I started my career in security at 35, a few years ago.
I had a strong reverse engineering background from the software development projects I'd worked on professionally, and had dabbled in security-related things in my free time, so certifications weren't required.
It has been a pay increase rather than a pay cut, but I think that was partly due to moving location. I've had two jobs so far, and no shortage at all of offers when I was looking.
Having significant prior software development experience has been useful. About half of my work so far has been writing tools to assist vulnerability research, and the other half analyzing and discussing security bugs with the developers responsible for making the fix, so having this background has helped in both of these. But it depends what area of security you're aiming for.
I would say go for it, put your resume out there, if you've done anything at all even tangentially related to security in your working life then you have a good chance.
To be honest, I didn't think I had a chance compared to all the elite hackers and researchers who've been doing this sort of thing for years, and was surprised it all worked out.
Hello, can you provide an email address where I can contact you? I am very early in my career but it seems we've had similar paths and I would like to ask you some questions.
I had a strong reverse engineering background from the software development projects I'd worked on professionally, and had dabbled in security-related things in my free time, so certifications weren't required.
It has been a pay increase rather than a pay cut, but I think that was partly due to moving location. I've had two jobs so far, and no shortage at all of offers when I was looking.
Having significant prior software development experience has been useful. About half of my work so far has been writing tools to assist vulnerability research, and the other half analyzing and discussing security bugs with the developers responsible for making the fix, so having this background has helped in both of these. But it depends what area of security you're aiming for.
I would say go for it, put your resume out there, if you've done anything at all even tangentially related to security in your working life then you have a good chance.
To be honest, I didn't think I had a chance compared to all the elite hackers and researchers who've been doing this sort of thing for years, and was surprised it all worked out.