I should've added that GRC is more management, not technical/hands-on, as you may know with your CISSP. Therefore, if you're looking for more technical, don't go GRC.

You'll find that when searching for jobs in either private or government, many jobs of different titles may have the same tasks. Conversely, two or more jobs of the same title may have different tasks. As you said, INFOSEC is a vast field. Despite that, lots of overlap with the many different areas which is a good thing because one of the difficult aspects of our field is plugging in all those gaps in job roles to properly secure a system (e.g., NIST SP 800-181).

It really depends on what motivates you, what you are passionate about, and where you want to go. You might even consider leveraging you PM experience to drive projects like Cloud transformation or you might more like  hands-on keyboard to work like network security - there are many "layers" of opportunity. Tell us more about your security interests.

The background knowledge you have been building is useful to you and, in the case of the CISSP, enables you to understand the field of Information Security.  The other topic areas you have been covering provide some of the underlying background technical Systems/Network knowledge.  You can rely on the helpdesk and project management experiences that you have; both useful disciplines under information Security but will need to be addressed from a cyber security perspective.  You now need to determine what field of "cyber" you wish to go into (management, architecture, risk and consultancy, operational etc.) you also need you determine if the design and development of systems is where you want to be, or the day-to day running of security of systems/products be that in a Security Operations Centre, build and configuration, or daily maintenance (patch, update, incident management, helpdesk).  On top of this, what business domain do you want to progress in - law enforcement, healthcare (national/local), defence, government (national/federal, local)?  At the end of the day, you need to maintain the development of knowledge, gain appropriate experience, and hone and develop your skills in the areas chosen. Keep stretching yourself, keep learning, and keep enjoying the journey. Good Luck

First congrats and welcome to the club.

Yes correct. Security field is a board field.

From first line of defence, 2nd line, 3rd line, 4th line , researches..

from CISO, architecture, engineering, analyst, project/program management, SOC, red team, incident response.

And you are correct, the best is have your eyes open, understand the field first and see what interests/motivates you.

It's difficult to recommend or give much advice with limited information.

Cheers

Noticed post. Since you already have degree, certs, and HD experience I don't see any issues in landing a position. You technically are a security pro (security related duties in your help desk job). Just going to need to research the various positions (job/certification sites/etc.). One recommendation is to look at LinkedIn as part of your career development and network.