I’m interested in security but I don't have a CS degree. Can a non-tech person in the US get a $70K tech job in 6 months in Cyber Security? I am looking at GRC (Governance, Risk, and Compliance) roles because they seem less about "hacking" and more about policy and documentation. Is $70k a realistic starting point for a GRC analyst with only a few certifications?
3 answers
I started in GRC with just a Security+ and no prior tech experience. My first offer in North Carolina was $72,000. It's very doable!
GRC is the perfect "non-tech" entry point into Cyber Security. Since it focuses on frameworks like NIST, ISO, or HIPAA, your ability to read, interpret, and implement policy is what matters most. A $70k salary is actually on the lower end for GRC; many entry-level roles in financial hubs pay $80k+. I highly recommend getting the Security+ and then looking into a specialized GRC cert like the CGRC. If you can prove you understand risk management and audit processes, you are a very valuable asset to any mid-to-large sized company concerned about data privacy and compliance.
Michelle, would you say that a background in legal or insurance claims would provide a significant advantage when applying for these GRC positions?
Kyle, absolutely. GRC is essentially "digital law." If you already have experience with contracts, regulatory compliance, or detailed documentation, you are ahead of 90% of the applicants. Most hiring managers in security would rather take someone who understands compliance and teach them the tech basics, than take a hardcore coder who hates writing reports. Your background in insurance is a goldmine for this specific niche—definitely highlight that on your resume!
That is so encouraging to hear, Sharon! It proves that you don't need to be a "hacker" to have a high-paying, successful career in the cybersecurity domain.