I would focus efforts on getting some real-world experience by doing an informal apprenticeship with some security folks. Certain security professionals would probably appreciate the help, and there is a lot of valuable information to be learned from them.
Keep in mind this would be after-hours work, so you need to be a model citizen and perform well in your day job at the help desk. If you slack off there, it's very unlikely the organization would consider you for a role in another department.
Generally, I favor the school of hard knocks. I think people learn a lot more about security by doing rather than studying. That does make me a bit of an anomaly, but if formal education programs aren't an option, and certifications won't get you to where you want to go, I would focus on working your way into the job informally, and then parlaying that into a formal job in security.
- Read more about the road from network administrator to information security professional.
- Still interested in infosec certifications? Check out SearchSecurity.com's guide to information security certifications.
This was first published in February 2008