Possible Duplicate:
What are the career paths in the computer security field?
I am a software developer. Currently I am interested in IT security, but I have difficulties about learning pathways to IT security.
Is there a learning path for IT security such as for example the path to learn the Java programming language that existed at this link:
http://download.oracle.com/javase/tutorial/tutorialLearningPaths.html
Thank you: D
A lot of the security field is devoted to cryptography which is a beautiful field (of which I am far too ignorant) but crypto is often much easier to misuse than to use correctly. Unless you've got a really strong math/stats background, I'd put off diving into crypto until you've got into the attacker mindset a bit.
If you're already comfortable as a coder, then you can probably learn a lot by reviewing code, including exploits, vulnerable code, and code designed for security.
"OWASP Code Review" might help you learn by example. It'll introduce you to a bunch of practical attacks, and get you thinking like an attacker.
The combination of a book on secure code review and tools to support such an activity is very powerful as it gives the developer community a place to start regarding secure application development.
The same OWASP organization has How-to pages that might be good starting points as well.
Other accessible resources include Scheier's blog which often discusses topics related to threat perception, the way social dynamics affect security, and what security means/should mean in various scenarios.
