I'm getting more and more interested in breaching, and have done a bit locally and love it.
Is it possible to go from where I'm at, getting a good income, to InfoSec (hopefully not as a junior)?
https://www.google.com/search?q=site%3Anews.ycombinator.com+...
For this reason it's a good idea to keep a lowish profile. Good luck :-)
For a work in infosec my recommendation would be a little bit of formal education. Assume that in an interview there'll be some jargon -- you need to understand the questions and answer appropriately. Most of the work in infosec is about protecting against attacks, not necessarily pentesting. This said, passion is everything, if you have that, there's no limit on where you can go. Good luck (and reach out if I can help).
It's very common for folks to enter the security testing field mid-career with a background in something else. This is almost preferable. The domain knowledge you have from your other experiences will serve you well when trying to understand [and find] security issues in related areas.
1. A potential path forward: Don't try to sell yourself as a penetration tester. Sell yourself as a developer who can support penetration testers/red teamers.
Modern ethical hacking requires a lot of coding to write new tools and customize existing ones. Even if you don't know much about how to get domain admin, escalate privileges, etc.--you can provide a lot of value just by the ability to ferret through MSDN and turn around C or .NET code that reproduces someone else's research or techniques for a team's internal use.
Rewriting existing stuff is really important as a lot of defenses are developed and tuned to public POCs or samples without much imagination for how the technique can vary with a little effort.
2. The Red Team Ops and Adversary Simulation community has a great culture of open research and code. Contribute to an existing project or start your own collection of interesting stuff to demonstate you have the chops to contribute as a developer.
3. If you're looking for the right "foot in the door" qualification, get the Offensive Security Certified Professional (OSCP) certification. It's hands-on and very well respected by the practitioners in this field. While the course will not turn you into a penetration tester, it demonstrates you can tackle the types of technical problems and concepts required to succeed in this work.
https://www.offensive-security.com/
4. Daniel Duggan's Red Team Ops course is good exposure to the concepts and workflows a lot of red teamers/penetration testers work with today:
As for the shift to infosec, I think you can make it. It would probably be good to get some certs like CISSP or GSEC.
Maybe a good strategy would be to apply for intermediate roles. Then if they have concerns about lack of prior experience you could offer to come in as a junior with the expectation that you would be promoted to intermediate after 6 months if you are performing well.
And also, be prepared to keep at it to figure stuff out yourself rather than asking around. This is how you really learn.