I don't think it will be a difficult career change at all. In fact, when I counsel computer science majors on pursuing...
an information security career, the first thing I tell them is that they need to take some business courses to gain an understanding of how the business operates. You're simply approaching it from the opposite point of view: You have the business education and experience and need to gain technical skills.
Networking is a good start, as it's an important part of the foundational knowledge for any security professional. I'd also recommend a good, broad introduction to the information security field. You can achieve that by pursuing either the Security+ or Associate of (ISC)2 certification. Once you've gained some experience, you'll definitely want to pursue the industry standard CISSP certification.
With that basic foundation, the next step is choosing an area of specialization. Information security is an extremely broad field: You can choose to focus on network security, security policy, application security or many other areas. When you find one that appeals to you (and your employer, if you're looking for an internal move), take some specialized courses to learn the ropes of that field and get some hands-on experience.
For more information:
Dig Deeper on Information Security Jobs and Training
Related Q&A from Mike Chapple
Encrypting data going to the cloud is a security best practice, but does it add extra challenges for regulators that might need to access the data? ...continue reading
Merchants that sell at off-site venues need to take extra care to follow PCI compliance standards. Expert Mike Chapple discusses how organizations ...continue reading
The FTC's order for PCI DSS compliance assessments is odd since PCI isn't a government regulation. Expert Mike Chapple explains the motivation ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.