[MattPalmer1086]

I made the transition from software to security over a decade ago.

I took the academic route, and did a Master's degree in Information Security. I tried to get more security experience in my work.

Wasn't a fast transition for me, but I was fascinated by the subject, and wanted to really study it.

There's other and probably faster routes, but it really depends what interests you. It's a broad subject.

Offensive security can be good to learn, maybe look at doing something like OSCP.

[pyuser583]

Are there any academic programs you recommend?

[mlac]

https://www.heinz.cmu.edu/programs/information-security-poli... (less technical, policy focused)

https://www.cmu.edu/ini/academics/msis/index.html (more technical).

In either program you can take classes from any other graduate or undergraduate program at CMU (except music or acting).

[MattPalmer1086]

I studied at Royal Holloway, which is one of the best Masters degrees out there in info sec.

It was also one of the first to offer it by distance learning back in 2003, which may have influenced my decision also ;)