I'm a Java dev 10+ yrs. I would like to move into a position where I can consult companies about security compliance. How do I make this move? The problem is without prior experience it seems all doors are closed. Finding a development job and then hoping an opportunity comes up to get compliance exposure seems not very promising.<p>Anyone made that shift?<p>Any pointers appreciated, thanks
CISSP would be a good start. That will open a <i>lot</i> of Federal government doors, health IT doors, etc. If you want to be a white hat at Qualcomm or compliance at Google, that's going to be pretty tough straight out of the box. The people I know in such jobs earned their way to them with a lot of hard work and now live with the sword of Damocles hanging over them.