Your biggest allies will be time, and the ability to research for yourself (a LOT.)
I'll give you a very basic starting list of topics you'll want to come up to speed on, if you want to grow in IT Security. I would then suggest you sit down and go through the forums here, as we've had discussions like this, posted, numerous times.
- Networking - understand the OSI model, communications protocols, how devices talk to one another, different types of firewalls, IDS/IPS, etc
- Programming - at a MINIMUM, understand some sort of scripting language, including knowledge of shell scripting in BASH, and batch file writing in Dos and Powershell. Beyond those, look into languages like C, Python, Perl and Ruby (you'll not need to know them all, and may never be an 'expert' in any, but it will help you when you reach the point of learning about stacks and exploits, if you have at least a foundational knowledge of some language(s))
- Professional networking - make friends, build contacts, and learn who, how and where to gain insight and knowledge as you grow. Look into local IT Security groups, if any exist in your area, and begin to attend meetings, seminars, etc. There's MUCH to be learned, even through community interaction.
- Research - understand how to lookup and find security-related information, such as CVE's, 0-days, etc. Learn how to use Google more effectively (Google IS your friend, here)
- Persistence / Determination - nothing ever comes easy in security. Be prepared to be committed and spend a lot of time honing and maintaining your skills, because it's always changing. The attack vectors change, the landscape changes, and even the underlying technologies change, quite frequently.
Next, once you know the areas you need to focus on, depending on your level of understanding, already, look into courses (whether college, online, self-study / cbt, etc) at the level you're at, and progressing forward from there. Good security-specific certs and programs: Security+, Hacking DOJO (various levels of classes from more basic to advanced, and Tom Wilhelm is a member here - Grendel), CEH, eLearnSecurity (again, different levels and Armando is a member here, as well), ECSA/LPT, CHFI (if you want to go more into forensics), OSCP, and the list goes on. We could write books with the lists of certs, but the important thing is to understand what each cert teaches, and apply that to your current level, and the direction you want to go.
Hope that HELPS, but remember, you'll need to be willing to put a lot of time, energy and effort into it, while still maintaining your passion for it, else, it'll fade quickly.
PS - I didn't vote in your poll, because I feel BOTH are equally important, if you're just beginning, and you don't have an option for BOTH...
~ hayabusa ~
"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'
OSCE, OSCP , GPEN, C|EH