[lucb1e]

I work as pen tester (ask me anything). In school I got the opportunity to pick digital security as my major, but I'm certain any computer science related study would have been fine.

When interviewing for my current company, my first full-time job, I was given a vulnerable web application which they used to assess whether I could do the job (next to a regular interview). I aced this hack test, but due to it being my first full-time job they still scaled me in as a junior.

Overall, if you know your thing, you can just go and interview with companies that do security. Specifics, such as a workflow when performing a security assessment, are specific to a company anyway. With some semi-related work experience (many colleagues have a programming background) you should be able to come in above junior too.

As for where to get the skills: hack something. My study gave me dedicated time to spend on it, but even in high school I was writing code, sharing it with others, and we had fun poking around each other's applications security-wise. That's how I truly learned: doing.