Experience in what I already do? I am a manager for an IA/Cyber security team, have tested/evaluated various PL-1 information systems to be granted authority to operate and more recently a PL-2 with various RBACs and network ACLs to enforce data segregation between users of different need to know and to get splunk working right- be it the LDAP plugin, working around limitations of the default check_method endpoint_md5 etc.
For “real world” side, I know the concept of setting up a DMZ, ACLs etc, but where I am at now there is stiff separation of duties so I do not setup ASAs, active directory etc- not allowed to do any sysadmin work, only checking on them- and a lot of that is automated, I have to go out on my own homelab if I want to setup a domain, join clients, push GPOs, WMI filters etc. I wouldn’t know where to start (I did setup a splunk eval and search to find deficiencies in firewall enforcement, but can’t setup the firewall itself haha). I am not exposed to systems that are exposed to the internet dealing with real world all day hits. At home I tried to home lab a bit, hosted a wordpress site and email server to look at fail2ban logs, work with Linux firewalld and such. But IMO I’m entry level at best- splunking low activity systems vs. what they do…
This is the position I was looking at but I’m afraid it could be more mindless auditing but at least on networks that have real threats.
My dream would be to move towards engineer such as this:
Lots of homelabbing to do towards the OSCP instead of the CISSP. Wanting a job that gives me the OJT and push vs. its just been in my spare time and having been promoted at work, I have even less exposure with the tech side and the tech teams. Herding cats, its a thing.