We checked with independent security expert Brien Posey, MCSE, and here’s his answer:
“I would recommend starting by getting a CISSP certification. The classes can be expensive, but there are plenty of books that can prepare you for the exam without you ever having to set foot in a classroom.”
Interested in more from Brien Posey? Read his latest SearchCIO-Midmarket tip: Unified communications: Securing access to OCS.
The CISSP is not a starting point — it requires 5 cumulative years experience in at least 2 of the 10 domains.
SANS GIAC / CompTIA Security+ are better suited as starting points.