I would focus efforts on getting some real-world experience by doing an informal apprenticeship with some security folks. Certain security professionals would probably appreciate the help, and there is a lot of valuable information to be learned from them.
Keep in mind this would be after-hours work, so you need to be a model citizen and perform well in your day job at the help desk. If you slack off there, it's very unlikely the organization would consider you for a role in another department.
Generally, I favor the school of hard knocks. I think people learn a lot more about security by doing rather than studying. That does make me a bit of an anomaly, but if formal education programs aren't an option, and certifications won't get you to where you want to go, I would focus on working your way into the job informally, and then parlaying that into a formal job in security.
- Read more about the road from network administrator to information security professional.
- Still interested in infosec certifications? Check out SearchSecurity.com's guide to information security certifications.
Dig deeper on Information Security Jobs and Training
Related Q&A from Mike Rothman, Contributor
In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about ...continue reading
Depending on your enterprise, it may or may not be necessary to utilize a QSA. In this security management expert response, learn how to determine ...continue reading
When developing software securely, what role does gap analysis play? In this security management expert response, learn how to implement gap analysis...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.