I should've added that GRC is more management, not technical/hands-on, as you may know with your CISSP. Therefore, if you're looking for more technical, don't go GRC.
You'll find that when searching for jobs in either private or government, many jobs of different titles may have the same tasks. Conversely, two or more jobs of the same title may have different tasks. As you said, INFOSEC is a vast field. Despite that, lots of overlap with the many different areas which is a good thing because one of the difficult aspects of our field is plugging in all those gaps in job roles to properly secure a system (e.g., NIST SP 800-181).
It really depends on what motivates you, what you are passionate about, and where you want to go. You might even consider leveraging you PM experience to drive projects like Cloud transformation or you might more like hands-on keyboard to work like network security - there are many "layers" of opportunity. Tell us more about your security interests.
The background knowledge you have been building is useful to you and, in the case of the CISSP, enables you to understand the field of Information Security. The other topic areas you have been covering provide some of the underlying background technical Systems/Network knowledge. You can rely on the helpdesk and project management experiences that you have; both useful disciplines under information Security but will need to be addressed from a cyber security perspective. You now need to determine what field of "cyber" you wish to go into (management, architecture, risk and consultancy, operational etc.) you also need you determine if the design and development of systems is where you want to be, or the day-to day running of security of systems/products be that in a Security Operations Centre, build and configuration, or daily maintenance (patch, update, incident management, helpdesk). On top of this, what business domain do you want to progress in - law enforcement, healthcare (national/local), defence, government (national/federal, local)? At the end of the day, you need to maintain the development of knowledge, gain appropriate experience, and hone and develop your skills in the areas chosen. Keep stretching yourself, keep learning, and keep enjoying the journey. Good Luck
One of the big decisions is: do you want to be a big fish in a small pond (consider a lone security "expert" in a small building firm or a "generalist") or a small fish in a big pond (think IBM Consultant or a "specialist"). You might consider starting with what you know - cyber security in the construction industry for example - best of both knowledge domains. The world really is your oyster. Create an Information Security (Cyber) relevant CV highlighting your relevant skills, experience, and knowledge and target something that will take you beyond your current comfort zone. Remember to prepare examples of experiences to support the CV - have a few examples (Situation (what was the issue), Task (what were you asked to do), Action (what did you do), Result (how well was it received or did you/your solution perform) format - presentation style) that you can share at interview (remember this may prompt questions - and if you don't know, don't bluff but instead say so but then add .. but this is how I would approach investigation and preparation of a solution for example).
First congrats and welcome to the club.
Yes correct. Security field is a board field.
From first line of defence, 2nd line, 3rd line, 4th line , researches..
from CISO, architecture, engineering, analyst, project/program management, SOC, red team, incident response.
And you are correct, the best is have your eyes open, understand the field first and see what interests/motivates you.
It's difficult to recommend or give much advice with limited information.
Cheers
Noticed post. Since you already have degree, certs, and HD experience I don't see any issues in landing a position. You technically are a security pro (security related duties in your help desk job). Just going to need to research the various positions (job/certification sites/etc.). One recommendation is to look at LinkedIn as part of your career development and network.