Many a security practitioner has told me that they see GRC as "the boring, audit stuff". It is true that GRC includes audits and related activities. It also provides those that are willing to learn an abundance of experiences, viewpoints, and skills, similar to how security and software engineering goes deeper than typing code to magically make things work.

A healthy does of GRC experience provides insight into the "why's" and "how's" of critical business operations. This insight enables us to be more effective partners across our organization, deliver more value to other teams, and strategically navigate the ever-changing landscape of threats and regulatory requirements.