I have been thinking more about the future career options I have. I don't want to move now, but I want to make sure I am ready for whatever I do want to go in the future. It is a common problem in any field: Once you get near the top you have a harder time advancing further.
Some career paths are obvious. If you want to go into a specific operation security area, like network security or related things, you should probably focus on enhancing the skills that help you be better at whatever you are doing.
Unfortunately, I didn't come to security from the sysadmin route. I had over 20 years of software development (and general analysis) before I started full time in information security. This may be placing me really well for working in the growing area of application security, but even that has a lot of possible different focus areas.
I am also very interested in risk, compliance, policy and security awareness. While these all could relate to development security, they are not necessarily tied to that. Figuring out the route is my challenge now. I want to know everything, but I can only learn so many things.
This is not as refined as I would like, but I wanted to put out some thoughts to build on later. I plan on writing about this more and I have thought of working in this area with either the local ISSA chapter or OWASP.