Question: “What should I do to earn more credibility and which skills specifically should I learn to put myself on a track of becoming a security specialist”
I recommend you do pretty much anything you can, because 1% of exposure is still better than 0. If you’re into webappsec, then go for it, and absolutely play with bug bounty programs and CTFs. You can also gain good credibility by writing a blog where you document your journey and write down the most important takeaways or just share the learning curve with others. Wherever you are at right now, there is always someone who’s behind, and even if you have 1 week of experience, there are people with 0 experience that would benefit from your advice and blogpost. This is hugely underestimated my friend, so don’t shy away from exposing yourself to the world.
That’s what I wrote in my book as well, that we should all dissect goals into smaller tasks, rather than big projects(and use projects just to stay in sync with reality), because when we see progress we’re more eager to keep pushing and make more of such incremental improvements. As creative human beings we tend to focus on the ‘next big thing to disrupt something’, which often makes us end up in stagnation, because we’re overthinking it.
The best advice I can give anyone who wants to achieve something big would be always – Just start doing the smallest things possible, and see what happens next.
When it comes to learning what’s required to be a consultant, I recommend you just check job postings, role’s descriptions in your area, and create a list of most common requirements. This research will allow you to learn which skills are important in your area and it allow you to optimize your learning roadmap, because you’ll learn what’s truly necessary. And once you’ve put a foot in the door, you can go from there and fill the knowledge gaps.
I hope this comment helps, and in case you’re hungry of more knowledge, I created some time ago a podcast where I try to outline how to become a security engineer:
and another piece that could be summarized as “do whatever makes you happy, because there is enough work for anyone”: