right now I’m a sysadmin for a manufacturing company, I also run the security program here. Worked with a 3rd party to set up event log/network monitoring. Create Security polices. Implemented new client AV. Audit active directory/security groups. I have also given presentations about supply chain cyber security, CMMC, and tried to explain how to get there. Right now we’re a small team an I basically do it all, implementing new controls, responding to alerted traffic/logs etc.. by investigating, updating firewall rules, investigating possible incidents. I did talk my company into signing an IR retainer as I explained i am not an IR guy.
First off how does my experience sound?
Second I know most people find compliance boring and paperwork boring but I find it cool and think auditing/compliance would be a good route for me, any advice how to get there?
also studying for CISSP.