Whatever you consider must fun, is the most fun.
Are these really three distinct specializations?
No, I've never heard of them being categorized into three specialisations before, and the progression tree you have listed certainly isn't true.
If you are interested in getting into security, just research and experiment with what interests you.
* If you like appsec, why not learn some programming languages and attempt some bug bounties.
* If you like netsec why not setup some labs and simulate some pentests, or sign up to HackTheBox which offeres pentest environments.
* and so on.
You will succeed in security by doing it because you love it, not because you are told it has good prospects.
Whatever you consider must fun, is the most fun.
Are these really three distinct specializations?
No, I've never heard of them being categorized into three specialisations before, and the progression tree you have listed certainly isn't true.
If you are interested in getting into security, just research and experiment with what interests you.
* If you like appsec, why not learn some programming languages and attempt some bug bounties.
* If you like netsec why not setup some labs and simulate some pentests, or sign up to HackTheBox which offeres pentest environments.
* and so on.
You will succeed in security by doing it because you love it, not because you are told it has good prospects.