After quite some time of being interested in the area of security (e.g. penetration testing, malware/virus discovery and removal, vulnerability of operating systems etc) I'm finally looking to actually get off my lazy arse and do something about moving into this area of expertise.
Some background on myself. For the last 14 years (yes people can be that old and not be dead) I've been working in IT in the area of Java design and development (with about 8 years of team leading). Primary development platform is Windows with primary deployment platform being Solaris so I have reasonal experience of using Unix (shell scripts are your friend). I also have experience using PERL, VBScript and C/C++ although my knowledge is far from exhaustive in those areas. My networking experience is limited to the usual configuring of work LAN/work PC's so again far from exhaustive.
The advice I'm after (now that i'm finally getting to the point) is whether after so long in software design/dev it is practical for me to switch streams to a security focused (network penetration) career.
My plan was to take a break from software dev (contracting has some benefits) and focus on getting my networking/basic security knowledge up to a decent level via the Network+ and Security+ CompTIA certs. Is it practical to self-teach those without actually working in a networking/security based role already? Obviously VM Labs can help a huge amount there but would that end up being sufficient (with those 2 certs) to eventually get into an initial security role (junior role) and get myself started on that career path and on to further certs (CEH etc)?
Would also be interested to hear of experiences from others that have switched paths like this (especially in the UK but thats asking a bit much).
Any thoughts/advice anyone can give would be gratefully received.