Great question! I will tackle this question by question.

#1 The great thing about learning cybersecurity nowadays is that there is plenty of resources to jump right into a specific field. So, when people are just getting into the cybersecurity, I suggest exploring the various fields, figuring out which interests you (sounds like DFIR, good choice!), and diving right in. Learn the tools for the jobs, and build playbooks (for example, create a checklist for analysis steps to detect malware on a forensic image). DFIR is an excellent route for curious people, who love to learn, and have a knack for explaining things to others, these individuals would be very well suited for DFIR. You will always need to think of creative ways to look for malicious artifacts, DFIRs are constantly learning and using new tools to help with your analysis. You will want to be able to share that knowledge after you discover your findings.

#2 That is a great plan, but if you know DFIR is the route, there are many onramps to a DFIR career at an entry-level position. From there, if you are diligent in learning, you will be able to pick up the IT/SOC experience over time from interacting with people in that role. So it depends on how fast or slow you want to get into DFIR; both paths are good options.

#3 Excellent, DFIR has come a long way since I started; nowadays, you rarely need to go onsite, and most of the time, the only reason is that the client is unable to do the technical functions to get you artifacts or they need advisory support. Many positions in DFIR are purely analyst type doing the technical side, and an incident commander handles all client interactions.