Yes, I will be attending all meetups I can find on security, but haven't found many options here in Melbourne (those two are in Sydney). Here I've found a local OWASP and Ruxcon, but they are not that frequent.

This is very different from the web development world, where you can find dozens of relevant meetups every month. I guess that's part of learning a new area, perhaps security people use a different channel to connect, we'll see...

Good points, it definitely took a lot of effort to switch into web development.

There is a lot of good information here in HN for web/cloud stuff, that's how I started in web development (and doing all courses/projects I could get my hands on)

After that, I started doing freelance work on Elance, for next to nothing initially but it picked up really fast.

For cloud/web development there are a lot of meetups depending on where you are as well.

If you have some questions about the web side of it you can contact me on the email in the HN profile...

Thanks for the good advice, especially #2, I need to start seriously working on the income/savings side. There's food on the table for the family, but need to save more for these 15 years for sure...

I looked into doing an MS, but I already have one (obviously not in CS) and with all the information and tools freely available now...I am leaning towards building stuff and using it as leverage for #4.

I am after the skills more than after the degree, I can move much faster that way. If a field really needs the degree I will try another one, this strategy worked with web development, so I will try that first and see.

I am in Australia...so no Matasano for me.

Honestly, I had been thinking about getting a little more experience before applying to companies like that, but you have a good point.

Use interviews to find your weak points and get practice. You don't want to come across your perfect job and have that be your first interview.

For my part, when I look at low-level programmers, I really just want to make sure they have a handle on pointers and the allocator, stack vs. heap, strategies for making that understandable (RAII in C++ or reference counting for example), how to debug access violation (and what it really means). Most everything else can be taught.

Also, for crypto, there are lots of entry-points for web developers -- web penetration is a big part of it.

Good tips, thanks. I haven't really interviewed in a while.

I am looking at pentesting as a potential next step. Based on my initial research it seems doable and might lead to good opportunities down the road...

Whereabouts in Aus are you?

I'm in a vaguely similar boat. Electronic Engineer, doing low-level software for the last decade, and now having to pivot to more web stuff, because there's little other work where I am. And yes, also in mid-thirties.

Might be interesting to talk f2f if you're local?

Melbourne...

I am kind of approaching this from the opposite direction (looking for lower level stuff, but not really embedded either)

I think there's an opportunity for knowing both (IoT, and things like that), but definitely more action on the web stuff in general.

Might be interesting to share tips and strategies. My email is on the profile.

Thanks, will check it out. Had no idea that the author of the Innovator's dilemma had a book like this...