[raesene9]

One thing to note is Dev paying more than security is a bit geographically dependent.

I know dev salaries in the US are very high, but in other countries (e.g. the UK) security posts can pay pretty well relative to many development posts.

In terms of options, there's a fair number of options available after pentesting, although most of them revolve around security in one guise or another. On top of the obvious moves into IT/Infosec management, there are new fields in security which open up alongside tech.

Recently there's been an expansion with fields like malware analysis, blue teaming, incident response and red teaming showing quite good expansion.

Within "pentesting" there's areas like IoT, Automotive, maritime etc which can offer moves for people wanting to move on from more trad. pentest roles.