Good career either way, but software has a negative pressure on salaries due to foreign labor imports. You could avoid that situation by working government contracts but then you might not like the areas those jobs are typically located. Covid has made remote work a real possiblity, but I don't think that will last much longer.

I work in network security for a large healthcare organization. I’ve been with them over 22 years now, the last 15 or so doing security roles.

Pen testing is likely a bit of a niche area. I suppose if you found a position with an outsourcing organization which specializes in the field it may prove viable, but I’m skeptical that it is a good mainstream entry point into IT.

IMHO, you’d be far more likely to be successful in a career change by focusing on technologies like firewall, identity and access, remote access, or maybe vulnerability management. I’m sure there are plenty of fast track programs to get your initial certification(s) with minimal cost and time expended, and those positions are highly in demand.

Get your foot in the door, keep your eye out on emerging trends and opportunities, and you can likely make a great career change.

I am a Security Engineer on the financial side, I do recommend going with managing firewalls, security tools, SIEMs, etc. You don't need to know too much programming but some will help depending on your role in the organization.

9+ yrs of IT/IS Experience
Masters in CyberSecurity

I agree with the_tunaman. I work for a huge organization and pentesting specifically is not a thing. But we do tons of work with firewalls, access points, remote access, VPN, etc. You open more doors with a broader spectrum.

I disagree. I am a software engineer, and government contracts pay very little compared to the private sector. im talking about they pay about 20% of what private companies pay. Not 20% less, 20% of over all pay.

"foreign labor imports" is not really a negative pressure. Its needed because there aren't enough quality software engineers in the US. Most (not all) private Companies pay more for foreign labor as the cost of actually getting them the visa/relocation cost/lawyers fees are so high.

Salary pressure may occur due to remote work, but most the view that i have seen working at a big company is that remote work is more or less career suicide (There is an obvious bias for engineers that choose to come into the office, so take that last statement with grain of salt), so most of the engineers that I know have chosen to say in office.

If you are into python, you can get into writing bots and selling usage time and have passive income.

Last year I wrote bots to buy ps5 consoles and gpus and wanted to license it but never got around to it.

It was fun as hell rotating through thousands of IPs and checking sites through the backend many times In a second and tricking their servers.

Not true about the foreign labor imports. There's a reason that foreign labor gets imported and that's because CHEAPER!! I saw this when I was working for one of the larger software development companies. Most of the software development staff in our office was from India. I also watched as the company fired--er, "laid off" American software developers (good ones, too) and hired new developers in India to take their places. It's all about the Benjamins, baby....

Now, regarding the proposed cybersecurity career change. I am currently in this field and have been for a few decades now, long before we started using the term "cybersecurity" to refer to this work. I'm talkin' back when it was simply a standard part of proper systems engineering. So, I'll give you the same advice that I give anyone who asks.

You need to understand how the technology works. The best thing you can do to get started is to get yourself a business-grade broadband link in your home, so that you get a static IP address or two. Set up your own router/firewall, preferably with something like OpenBSD, GNU/Linux, or similar.

Buy the following O'Reilly book, "Building Internet Firewalls", and study it. Don't just read it; study it. It will explain to you what a firewall really is. A firewall isn't necessarily "a box"; rather, a firewall is really a strategy that can (and usually does in enterprises!) comprise several types of devices. That book will teach you the theory. I found it incredibly valuable.

Also, set up your own server(s) at home for printing, file storage, and so on, and connect to those servers (or server) from your daily driver desktop.

Eventually, when you're comfortable with all this, then you can look into setting up a DMZ on your home connection and standing up a VPN gateway so you can log into your home network when you're out on the road.

In other words...first, learn by studying and then doing. There's a reason I make the money that I do (it's pretty darn good!), and that's because I didn't take shortcuts in my learning. That makes me very valuable to organizations.

The mindset that you should have is to become a systems engineer, who, oh by the way, does this thing called cybersecurity. That's how you will really learn how to do what we now call cybersecurity work. Trust me, I've been doing this a long time.

If you can read/speak Russian or former Soviet bloc language, you are in like Flynn.

Once I wanted to become a programmer or something PC-related but then I realised that my way of thinking wasn't fit I mean one can't become a really good programmer unless they have some sort of predisposition to it.
Good luck with your job search

I've scene PC Matic is hiring from their commercials.

Setup a home lab. It will give you experience with general IT, system admin, network admin tasks. Spin up some vulnerable VMs and get hacking and see how you like it.

If you're a python pro QA is a good place to start to get into a big tech company and from there you can move around internally