Security isn't dead by any means. I totally agree to the previous post. C sharp would be a great starting ground to make some good developing $$. I would always recommend learning the code before you try to learn the exploits, doing it the other way around usually teaches you bad habits & leaves you without a fundamental knowledge of how the exploits actually work.
Buffer overflows aren't as common as more languages are stopping this at the code level. Just because we aren't finding unsanitized strCopies in government code doesn't mean there isn't lots of things to be hacked. There is an equal if not larger amount of people hacking things than there is people creating things. Defcon this year was proof that hacking isn't going anywhere. It was double the size last year, with more energy than ever.
As the world continues to become more and more dependent on technology, people like ourselves will become required to be everywhere in order to protect identities. With new things out like the PTW attack rendering WEP nearly useless, 15 year old kids in russia cracking software that cost millions to make, and monstrosities like vista, we are all in the perfect field.