Eliad-Cybereason

B: Offensive Security is undoubtedly one of the 'sexiest' fields in security. It is incredibly important, but mind that a company is more likely to hire a Blue Teamer (defensive security) than a Red Teamer (offensive security), and as there are more MegaCorps than consulting firms that's something to be aware of.

Specializations in Demand: Honestly, the whole fucking thing's in demand. Blue-Teamers that can double as sysadmins/IT professionals are going to have the best shot, but they're also going to have the shittiest time - they'll have to pull double duty, but they'll also have twice as many people clamoring for their skills. Plus, as you noted, everybody wants to Red Team (to be fair, there's nothing quite like the rush of popping a box) and nobody wants to work on firewall management and outbound filtering and asset inventory. The trick is to look at it from your potential employer's perspective: they want someone who can provide value and not just somebody who 'does the fun stuff.'

B: https://www.amazon.com/Basics-Hacking-Penetration-Testing-Second/dp/0124116442

This book was my bible

1) Watch CSI Cyber - kidding. Read...read...read. Stay current and know and understand the basics. Build on a strong foundation of understanding OS internals; learn how to code in C than go to Python, but understand it and not superficially. If you are a student and are preparing for university, look for a credible Cyber Security program, but also put the time in and explore on your own.

2) Certifications are not for everyone and some may not find them to be credible, practical, or relevant; however, there are a few that are strong and those are the certs that test your practical understanding of the subject matter, such as the OSCP or some of the SANS training offered for our field.

J: I joined a security team by being interested in security. I was on a devops team and anytime I saw something that appeared to be a security concern I brought it up with our security team. I then later joined the team when they had an opening. So, depending on the company, one way you can break into the field is by being interested in security and working closely with the team. What sort of security role you move into will depend on your skills.

B: I came out of one of those. Guy I graduated with didn't know what netcat was. Other classmates work at google, facebook, have started their own business.

You get out of it what you put in.

J: It depends on where you go, how much love and effort you put into it. Look at National Centers of Academic Excellence in Cyber Defense https://www.nsa.gov/resources/educators/centers-academic-excellence/cyber-defense/