I work with a few security pros who blog. As you suggest, you can't tell people specific problems you're facing at work but you can do some interesting things to get your knowledge out there:<p>1. Make educated guesses about real incidents you were not involved in. Talk about how you would have solved this problem if it were you.
2. Set up sandbox environments to demonstrate attack vectors and detection methods. Even "dumbed down" versions will help newbies out if you want to keep your more "advanced" versions secret.
3. Talk about tools and services instead of specific incidences. Most of the info about how they work is public, but you can showcase your understanding my summarizing and giving commentary.
you can and should write. it doesn't have to be your exact findings, could be case studies, thoughts, a blog can be anything, or side projects to show, whitepapers.<p>I did cyber security for years. I worked with government agencies, financial institutions and other sensitive work, so you know you can't publish. so far I've been working through word of mouth but when I considered career change, I had not much to show for to people who aren't in the know. so I made a few side projects, posts.