I firmly believe that it depends on what you learn in the NOC role.

If it gives you a good / broad experience with how things work, how network configurations come into play, how to secure and monitor the network, etc, then I see no reason you couldn't apply that knowledge in the security realm.

But if you don't get a good opportunity, during your NOC time, to learn more than the basics of keeping XYZ company's network alive and configured for general day-to-day operation, then you'd want to supplement the job with a lot of side learning, assuming you want to 'end up' in security.

I know plenty of NOC guys / gals who have since moved on to be great security people.  Then there's the flip side, and the ones who, IMHO, didn't work to get enough experience to remove the staple from a paper bag, in which they'd been kept, and therefore, shouldn't touch IT security to save their lives.  

It's all about you... What you want...  How bad you want it...  What you make it...

(Edit - and I'll second 3xban's post, that he submitted at the same time as mine...  Consulting can be a great opportunity to bolster your skills and grow into other areas.  The only downfall is making sure you have  enough contracts, or that youwork for an established firm, to make ends meet, in the process, as Consulting gigs vary, in terms of 'job security')

Now that I am currently in a larger more corporate setting, I am finding that I miss the SMB.  The keys to the kingdom are concentrated at the corporate level and the outsourcing vendor.  I now spend more time staring at a useless web portal that shows me pretty graphs and very little raw data.  The site itself is slow and very rarely can you get the information fast enough to respond to an issue.  When you make requests for tools or access to do the job, you are typically refered to an outdated policy.  Some enterprises are so vested in the way they did things back in the day that getting them to change is a much more difficult task than cleaning up the problems.

With SMBs you may not have the budget for the shiny boxes with blinking lights, but you learn to utilize the systems and software you do have.  Not to mention you typically have access to all the log sources and can determine if issues are occuring in a realtime manner.  And if its a quiet week, you can probably go and build a server or evaluate new hardware from your vendor.  Not to mention SMBs are much easier to get a handle on things due to their size.

And, I would agree with Hayabusa, if you try to do consulting on your own, it can be painful.  You best bet is get in with an established company and let them handle scheduling, billing and such and allow you to keep the stuff running.  Establishing a client base is a job in and of itself.