[ninegunpi]

Background in infrastructure is the best you can have - you will be far ahead compared to many newly educated ‘security engineers’, knowing the application domain.

What I would think about if I were you (was so 15 years ago - started as systems engineer in telco, although has been playing around with systems since childhood) is to try and capitalize on knowledge you’ve got - pick entrypoint to secuirty market as ‘security for X’, where X is the type of systems you’ve been administrating. This way, you’ll have a solid base of problem domain experience, and will be able to easily associate new learning material and new work challenges with experience you’ve already got.

Security is a huge domain of knowledge - being able to bite it with digestible chunks is crucial not to turn into another checklist drone or certified skript kiddie.