Watching the Watchmen - advice appreciated

Alright, guys, I seem to have a severe case of chasing Shadow IT.

As a poor soul running an *internal* compliance initiative for an MSSP, I've been dealt with "internal security" as a part of my portfolio. Sounds cool, I thought. At least I won't have to explain to people that security is important, right? Those are professionals, some of them far more experienced than me, with whole arrays of accesses in client companies since we're the ones building security …

advice case compliance cybersecurity important initiative internal mssp people poor running security shadow shadow it soul thought