Certifications are nice, but that does not necessarily make people a good IT security specialist.
There is no clear path, but there are many facets to learn about:
* Web application security and popular attacks (such as https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Proje...)
* System and network security (learn to use BackTrack http://www.backtrack-linux.org/)
* Understand and learn how to use crypto: e.g. known crypto algorithms and what they are good for, learn how to apply disk crypto, learn how SSL works, know how you should do password hashing.
* Learn about phishing and social engineering
* Learn about malware, botnets, and zero-day exploits.
Learn about all of them but try to become an expert on just one of these subjects by playing with tools. For example, set up a honey pot system to capture malware. Then try to find the malware on it, and then try to reverse engineer it.
There is no clear path, but there are many facets to learn about:
* Web application security and popular attacks (such as https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Proje...) * System and network security (learn to use BackTrack http://www.backtrack-linux.org/) * Understand and learn how to use crypto: e.g. known crypto algorithms and what they are good for, learn how to apply disk crypto, learn how SSL works, know how you should do password hashing. * Learn about phishing and social engineering * Learn about malware, botnets, and zero-day exploits.
Learn about all of them but try to become an expert on just one of these subjects by playing with tools. For example, set up a honey pot system to capture malware. Then try to find the malware on it, and then try to reverse engineer it.