Leaving Information Risk Management/GRC back to the technical side of security.
I've always wondered why people on the other side of security(GRC) earned so much doing little to nothing. Well, I got my taste of the GRC world at a top investment bank and I was bored to death. The company's processes were matured and better than most organizations I've worked for. Also the money was very very good; yet I wasn't enjoying the job. I felt like I was a glorified office assistant becoming an excel tiger with security knowledge. Metrics, AV trends, TVM (threat vulnerability management) trends, all excel and power point task. Anyways! Good luck to those that want to job into the security field.