With your background and current work focus, I'd recommend checking out the ISACA (www.isaca.org) Certified Information Systems Auditor (CISA) credential as a good place for you to get started. It includes some security content and will help you get going in your new direction.
After that, I recommend the following sequence of credentials, all of which you can tackle self-study (or take classes, if you can get employer funding):
- CompTIA Security+ certification
- ISACA Certified Information Security Manager (CISM) or ISC-squared Certified Information Systems Security Professional (CISSP) or SANS (www.giac.org) intermediate level stuff (If this interests you, you'll be better off taking the SANS GSEC instead of Security+ for your first cert.)
After that, there are more advanced credentials that you can pursue. Feel free to write again if you need more information.
Good luck with your upcoming certification efforts.
For more information on this topic, visit these other SearchSecurity.com resources:
Career and Certification Tip: The vendor-neutral security certification landscape
Best Web Links: Infosec Training, Careers and Events
Featured Topic: Climbing the infosec career ladder
This was first published in January 2003