I'm a senior SWE with 5 years experience looking to transition into security engineering. I've done some CTFs and have basic knowledge of OWASP top 10. What's the most effective path? Certs vs hands-on experience?
I made the transition 2 years ago. Here's what worked: (1) Start with application security — your SWE background is a huge advantage, (2) Get OSCP or similar hands-on cert, (3) Contribute to open-source security tools, (4) Do bug bounties on the side. Took me about 8 months to land my first security role.
3/8/2026
Certs help get past HR filters but hands-on experience matters more in interviews. I'd recommend doing CTFs on HackTheBox, building a security-focused project, and networking at local security meetups (BSides events are great).
3/8/2026
Sign in to answer this question.