The security market is insanely hot right now and will continue to thrive. From my perspective, we are reaching a point where security is seen as a commodity, not some optional process––everyone needs to know about security, even if they aren't working in the field. From a job perspective, schools are not able to keep up with the demand and even then, those leaving academics are not showing strong practical skills they can apply.
SysAdmin/SRE/Dev is the perfect sort of person to transition to security. You are going to think about how the system functions, what is running on top of it and how to ensure it stays online. When I interview candidates, I like see an alternative background as it means that person is going to bring a new perspective. "Security" as a job doesn't really make as much sense to me––you specialize in a given area (i.e. network background folks may maintain appliances, rule sets, detection signatures, etc.) and apply security to that area. I see your area as a means to solve a lot of security problems. Configurations, deployments, etc. can be checked in and accounted for with code instead of relying on people; there's massive power in that.
When it comes to certifications, I think there's two schools of thought. There's folks who look at the paperwork and make sure you can check the box, giving way too much value to certifications. For those who have been around a bit, they see the certification as practical, though no substitution for real-world experience. If you are being cost conscious, check out some of the free resources online for Network+[1] and Security+[2]. The important take away in those materials are not that you _need_ a certificate, but that you should understand the content and be confident in speaking out it.
If the red/blue side is more your style, I can't recommend enough to check out the Offense Security courses [3]. The tool set is free, the course is reasonably priced, it's a lot of fun and will give you real-world experience that is far more favorable than the standard certificates. Skip the whole CEH program as it has a poor reputation.
You mention six figures, but don't provide a scale, so it's hard to know how much a pay-cut you would potentially take. That said, security pays well and it's not uncommon to see salaries in the ranges of $100-200K even with less experience. All salaries are relative, but in general, a lot of my peers are not exceeding 200K on the base, though clear a lot more when factoring in other incentives like stock, or bonus.
Background: Been in security my whole career (started in networking and morphed into security) totaling close to 15 years. Like you, I have a set of skills outside of security (sys admin, networking, dev) and it's played in my favor a lot. Reach out to me direct if you have more questions!
SysAdmin/SRE/Dev is the perfect sort of person to transition to security. You are going to think about how the system functions, what is running on top of it and how to ensure it stays online. When I interview candidates, I like see an alternative background as it means that person is going to bring a new perspective. "Security" as a job doesn't really make as much sense to me––you specialize in a given area (i.e. network background folks may maintain appliances, rule sets, detection signatures, etc.) and apply security to that area. I see your area as a means to solve a lot of security problems. Configurations, deployments, etc. can be checked in and accounted for with code instead of relying on people; there's massive power in that.
When it comes to certifications, I think there's two schools of thought. There's folks who look at the paperwork and make sure you can check the box, giving way too much value to certifications. For those who have been around a bit, they see the certification as practical, though no substitution for real-world experience. If you are being cost conscious, check out some of the free resources online for Network+[1] and Security+[2]. The important take away in those materials are not that you _need_ a certificate, but that you should understand the content and be confident in speaking out it.
If the red/blue side is more your style, I can't recommend enough to check out the Offense Security courses [3]. The tool set is free, the course is reasonably priced, it's a lot of fun and will give you real-world experience that is far more favorable than the standard certificates. Skip the whole CEH program as it has a poor reputation.
You mention six figures, but don't provide a scale, so it's hard to know how much a pay-cut you would potentially take. That said, security pays well and it's not uncommon to see salaries in the ranges of $100-200K even with less experience. All salaries are relative, but in general, a lot of my peers are not exceeding 200K on the base, though clear a lot more when factoring in other incentives like stock, or bonus.
Background: Been in security my whole career (started in networking and morphed into security) totaling close to 15 years. Like you, I have a set of skills outside of security (sys admin, networking, dev) and it's played in my favor a lot. Reach out to me direct if you have more questions!
[1] https://www.cybrary.it/course/comptia-network-plus/ [2] https://www.cybrary.it/course/comptia-security-plus/ [3] https://www.offensive-security.com/