Ok I apologise if this is the wrong place to post this question but my searches for Penetration Testing careers came up with conflicting views on various blogs.
Some are saying that you need to be well certified and members of various organisations while others say simply coming from a self taught method is the way to go.
I am looking at the long game (1 - 2 years) before I decide to make a career change.
Firstly, I am a web and mobile app developer currently but have recently come upon the penetration testing world after simply reading about it when we had a website of ours that was pen tested.
Simply put this fascinated me from the stand point of making web sites and their servers more secure, which in turn I ended up downloading a load of Vulnerable apps and system from the OWASP site and beginning to use Kali and its tools.
So my questions were:
(a) To get into the field as a 45 year old (Not that age matters I doubt) is it preferable (To security companies) to get certified while also doing my own ethical hacking at home, on internal systems only of course.
(b) IS there a recognised course to train with? A lot of companies/websites offer courses but is there one that stands out? Obviously I don't have a limitless budget to pay for courses and if simply training myself at home is enough to get me experienced enough to eventually apply for a job I'd rather do that.
(c) Do I need to specialise, i.e. concentrate on Web app testing with the bare minimum of network testing needed to support web app testing or do I need to know both Network and Web App testing methods equally well?