That's interesting, we didn't really have anything like that when I was in infosec. It was more about trying to set up meaningful policies, and also running automated checks (which we all wrote in-house).
We also did more boring stuff like ID provisioning and reconciliation (against the master list of ids on the literal mainframe). Different era. XD
God, it was nice, though. You'd walk in to work in the morning, grab literal printouts from nightly reports, grab a coffee or soda, and check stuff off for a couple hours before anything really crazy started happening for the day. That pace was gone by 2004 or so, and I can't imagine what it's like NOW. XD