After many years as a developer/manager I'm getting engrossed in the IT Security world (I've always loved the "idea" but was thwarted by the concept of actually breaking the law to learn, etc.).

Currently I find myself (luckily) in the position of being primarily responsible for (web) application security for my company, and a representative for all infosec matters for my division. I'm learning voraciously and trying to be competent for the benefit of my company and to live up to my own standards. Yesterday I received my C|EH as my first cert.

That all being said, I'm setting my sights down the road a bit. Ultimately I'd like to reach some level of achievement in the security industry via meaningful certifications as well as contributing as an individual (to the industry and to my company). Once that's established (whatever that means ), I'd like to get a law degree and enter the "field" of computer security law.

Are there thoughts/guidance as to my more immediate goal of gaining knowledge and certifications that represent said knowledge in a meaningulf way toward my current obligations (i.e. my job, company, and infosec as a whole) as well as the longer-term goal of "lawyerdom"?

Thanks in advance for any input!