Pardon me for a moment while I think out loud. If I got into a web application security job of some sort, how long would it take me to get to a personally acceptable level of competence (for me: a decent enough expert in the field)? Given a day job that lets me focus on that topic and my propensity for self-study, I think it would take me a year to become satisfactorily proficient. This can differ, however, based on how deeply I will need to know various programming languages when it comes to code reviews. My self-study would likely be designed around working and familiarizing myself with various codes by doing some personal projects here and there… Food for my brain.
I think this way because I am open to “awesome” job opportunities lately, and if something in this space opens up, I don’t want to spend a week trying to play introspective catch-up and miss the opp.