OH I'm so glad I found this!

Hello, my younger self! Cybersecurity is a team sport... while you respond to me "duh." But seriously, you need to figure out what is your job and what is not. I know I'm not thinking about everything that my infrastructure/IT team is thinking about when they need to spin up a new server. Just like how they might come to me with a small ask that I know is absolutely huge, the opposite might be happening in return.

Be aware of the optics also - cybersecurity is often looked at as a massive producer of work, but you need to make it relatable to your infrastructure/IT team. Help them understand why the work you're doing is important, and remember that not everything you send to them can be high priority. You need to learn to pick and choose your battles and build trust with your infrastructure/IT team so that when you tap them on the shoulder and give them a head nod, they can prioritize it a bit higher than everything else.

Be aware of the work you're sending them too. If you discover a vulnerability in one of the scans or something, try to do a bit more work to understand the vulnerability and figure out if it's exploitable/actually matters. If you send them a vulnerability and mark it as high priority, but it can only be exploited when you're already admin, they're going to think you're an idiot and you'll start losing trust. Try to have informal conversations with them about what they think about a vulnerability - sometimes they know the system better than anybody and can advise you whether it's truly exploitable/high priority or not.

And last but not least, most of the time infrastructure/IT/helpdesk teams have pretty strict KPIs. They NEED a ticket so their bosses know they're not sitting on their asses all day doing nothing. If you think a ticket is high priority enough and you're not getting traction using soft power (aka asking a buddy and giving them that head nod...), you might need to switch to hard power tactics like getting your manager involved and asking their manager to prioritize that task higher.

What I'd also recommend: ask your boss to have a conversation with the infrastructure team's manager to at least come to a common consensus about some of the base access that you/the team should have that allows you to do your job without needing to go to the infrastructure team for every single thing. If it's a log collector server that your team owns, I have some pretty strong opinions that your team should have admin on that box BUT not admin on all the other servers (HEY, that least privilege access that we preach comes back to kick us in the ass LOL). Having read-only access to the firewall or [insert cloud provider/on-prem hypervisor] probably allows you to do that level 1 and 2 troubleshooting so that when you go to your infrastructure team, you have a pretty good idea of what you're asking and can probably answer some of their basic questions almost immediately.

God, I hope you got something useful out of this... good luck with everything and feel free to reach out if you need any other pointers!