| Having dev/ops experience is a huge plus, there is a lack of security practitioners that know the pains of developers that and are able to offer technical security advice from experience. A good place to start is by trying to distill some of your hard earned experience into a two hour session for a technical audience in the gaming industry, and offer that to potential clients.
As a starting consultant, this is a low-risk way for clients to gauge your expertise and can give you a foot in the door, or at minimum valuable feedback. Are there common security standards or regulatory compliance drivers for the gaming industry?
Understanding the external security drivers for a company and being able to translate these drivers into pragmatic requirements or processes gives you a leg up compared to generic security consultants.
Having knowledge of common frameworks can be beneficial. Look into NIST CSF, OWASP SAMM and the OWASP DSOMM (In order from high-level to hands-on) If you want to pad the CV with some certifications, have a look at Paul Jerimy's certification roadmap. https://pauljerimy.com/security-certification-roadmap
Skip the basic ones (such as security+), especially since you have dev experience. Go for CISSP if you want to offer managerial advice or go for the technical certs (eg. cloud provider certs) if you want to be more hands-on For additional training, have a look at the list that NIST compiled: https://www.nist.gov/itl/applied-cybersecurity/nice/resource... Seek out your local OWASP chapter and attend some local meetups and security conferences. Talk to your peers at these events and learn what positions they hold, what challenges they have and what tips they may offer.
Many OWASP projects are looking for (dev) contributors. Have a look and see if you can contribute to some projects with your experience. This is a learning opportunity and you're helping the community, being a contributor can be a great way to show your expertise to potential clients.
If you are using OWASP projects, the OWASP slack channels can be quite active and good learning resources too. OWASP conferences often have free or low-cost training too, as part of the conference. |