[sillysaurus3]

Simple. If you value your career as a dev, you won't become a pentester. :) There's no upside except intellectually. Being a dev pays more and gives you more options going forward.

That's a harsh way to frame it, but it's also accurate. (I'm speaking from experience FWIW.)

In other words, you could have become an ML engineer anyway. No reason to risk it by becoming a pentester.

[raesene9]

One thing to note is Dev paying more than security is a bit geographically dependent.

I know dev salaries in the US are very high, but in other countries (e.g. the UK) security posts can pay pretty well relative to many development posts.

In terms of options, there's a fair number of options available after pentesting, although most of them revolve around security in one guise or another. On top of the obvious moves into IT/Infosec management, there are new fields in security which open up alongside tech.

Recently there's been an expansion with fields like malware analysis, blue teaming, incident response and red teaming showing quite good expansion.

Within "pentesting" there's areas like IoT, Automotive, maritime etc which can offer moves for people wanting to move on from more trad. pentest roles.

[Eridrus]

I found security to be more financially rewarding than dev work (in the US) by asking developers at places I worked how much they were paid.

I wouldn't really recommend being a pentester either, but there is plenty of need for people who understand security and can code to write software.

It seems like you're having a tough time, and maybe ageism is a factor here, but none of what you're saying really meshes with my experience.