Thanks for the great advice.  Its very helpful.  I will do some more studies on those.

Hi folks,

I am new to this forum and glad to see many helpful advice on a hacker career.

My situation is that I have been working in the field of web application development for many years and now as a senior manager.  In the area of web security, my knowledge is mostly about how to avoid xss, sql injection, some rule settings in network devices, working with external pentesters, Windows hardening...etc.  That's basic understanding from developer point of view.

To gradually change my path to security, I wonder if its practical step one could be getting certified and try working as a freelance pentester.  I am happy with low paid part-time jobs.  Just want to know if this is a typical starting point.

Thanks in advance for any advice 

LN