Just started looking into the long path needed to get experience and skills in this field. Wondering which way to go first. My back ground is web develpment and microsoft focused at that, .net and SQL. I've moved away from development and into design and was seconded into our security team to help with firewall analysis and some other bits around PCI certification. This has totally given me a new sense of what I want out of a career in IT and I'm a bit like rabbit in headlights at the moment. I'm mostly after some advice on which way to go to start out. My inclination is to start close to home and focus on Web App Security and wondered what would be the best course of action. I'm not really fussed about certification yet, I want to learn and develop skills that are going to benefit me and my company. Any advice on books, tutorials, toolsets and skills to practice so I don't have to rely on pre-packaged tools? Is there any information on what the basics are?
Any advice would be amazin.