If you know your way around TCP/IP pretty well -- and I'm guessing you do, because of your self-described background -- you are probably more knowledgeable and better-prepared than you might think. There's one easy way to find out: Get a good study guide for the CompTIA Networking+ exam, and skim through it. If some or most of it looks familiar, you are further along than you think. If less than half sounds familiar, you can remedy your lack of networking knowledge by studying for and taking this exam. After that you can jump right into the security certifications field without too much worry. I'd recommend starting easy, with the various BrainBench credentials (I think they have one on networking security, another on Internet security) Consider these just a warm-up, they don't have much value in the workplace. After that, tackle one of the three best-known "intro certs": SANS GSEC (www.giac.org); TICSA (www.trusecure.com); or SSCP (www.isc2.org). Next, you'll want to either start climbing the SANS GIAC ladder or go after the CISSP (www.isc2.org).
That should keep you busy for a year or two. Good luck!
For more information on this topic, visit these other SearchSecurity.com resources:
Careers & Certification Tip: Revisiting the vendor-neutral security certification landscape -- again!
Ask the Expert: Input on the Network+ certification
Chat Transcript: Security certifications for the networking professional
This was first published in August 2002