This post on techexams.net is one of the better explanations of infosec work and process that I have seen. It was posted by keatron, an Infosec professional and trainer. His company, Infosec Institute can be found here: resources.infosecinstitute.com and the post in question can be found here: www.techexams.net/forums/security-certifications. Its a great read as are a good number of his other posts.
Heres a snippet
"...IDS specialist, firewall specialist, penetration tester, forensics investigator, security assessments (not to be confused with penetration testing because they are different), just to name a few. Most people hear the term Infosec, and they automatically associate that with network and telecom security, but in reality it's much broader than that. I know people who do nothing but design and test physical security, they break biometric mechanisms, social engineer the heck outta people, and do tons of other things that require little or no knowledge of network or telecom security. The fact is, in most small and medium sized companies, the security team usually consists of one person (if they have that much)..."