How lucrative is security work? It’s a direction I’ve been considering moving towards but the salary info I’ve seen is not great. Am I looking up the wrong terms/titles?
As an employee, application and infrastructure security work pays somewhat better than normal product engineering work (there are good jobs and bad jobs, of course).
There are lots of security jobs that don't pay especially well and are career dead-ends --- enteprise IT security isn't a good place to end up, nor is sales engineering ("security engineer") for security product companies, nor is malware analysis.
My feeling is that software/application security consulting is a reasonable route to go, if you want to work for a consultancy, but I'd be wary of any other kind of security consulting.
