[janfry]

Daniel Miessler has a good general guide: https://danielmiessler.com/blog/build-successful-infosec-car... tptacek, who posts often on HN, also has some wise words: https://krebsonsecurity.com/2012/06/how-to-break-into-securi...

There are so many sources of information and learning grounds available now - bug bounties, certifications, war games, online tutorials, blogs, conferences etc.

I would suggest choosing a particular area of interest to begin with and deep-diving on that subject. Look for mentors or perhaps someone to knowledge share / skill exchange with.

You could do pretty well with a base in C#. Through pentest engagements, I've come across quite a few C# apps in my time and even with my limited knowledge of the language, found some interesting vulnerabilities ;)

Edit: Added tptacek link