Comment by 0xBDB

> most advice has been starting at the bottom as an IT helpdesk worker

I've been in infosec for about 10 years. It's a very broad field. Opinions vary but it's generally not considered an entry tech field. This advice is broadly applicable to most technical roles (SOC, pentest, security engineering). You are going to need to know what a current IT or devops engineer knows and then some for those.

For appsec you will need to know what a developer knows and then some. Languages may vary but the webdev languages are always in demand.

For GRC roles (governance, risk, compliance) you may not need to be that technical. These are policy / paperwork / audit type roles. Unfortunately supply and demand being what they are, they're also generally the lowest paid and (in my opinion) least interesting roles.

The catch here will be that the job market is very poor right now in security as in every other technical field due to layoffs and AI, and (speaking as a 48 year old) ageism is real.