|
Hey, I'm about 8 months ahead of you, I quit my dev job and studied full time to get the OSCP and then took a job as a security consultant with the aim of being a full-time penetration tester. Now I'm going back into development. Security is a broad field but if you want to get into pen testing then you are definitely in a good position skills and career-wise. And yes the security industry is booming at the moment and will likely continue that way. Don't bother with SANS certs, they are just too expensive and not worth for an individual to take. I would highly recommend the OSCP, you will learn a ton and if you pass its a very well respected cert to have. Stay away from certs which don't have a practical element, i.e. Certified Ethical Hacker (CEH) which only reqiures a multiple choice test, nobody cares about these kinds of certs. However, based on what you say in your post, I don't think its a good idea for you to switch to security. You will likely have to take at least a few months to study for a cert like the OSCP in order to get a junior pen tester role and once you do get that role, you will be earning a junior's wage. Another option would be to spend a few months doing bug bounties to prove yourself but this will also take time to learn the ropes. You might be lucky and not have to take a 50% pay cut, but the chances are you will have to take at least some kind of pay cut, do you love security enough that you are willing to do that? For me the realisation was that I was starting at the bottom of the ladder as a pen tester despite coming from a very well paid dev job and I was wondering "do I really enjoy this enough that I'm willing to wait a few years until I am earning the same money I was as a dev?". I did like working in security, but not enough to make it worth it for me to start out at the bottom of the ladder again. Also I'm in my late twenties with no kids.. Also one thing to keep in mind, and this varies depending on what kind security job you have, but in pen testing at least there is a significant amount of travel involved which isn't necessarily compensated for by your salary (at least not at a junior level), this is one thing to keep in mind especially since you have a family. Finally, you mention that you "spent my entire career in the world of sysadmin/SRE/shitty dev", I would suggest trying to look for a "non-shitty" job in one of those fields, you already have a wealth of experience so I would use it to get a job that you like, certainly not all dev jobs are shitty. Maybe you need to learn a new language or framework or gain some specific domain knowlege in order to to work on more exciting problems or in a better enviornment? A lot of the posters in this thread seem to make it out that your job experience will almost mean that you can walk into a security job, while your experience is extremely beneficial, ultimately there is nothing that prepares you for a security job more than the job itself and most pen testers know this. Hence you will likely have to start out as a junior again. Also my experience is based in a large city in the UK (not London), so it might vary from location to location but I doubt the industry is that much different in the US or anywhere really. |