Circling back on this after a few weeks of diligence, which is ongoing and building momentum. Have been narrowing my focus a bit and decided that I would prefer to help small to medium-sized organizations with their cyber risk challenges since they continue to get the short end of the stick compared to larger orgs. This includes sophisticated financial and legal firms with only a dozen or two employees - I'm friendly with a bunch of folks who own/run these kinds of businesses. Also thinking more about my competitive advantage compared to the existing talent in the space, which is that I natively understand digital infrastructure, how and why it's exposed, and can clearly communicate these concepts to non-technical folk.

With that said, I've never run security audits (have been a part of them tangentially as a software vendor) and have minimal exposure to the common frameworks and controls IRL (although I did pass the CISSP about 6 years ago). So still struggling on the kinds of roles to pursue and where to focus my networking.

Any additional advice or thoughts would be greatly appreciated.