There are several recent threads on getting started with penetration testing/ethical hacking. You should check out Sil's guide to learning pen testing:
http://www.infiltrated.net/pentesting101.htmlYou also mention an interest in security more generally and that you're in a MS environment. There are a lot of good books (I list some below), but since you've already done a BS in security you really need to find some projects (at work or at home) that will allow you to apply your skills.
There are tons of books available on Windows security such as Hacking Exposed: Windows, Rootkits: Subverting the Windows Kernel, Hacking Exposed: Malware & Rootkits, Windows Forensic Analysis DVD, and several more recent titles. At some point, you'll also want to read Windows Internals by Mark Russinovich.
For other topics:
For IDS, I recommend Network Intrusion Detection by Stephen Northcutt and Judy Novak. Also read The Tao of Network Security Monitoring.
For network security protocols, I recommend Network Security: Private Communication in a Public World by Charlie Kaufman.
The best introductory cryptography book I've read is Understanding Cryptography by Christof Paar and Jan Pelzl. If you don't remember math up through about Algebra II or higher, or have some background in Discrete math, read Applied Crypography and/or Cryptography Engineering instead.
I don't have a favorite book on firewalls. Inside Network Perimeter Security was okay to me, but not great.
You do need to understand networking and TCP/P very well. I like the CCNA study books by Wendel Odom. I'm also a huge fan of TCP/IP Illustrated Vol. I but I have not read the new version. The older version is now dated, but the author passed away and the publisher finally had a new author update the book.
For a general book on security, Ross Anderson's Security Engineering is excellent.
For web application security, I recommend the Web Application Hacker's Handbook.
For learning buffer overflows, check out the list of papers I posted a while back:
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,2897.msg13502/#msg13502Again, it sounds like you've already done some reading years back for school. Pick a book or two, but start doing something hands on.
Do you have any specific interests within security other than ethical hacking?
Good luck.
News Items and General Discussion About EH-Net : Change is Coming to EH-Net!!
