Skip to content

Learning Hub

Want to contribute?

You can contribute in a few different ways:

  • Create a feature branch for learning.md -> submit a pull request
  • Open an Issue with a feature request (use the Learning Hub label)
  • Start a Discussion to brainstorm ideas with the community (use the Learning Hub label)

The GRC Engineering Learning Hub is intended to be a community-developed knowledge base of learning and career development resources for practitioners interested in advancing their GRC engineering skills and competencies.

Learning content listed below pertains to GRC Engineering topics that are directly relevant to aspects of the GRC Engineering Manifesto.

Books

Below are books that pertain to GRC Engineering values/principles.

Title Author(s)
GRC Engineering for AWS AJ Yawn
How to Measure Anything in Cybersecurity Risk Richard Seiersen, Doug Hubbard
Measuring and Managing Information Risk: A FAIR Approach Jack Jones, Jack Freund

Courses

Below are online courses that pertain to GRC Engineering values/principles.

Title Author(s)
Governance, Risk, and Compliance (GRC) for the Cloud-Native Revolution Ayoub Fandi
Cybersecurity Foundations: Governance, Risk, and Compliance (GRC) AJ Yawn
Leveraging AI for Governance, Risk, and Compliance Terra Cooke

Labs

Below are labs that pertain to GRC Engineering values/principles.

Title Author(s)
GRC Playground Ashley Pearce
GRC Portfolio Labs AJ Yawn

Podcasts

Below are podcasts that are either wholly dedicated to discussing GRC Engineering values/principles or are standalone episodes that pertain to GRC Engineering values/principles.

Title Author(s)
GRC Engineer Podcast Ayoub Fandi
[Cyber Stories Podcast] Governance, Risk & Compliance (GRC) Engineering with Ayoub Fandi Day Johnson feat. Ayoub Fandi
[Resilient Cyber] Transforming Compliance Through GRC Engineering Chris Hughes feat. AJ Yawn
[MYGRCPOV] The Rise of GRC Engineering with AJ Yawn Monica Reagor feat. AJ Yawn

Talks & Interviews

Below are talks and interviews from conferences, podcasts, and vlogs that pertain to GRC Engineering values/principles.

Title Author(s)
[BSidesSF 2024] GRC Engineering - Bringing GRC to a repository near you Varun Gurnaney
[BSidesSF 2025] Compliance Without the Chaos: Building It Right Into Your DevOps Pipeline Varun Gurnaney
[Netflix Security] Risk-based Security Decision Making at Netflix Prashanthi Koutha, Shannon Morrison
[fwd:cloudsec 2025] Introducing GRC Engineering: A New Era of AWS Compliance AJ Yawn
What is GRC Engineering? Lloyd Evans
Automating Compliance Processes With GRC Engineering Lloyd Evans
[CPA to Cybersecurity] Pivot from Non-Technical to GRC Engineering and Cloud Native Compliance Steve McMichael feat. Ayoub Fandi
[FAIRCon 2022] Five Objections to FAIR and How to Overcome Them Tony Martin-Vegue,Prashanthi Koutha
[Simply Cyber] GRC Deep Dive on Cyber Risk Quantification with 20+ Year CISO Steve McMichael feat. Richard Seiersen

Blogs & Newsletters

Below are blogs and newsletters that are either wholly dedicated to discussing GRC Engineering values/principles or are standalone articles that pertain to GRC Engineering values/principles.

Title Author(s)
The GRC Engineer Newsletter Ayoub Fandi
From Heatmaps to Histograms Tony Martin-Vegue
Varun Gurnaney’s Medium Varun Gurnaney
[Netflix TechBlog] Open-Sourcing riskquant, a library for quantifying risk Markus De Shon, Shannon Morrison

Social

Below are social outlets where folks can learn with others about all things GRC Engineering.

GRC Engineering Community Discord (new members can use this invite link to join)

GRC Engineering Community LinkedIn Group

GRC Engineering Club

Career Architecture

🚧TBD🚧