Jumping in the thread since there are a lot of very helpful advices here, I would like to know if my career change seems stupid or not?
Here is my background:
I am a SRE for a FAANG for a couple of years, sharing my time between system development and operational work. I am almost 40, EU based, been doing that for more than a decade.
I am more and more considering a switch to a security position, because I start being tired of operational tasks and oncall duty.
I have a fairly good knowledge of operating system/linux internals, the underlying mechanisms (memory layout, subsystems, io, kernel/user space, ...) how programs work down to the cpu level (registers, stack/heap, assembly, cpu rings, syscalls, stackframe, ...).
Some minors contributions to the Linux thanks to the Eudyptula challenge (eudyptula-challenge.org) I've completed a few years ago, also minor patchs for the FreeBSD kernel.
Security wise, a few years ago I was very interested in reverse engineering (Softice, windasm, ida, understanding exe packers, debuggers detection) and lately managed to participate in a few CTFs and done some Linux reverseme (thanks radare2!)
Security is a very wide world, but reverse engineering/exploiting binaries would be the thing I like the most (familiar with stack smashing, rop, format string attack, everything low-level)
I am also starting to write an toy interpreter/compiler from scratch.
I have been talking to some security engineers from another FAANG company, and realized that what they were doing (security audits, CVEs impact analysis, lot of paperwork/emails/document writing) is something I am not interested in, I like low-level technical stuff.
Hence my question: am I dreaming? Is that possible with this background to find a security position where low-level/reverse-engineering is the main part of the job?
What would be the best thing to start with? Find some security issues in opensource software? reverseme write-ups?
Here is my background:
I am a SRE for a FAANG for a couple of years, sharing my time between system development and operational work. I am almost 40, EU based, been doing that for more than a decade.
I am more and more considering a switch to a security position, because I start being tired of operational tasks and oncall duty.
I have a fairly good knowledge of operating system/linux internals, the underlying mechanisms (memory layout, subsystems, io, kernel/user space, ...) how programs work down to the cpu level (registers, stack/heap, assembly, cpu rings, syscalls, stackframe, ...).
Some minors contributions to the Linux thanks to the Eudyptula challenge (eudyptula-challenge.org) I've completed a few years ago, also minor patchs for the FreeBSD kernel.
Security wise, a few years ago I was very interested in reverse engineering (Softice, windasm, ida, understanding exe packers, debuggers detection) and lately managed to participate in a few CTFs and done some Linux reverseme (thanks radare2!)
Security is a very wide world, but reverse engineering/exploiting binaries would be the thing I like the most (familiar with stack smashing, rop, format string attack, everything low-level)
I am also starting to write an toy interpreter/compiler from scratch.
I have been talking to some security engineers from another FAANG company, and realized that what they were doing (security audits, CVEs impact analysis, lot of paperwork/emails/document writing) is something I am not interested in, I like low-level technical stuff.
Hence my question: am I dreaming? Is that possible with this background to find a security position where low-level/reverse-engineering is the main part of the job?
What would be the best thing to start with? Find some security issues in opensource software? reverseme write-ups?
Thanks a lot!