[hinkley]

Just an anecdote. I took an opportunity to break into security at 35, with a company that was willing to take a risk on a guy who showed up with a bit of knowledge and a lot of confidence.

I did good work, but expertise was thin on the ground. I discovered that while I like the subject matter a great deal, I didn't like is the chain of responsibility at that organization.

At one point I felt like I couldn't leave because the system would come off the rails if I wasn't there and I harbored some resentment. If you can find a place where you're working in an advisory capacity you won't run into that problem.

Are you seeing job openings where you are taking a big pay cut to work in security? That didn't used to be the case. I used to lament that the problem with my platonic ideal for QA people is paradoxical; the sort of person whom I would cherish as a QA person could spend a year retraining as a security auditor and make more money than me instead of 70% of what I'm making.