For over two decades, my career has lived at the intersection of logic and persuasion.

I started as a software developer, diving deep into the architecture of systems. Later, I moved into B2B and B2C sales, learning how to sell value, manage stakeholders, and close deals. I spoke the language of the engineers and the language of the boardroom.

Today, I am making a deliberate pivot. I am transitioning into Cybersecurity Governance, Risk, and Compliance (GRC).

Why the switch?

The industry is saturated with tools, but starved for professionals who truly understand both the technical implementation and the business necessity of security.

Most GRC professionals struggle to talk to devs. Most devs struggle to understand risk frameworks.
My goal is to be the bridge.

My Plan: "Build in Public"

Starting today, I will be documenting my entire journey of mastering GRC frameworks (starting with ISO 27001 and NIST CSF) through the GRC Mastery program.

I won't just share certificates. I will share:

• Technical breakdowns of how compliance requirements map to actual infrastructure.
• Risk assessment strategies tailored for agile teams.
• Real-world scenarios where sales psychology meets security policy.

What You Can Expect from This Series

1. Learning Logs: Deep dives into specific modules (e.g., "Understanding the Statement of Applicability").
2. Practical Templates: Shareable risk registers and policy drafts I create.
3. Career Insights: How to navigate the job market as a senior professional changing tracks.

Join the Journey

If you are in GRC, development, or risk management, I'd love to hear your thoughts.

• What's the biggest misconception developers have about compliance?
• How do we better automate evidence collection without slowing down engineering?

Follow along here on Dev.to and on [LinkedIn] as I build this new chapter, one framework at a time.

Disclaimer: I am currently in the learning phase. The views expressed here are based on my current study and personal analysis.