join ConvoCourses community for advice 24/7!

sample cybersecurity grc ats stule
FREE GRC RESUME
Bruce provides his actual cybersecurity governance, risk, and compliance resume. This is an application tracking software (ATS) style resume that will give you an understanding of what employers are looking for in the GRC and cyber market.

NIST 800 SSP, SOP, POLICIES
FREE GRC Templates
These are NIST 800 templates. It includes system security plans (SSP), security assessment plan (SAPs), security policies, and many other documents to help you build your own.

iso 27001, cis v8, nist 800, csf
Free GRC Training
Convocourses.com offers free and paid training and resources on several standards and frameworks including: ISO 27001, CIS v8, NIST 800, CSF v1 and v2.
Bestselling GRC Books
-
ISO 27001:2022 Information Security Management System Guide (PAPERBACK) US UK
Vendor:Bruce Brown, convocoursesRegular price $22.00 USDRegular priceUnit price / per -
Cybersecurity Jobs 3-in-1 Value Bundle: Resume Marketing, Career Paths and Work From Home with cybersecurity (PAPERBACK)
Vendor:Bruce BrownRegular price $21.00 USDRegular priceUnit price / per -
RMF Security Control Assessor: NIST 800-53A SCA (PAPERBACK)
Vendor:Bruce Brown, convocoursesRegular price $40.00 USDRegular priceUnit price / per -
RMF ISSO: NIST 800-53 Controls Book 2: NIST 800 Control Families in Each RMF Step (PAPERBACK)
Vendor:Bruce BrownRegular price $39.00 USDRegular priceUnit price / per


Let customers speak for us
from 181 reviewsCybersecurity fundamentals are essential for career development. This book is a great tool to help spark creativity for creative minds, and will help you navigate in your cyber career. I will recommend this tool to others.

Overall, this is a very good guide and explainer for those who are new to ISO27001 and have little point of reference. This is a really dry subject and the autor does a reasonably good job of trying to provide occasional fun graphics and reference to Marvel superheroes to lighten it up. Previously I read the author's NIST book and materials, which I liked and were very comprehensive, useful, and presented in a loose and easy to read style.So let's cover what it is and what it isn't. Overall, it covers the Clauses section of ISO27001 comprehensively, which is the meat of the document. It explains, what it is, why it exists, a little bit on how it differs from other frameworks so that newcomers have a good context for what it's trying to accomplish. Then it goes into the process of what you need to know and must follow for these clauses, which is not evident in ISO27001 and is more of a practice approach. There is little question that you'll understand and appreciate the depth of that coverage. There is explanation of what you need to do with some examples but much is understandable to be applied if you appreciate something of the nature of the work. He also goes through the Annex which has a long list of controls, where there isn't much more than a summary of what each is, in the event you didn't want to spend lots of money on obtaining a copy of ISO27001, so this is complete.I would have enjoyed a few more personal experiences and real world examples and a bit more on the Annex, which is more sparse coverage. But overall, if you need a guide to understand beyond what this document is and how to use it, it's very well organized and explained.

"Cybersecurity Fundamentals: Best Security Practices" by Bruce Brown is an essential guide for anyone new to the field of cybersecurity. With a clear and practical approach, Brown expertly breaks down complex concepts into seven key principles, offering real-world examples and frameworks. The book covers everything from email security to incident recovery planning, making it accessible and valuable for readers at any level. It's a well-organized, comprehensive resource that's highly recommended for IT professionals and beginners alike.

Great book that breaks down the ISSO tie in into the NIST800-53 framework families, it really helped prepped me for an interview. Way better than reading the NIST books from scratch as this author talks about it in plain English and gives scenario based context. Highly recommended for anyone looking to become, or know what an ISSO does, as well as a refresher.

Great book that breaks down the ISSO foundations, it really helped prepped me for an interview. Way better than reading the NIST books from scratch as this author talks about it in plain English and gives scenario based context. Highly recommended for anyone looking to become, or know what an ISSO does, as well as a refresher.I received a free copy of this book via Booksprout and am voluntarily leaving a review.

What a great overview and in-depth look at the area of controls when it comes to RMF. This is much more palatable than anything the government writes. I also found that it was relatively complete when it comes to the building of a practice or safety process surrounding RMF.I received a free copy of this book via Booksprout and am voluntarily leaving a review.

"A comprehensive roadmapAuthored by Bruce Brown, this guide offers a comprehensive roadmap to understanding and implementing the ISO 27001:2022 standard. Brown's expertise shines through as he breaks down complex concepts into easily digestible nuggets of wisdom. From Clause 4 to 10, each aspect is meticulously explained, ensuring even novices can grasp the intricacies of information security. What sets this guide apart is its practical approach. Brown doesn't just stop at theory; he provides real-world examples and actionable strategies that empower readers to safeguard their organization's digital assets effectively."

"The Information Management Security Guide" serves as an invaluable companion for anyone intent on bolstering their organization's data protection. Although parts of the book delve into technical details, it remains largely accessible and immensely practical. The guide provides clear, straightforward advice that is both useful and easy to implement, offering readers the tools needed to defend against various cyber threats. It's a must-read for professionals seeking to enhance their security measures and safeguard sensitive information effectively.

Navigating information security can be daunting. This book is a great companion in better understanding and managing ISO 27001. It is an indispensable resource for anyone in the cybersecurity environment.

"From the moment I delved into 'ISO 27001:2022 Information Security Management System,' I was captivated by its thoroughness and relevance in today's digital landscape. This meticulously crafted guide not only demystifies the complexities of information security but also serves as a comprehensive roadmap for organizations aiming to safeguard their sensitive data. With its clear structure and practical insights, this book equips readers with the essential knowledge and tools needed to implement an effective security framework aligned with ISO 27001:2022 standards. Whether you're a seasoned cybersecurity professional or a novice navigating the intricacies of information security, this book is an indispensable resource that promises to elevate your understanding and approach to protecting valuable assets in an increasingly interconnected world.".I received a free copy of this book via Booksprout and am voluntarily leaving a review.

This book is helpful for cyber professionals navigating the complexities of information security management. While the official ISO 27001 standard may leave readers craving more detailed insights, the author's comprehensive guide offers a step-by-step blueprint for mastering the standard and implementing effective strategies. With straightforward explanations, real-world examples, and a thorough expansion of Clauses 4 through 10, this invaluable resource ensures readers grasp even the most technical aspects with ease. Whether you're new to the field or seeking to enhance your expertise, empowers you to take control of your organization's security posture while unlocking the full potential of ISO 27001 . . . If I was still working in cybersecurity, I could have applied the methods to my job (but I'm now retired). A good read for anyone in the field, especially for a planner or anyone that works defensive cyber.

Geared towards individuals tasked with real-world implementation rather than just theoretical understanding, this book takes a practical approach. It provides clear examples for each clause and subclause, making complex concepts easy to grasp and apply.Unlike other dry and academic tomes, it features a user-friendly layout with pictures, jokes, and infographics, enhancing readability and reinforcing key concepts memorably. The straightforward explanations, step-by-step techniques, and comprehensive coverage of the ISO 27001 standard make it accessible to readers of all levels of expertise.Whether you're a seasoned professional or a novice in the field, this book provides the knowledge and tools needed to confidently navigate the complexities of information security.

This compelling read offers a comprehensive perspective of the 800-53 controls from the standpoint of the Security Control Assessor (SCA).

This compelling read offers a comprehensive perspective of the 800-53 controls from the standpoint of the Security Control Assessor (SCA).
