Hello!

I have been in IT for the last 10 years. For the majority of my career, I worked in smaller shops so security was just part of my role and not a dedicated role. However, in 2019 I started moving into the corporate world and specializing in cybersecurity - specifically, implementing IAM infrastructure.

After doing technical sysadmin & engineering roles for the better part of a decade, I'm starting to burn out on the technical side and would like to find something that is a little more balanced. For example, I completed the penetration testing path on TryHackMe and I enjoyed the learning process, but I can't imagine doing it day-in and day-out. I don't like being in the weeds enough to become an SME, but I'm also not extraverted enough for management. I do like the idea of being a technical liaison between the engineers and business, though.

I feel like I might be too technical for GRC, but I enjoy being able to work on a variety of things at a high level. A couple of subfields I've had my eye on are vulnerability management and cyber threat intelligence.

Vulnerability management because it would allow me to focus on managing the high-level project work of identifying & remediating issues and interact with a variety of disciplines and SMEs who do the actual in-depth technical work.

Cyber threat intelligence because it requires that technical background knowledge, but the work/deliverables rely mostly on analysis and writing.

Could anyone here speak to the general balance of technical/non-technical in these roles or others I may not have considered?