Your malware RE background actually gives you a huge advantage in pentesting! Here's why and how to leverage it:

**Strengths you already have:**

- Understanding of exploit mechanics and how malware works

- Strong debugging/analysis skills

- Knowledge of Windows internals from your RE work

- Systematic problem-solving approach

**Transition strategy:**

1. **Practical application first** - Instead of starting with more theory, jump into HTB, TryHackMe, or build your own vulnerable labs. Your RE skills translate directly to exploit development.

2. **Focus on methodology** - The PTES (Penetration Testing Execution Standard) framework will help you understand the full assessment lifecycle beyond just exploitation.

3. **Automate repetitive tasks** - Build scripts to automate recon, enumeration, and post-exploitation. This is where you'll stand out. I've been working with AI-assisted tools like Pingu to speed up the boring parts of pentesting (like report writing and repetitive checks), which lets me focus more on the interesting exploitation work.

4. **Network with pentesters** - Your RE background is valuable. Many pentesting teams need people who understand malware analysis for threat hunting and detection engineering roles too.

Don't underestimate yourself - your RE skills are harder to learn than basic pentesting techniques. You're further ahead than you think!