We have been successfully offering on-premise solution to local financial institutes here in Nepal and we are working
on launching our SaaS offering (it's currently in beta with few users). If you are interested for beta access, drop me a message at sakshyam[at]seknox.com
recommended way,
1. learn operating system internals, start using Linux
2. learn computer networking. TCP/IP, OSI layer and network protocols like TCP, UDP, HTTP
3. learn about software programs and Web application architecture
4. start following up security related resource like books, videos, courses (OSCP is great).
- Pick one programming language along the way and try scripting programs while learning.
- you need not master every topic but knowledge of how and why everything works the way it works increases you expertise as security practitioner
- since there are many public bug bounty programs these days, legally testing out stuffs to hone your knowledge has never been easy. plus you get paid.
Only if your front end is SPA and backend just serves through data via api. even in that case, xss in front-end can compromise admin's web sessions to pivot into backend services.
In Nepal, with 100k USD, one can rent decent office space, offer in-work benefits/recreations and employ 15+ professionals (including tech and non-tech), for 2 years. Yes, you can literally trade salary of 1 engineer with entire company fund.
We have been successfully offering on-premise solution to local financial institutes here in Nepal and we are working on launching our SaaS offering (it's currently in beta with few users). If you are interested for beta access, drop me a message at sakshyam[at]seknox.com
Disclosure: I am founder of this startup.