Software Development or Penetration Testing?

Before anyone says anything, let me introduce myself. My name is Adam, I work for one of the worlds largest financial firms in an "Information Systems Management Role". It is a team of entry level kids that mostly have business degrees (like myself) and I have been able to stand out and move up due to my technical aptitude and my abilities. I suppose these abilities that set me apart are 1) The fact that I give a damn, 2) I taught myself how to write SQL code, and have gotten very exceptional using SQL Server as my RDBMS 3) I have a very firm grasp of Relational Database Theory. All of these skills I have either taught myself along the way or I learned during my (literally 1) undergrad courses in MIS. My undergrad degrees (I have two from Miami University in Ohio- shitty school IMO, but looks great on paper)

Anyways, I am 26, and the MIS role I am in now has made me realize that I want to push/pull/drag my career as far to the technical side of Computer Science as I possibly can. I am currently taking online classes from a local university (Wright State if you care to know) toward and Undergrad degree in CS. I have the option of skipping this degree entirely and transitioning (like a boss) to Wright State's brand new "Cybersecurity" Masters program, once I have completed all the core requirements for their CS undergrad degree.

I see this as a good opportunity. The downside is that not all of the program is offered online, and it may require me to leave my job. This sucks obviously, because I don't fancy going into debt to get a masters and then trying to find a job all over again.
I am also not entirely sure that I want to get a degree in Cybersecurtiy. From what I have read on this board the market seems like slim pickings, compared to the market for software developers.

Which leads me to my next segway<----(don't know how to spell this, and don't care), I like software development. I like to break down code, write code, etc. I am learning Java, and will get my OCAJP after my first and second undergrad java courses. I also know SQL. I am probably considered "intermediate" in SQL and "Beginner" in Java. I also have experience using Visual Basic, but any monkey who can write Java can probably figure out VB, and VB isn't exactly in demand (please correct me if I am wrong and there is a huuuuge VB programmer market out their hidden from the world like Hogwarts).

So I am torn. If I continue the path I am on, and get this M.S. in Cybersecurity, I would want to do Pen-Testing. I have been into it since I was a kid, and I enjoy it. However, I could go back to school online at Dakota State (Bachelor of Science in Computer Science, Programs and Majors, Dakota State University, Madison SD) for their undergrad in CS, and just use the creds I have already earn and finish up another undergrad. After the B.S. in Comp Science is complete, I would get my Java certification and a SQL cert and dive into the Software Engineering/Database engineering (Database Engineering is like software engineering in a wheel chair IMO) market.

So, I am looking to the fine members of this forum to help dissect my decision. Feel free to make any comments or assumptions, I won't be offended. I am most interested in the market for penetration testing vs. the market for Software Engineers. It seems that the demand for Pen Testers is much smaller (based purely on a few Indeed.com searches) but that pen testers commend a stupidly high salary. (correct me if I am wrong). On the other hand, the demand for software engineers is pretty stupidly high. The average starting salary is 40,000+ in Columbus Ohio (where I live) and that is more than I make now.

I am honestly leaning a bit more on the Keep My Job/Get 3RD undergrad and go write software for the rest of my life, rather than... quit job get MS/Cybersecurity and try to move into pen testing (after slaving away to get an OSCP cert).

So yeah, looking for some educated opinions. I am also considering going back in time with my Delorean and shooting myself in the head the day I decided to get a degree in marketing and International Business.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

dbrink

Go with what you want to do and have a passion for. Don't pursue a degree/career just because it pays well, you'll most likely be miserable.

wanninaj

Thanks for the reply, I agree with you completely. The issue is that I enjoy writing software and could do it for the rest of my life and be happy. I could also do penetration testing for the rest of my life and be happy. Which one would make me happier? I don't really know. At first glance Penn Testing is the "cooler" choice, but I could care less about what is more exciting. I want challenging, rewarding work.

So for arguments sake, both careers will give me the same level of satisfaction.

What I do not want to do however, is be in some form of managerial IT Sec role. If I am going to do info sec I want full hand on pen testing and forensics. But I realize the demand for this is low.....(or am I wrong?)

There is obviously no "right" choice, which is why I am just asking for opinions, and an explanation please.

Ukimokia

From what I hear, pen testing eventually gets boring and redundent. I would suggest going the software development route.