Cybersecurity Professional Seeks Career Direction

💬 Too broad to specialize, too junior to lead, not sure what to do next? The poster has ~5 years of cybersecurity experience across multiple domains (pentesting, AppSec, cloud security, engineering, and architecture) and recently earned the CISSP certification. They describe themselves as a strong generalist who enjoys strategic, stakeholder-focused, and decision-making aspects of security but feels "in between" due to insufficient experience for managerial roles and lack of deep specialization. They are considering whether to specialize further, pursue architecture/leadership roles, or focus on certifications (e.g., CCSP, CISM) or hands-on projects. Long-term, they aim for a CISO or senior leadership position.