A good coverage of the technical stuff, I'll add some of my personal thoughts on "how to get there".
1) There is a community out there, find your place in it. Go to conferences, look for local meetup groups.
2) Become comfortable with PEOPLE. Many technical people are not, but you will be a LOT better at your job if you are. People build systems, people break them. A computer never wakes up in the morning and decides to hack something. If you understand people, you can guess what shortcuts they'll take and know where to start poking.
3) Go watch past defcon videos. There's gold in there. Not in the "oooh exploit" sense (although it's true that some people never get around to patching the old ones) but more importantly to understand how the people in the videos found the holes, and how the people not in the video left the holes to be found.
4) Find a mentor. Someone who's traveled your path before and can help you avoid the potholes before you get there. This is (imo) especially important if pentesting is calling you, as the legal potholes there are many and deep. Someone who's local will know what particular quirks your jurisdiction has.
5) Get a get out of jail free card. Others have covered this to death, but it's worth mentioning again. O&E insurance if you're ever doing this freelance is something I'd also consider to be mandatory underwear.
6) Find a safe playground. There are places you can practice your craft safely. Think the google bug bounty program. Look for these places, read their rules and make sure you stay inside them. https://dcdark.net/ too.
Hope that helps. Enjoy the ride, it's been good to me over the years.
Min
