I don't think it will be a difficult career change at all. In fact, when I counsel computer science majors on pursuing...
an information security career, the first thing I tell them is that they need to take some business courses to gain an understanding of how the business operates. You're simply approaching it from the opposite point of view: You have the business education and experience and need to gain technical skills.
Networking is a good start, as it's an important part of the foundational knowledge for any security professional. I'd also recommend a good, broad introduction to the information security field. You can achieve that by pursuing either the Security+ or Associate of (ISC)2 certification. Once you've gained some experience, you'll definitely want to pursue the industry standard CISSP certification.
With that basic foundation, the next step is choosing an area of specialization. Information security is an extremely broad field: You can choose to focus on network security, security policy, application security or many other areas. When you find one that appeals to you (and your employer, if you're looking for an internal move), take some specialized courses to learn the ropes of that field and get some hands-on experience.
For more information:
Dig Deeper on Information security certifications, training and jobs
Related Q&A from Mike Chapple
Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between ... Continue Reading
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ... Continue Reading
The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ... Continue Reading