I don't think it will be a difficult career change at all. In fact, when I counsel computer science majors on pursuing...
an information security career, the first thing I tell them is that they need to take some business courses to gain an understanding of how the business operates. You're simply approaching it from the opposite point of view: You have the business education and experience and need to gain technical skills.
Networking is a good start, as it's an important part of the foundational knowledge for any security professional. I'd also recommend a good, broad introduction to the information security field. You can achieve that by pursuing either the Security+ or Associate of (ISC)2 certification. Once you've gained some experience, you'll definitely want to pursue the industry standard CISSP certification.
With that basic foundation, the next step is choosing an area of specialization. Information security is an extremely broad field: You can choose to focus on network security, security policy, application security or many other areas. When you find one that appeals to you (and your employer, if you're looking for an internal move), take some specialized courses to learn the ropes of that field and get some hands-on experience.
For more information:
Dig Deeper on Information Security Jobs and Training
Related Q&A from Mike Chapple
Cloud compliance issues are no reason for enterprises not to move to the cloud. Expert Mike Chapple explains why, as well as what to keep in mind ...continue reading
The GAO reported on SEC cybersecurity weaknesses, even though the SEC regulates cybersecurity. Expert Mike Chapple discusses the effects of this ...continue reading
Enterprise compliance can be a burden to manage, which is where a PCI ISA can be helpful. Expert Mike Chapple explains how a PCI Internal Security ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.