There are many different areas in system and network security to get involved in. For example, you could work on installing, configuring and managing security devices such as firewalls, VPNs and intrusion detection systems. You could design and set up secure networks. You could work on security policies for corporations.
I got into computer security by being a software developer, myself, and if you wanted to write software, there are many opportunities for software developers. Similarly, I started off in operating system security, but then got into cryptography.
There are a number of good sources on the Internet for information. There is this site, for example. Security Focus (www.securityfocus.com) is another. For more formal training, I recommend the Computer Security Institute (CSI) and the Information Systems Audit and Control Association (ISACA). The SANS Institute also offers a number of security-related courses that can help you get off the ground.
The main thing for you to do is to decide what sorts of things interest you. In all forms of information security, there are things that some people find endlessly fascinating, but others find mind-numbingly dull. Similarly, there are some industries that some people like and others don't. You may like banks, or small companies, or large ones. I feel finding out what you like is most important. If you find something interesting, you'll get good at it. If you wake up in the morning looking forward to work, you'll accomplish a lot. If you do work you like for a company you like, you'll get good at it, and that leads to being well-paid.
For more information on this topic, visit these other SearchSecurity.com resources:
Careers and Certification Tip: The vendor?neutral security certification landscape
Ask the Expert: Where to obtain a degree in cryptography
Ask the Expert: First certification for breaking into security
This was first published in November 2002