I'm a soon 29 year old guy with a master in information technology working full time as a. NET developer. I've had an interest in security, especially pentesting since high school, but back then I never really considered it as a career path option. Now lately the last year I've begun to read more and more security articles, tutorials etc, and I've started coding in Python trying to make small client server back doors, my own http server and stuff like that to get an in depth knowledge of networking and protocols etc. I'm also reading Counter Hack Relosded, and this world of security is so much more exciting compared to my daily job.
Hence I dream of a career within pentesting, but do you guys think it is to late for me to change direction from being a 'commercial'. NET developer without any real knowledge within security to becoming a professional pentester? If not, how would you approach this endeavour, and what path do you think I should take? The reason why I'm so in doubt is because this field is so large and requires such a broad knowledge, and I can code, but I really don't know where to start.
I don't have any really useful knowledge within security, so I'm a complete newbie, I only have like 3 years of programming experience, but I consider my self a fast learner.
What do you guys think, am I to late with this, and is my age against me, or how and where could I start with my current knowledge?
Oh and I'm sorry for the length of this post.