I believe I have a fairly good shot at a path into security with my existing company, which I also believe is an industry in high demand and pays well.
I know how to code at a reasonable level, understand network and sysadmin basics. I also understand the underlying concepts of security and am frequently a consumer of my companies penetration tests, but lack any practical experience in the field.
My thoughts were to give a couple of SANS and EC-council courses a go, try some stuff out on my own, do some shadowing at work and then aim for OCSP or SANS 660 after getting more hands on experience.
I had a couple of questions for anyone in the security arena:
- Am I on the right track in terms of my theoretical progression?
- How hard is it to get proficient in this area?
- Is it an interesting field?
- Any other general thoughts/tips?