Millwall,
deciding where to start off is, IMO, mostly dependent on a combination of your existing skill sets and where you want to get to. For example, if you have experience as a web-dev take a look at SQL injection, XSS, etc. (btw, if anything I mention is unknown Google is a good place to start researching unknown topics
).
In terms of certifications, again it depends where you wish to get to and what skills you wish to gain. Basically I'd suggest that any cert where you have the pre-req's could be a good start. Typically people start out with Sec+, C|EH or OCSP (use this site's search functionality to find more indepth info on the certs).
Finally BackTrack (any version) isn't a traditional 'program' it is a live Linux distribution containing many of the tools used by security (and other) professionals. It can be a good start to get a feel for scope of the field and the best-of-breed tools available, but as others have and will point out, you will gain a much fuller understanding of your tools and Linux in general by creating platform from scratch using a standard distro as a base.
Overall, the best place to start in the security field (I'm guessing it holds true for most professions) is to read, study and learn as much as you can. Even if it provides no immediate benefit having a wider breadth of understanding is never going to go amiss.
Hope this helps, happy hunting
Tools : Multi-Distro Live DVD
