It's a rapidly growing field that has more jobs than people. Meaning, at this point if you have a solid dev background and strong practical skills in security you're most likely going to make bank.
While anecdoctally speaking, I know people who switched from senior dev positions at two of the FAANG companies to smaller security companies and basically doubled their income and making north of $500k/year.
What I can share is my roadmap how I manage to break into the field without any prior professional IT experience.
1) Linux. Learn it and live in it.
2) Linux servers and databases.
3) CompTIA Network+ (only for the knowledge, didn't bother getting the cert)
4) CompTIA Security+ (same as above)
5) OSCP certification (not a golden ticken by any means but it helps to bypass HR)
That's basically it. While going down that road I focused on hands-on practice by actually hacking into machines with the help of following resources:
A) Hack The box (hackthebox.eu)
B) PentesterLab (pentesterlab.com)
I also really like Portswigger's Web Security Academy (portswigger.net) and Try Hack Me (tryhackme.com) but they weren't around when I was starting out but I would definitely check them out, especially if I was completely new to security today.
All in all it took me roughly a year but get comfortable enough to start applying to junior pentesting positions and eventually I got hired.
There are probably better and easier ways to do it but that's how I did it at least.
Hey thanks for this! I'm a senior dev and I just left my job. I'm going to be learning and studying full time but hopefully it doesn't take an entire year before I can get a job
I did not get a remote position. I eventually left the company though and started do consulting instead so I'm mostly working remote (and 100% at this point due to covid).
