Has anyone here made a transition from a different role in infosec into pentesting or red team work?
I currently do security systems engineering (I help build COTS/FOSS tools/SOC apparatus) and am working towards my OSCP in my limited spare time. I have an interest in giving the offensive side a shot after I can pass the OSCP exam, but I would be going from a relatively lucrative position to a complete know-nothing noob. I’ve learned that I do better when I work with a team of people that I can speak to and bounce questions off of. However, I don’t have any idea how I would get my foot in the door even if I were able to find an entry point without taking too much of a salary cut. It kind of seems that I’m possibly at the point in my career where I’m better off just doing CTFs for fun.
I’d appreciate any guidance you may have in how to approach this.
I used to hack around randomly on the internet without knowing what I am doing when I was a kid. Sooner I found linux, tinkered a lot, installed many distros. But then, I needed money so I hosted two websites and went for an interview for a web developer. Sooner became a backend developer. I was at peak and was expected to work on a project that would have been a micro service. The architecture client had asked for was quite impressive. Completing that project would have given my career a big boost as its quite a big thing indeed. Now lockdown in my country due to COVID-19 has forced me to leave the job. Now that I have some time, I am thinking about becoming a penetration tester. Right now I am trying to catch up with the industry and possibly do some bug bounty hunting to fill up the blank CV.