Currently L5 SDE at Amazon. I've always been really intrigued and interested in InfoSec - especially offensive security. Has anyone moved from the software engineering side of things to the security side? I've been considering going through the OSCP but it seems like a pretty big investment and I'm hoping to get some more perspectives before moving forward.
Get into doing bug bounty programs. If you can write code you can do code audits and find vulnerabilities with practice. Read the public reports on hacker one to get ideas. Alternatively, try to get a swe role in a security org somewhere. You could get paid to learn on the job.
If you are a SWE then you might not like infosec. Builders don’t like to work on breaking stuff for ever. Initially it may interest but sooner you will lose interest
Within FAANG and broader top tech, security engineers' base salaries and software engineers' base salaries are about at parity. But security engineers receive less RSUs If this is something you're interested in, stay a SWE and join a team developing security software, or something adjacent to security at least.
False. You must have different experiences than most. Security SWEs make more. Security engineers are is higher demand than regular SWEs, and there are less of them. Pay is better and you can negotiate much higher.
My experience is Google, Facebook, and Apple. What is yours? Are you saying Amazon and Netflix are different?