I am thinking about the CISSP or even the CCIE Security certification. I am also in the progress of finishing my undergraduate in Computer Networking and will be considering a masters program in Telecommunications with an emphasis on network security.
1. Start looking closely at your work at AT&T and horn in on security-related stuff going on around you whenever possible. IF you have a good working relationship with your boss, discuss your interest with him and ask him if he can help you get involved in more of that kind of work. Warning: to talk him into this, you may have to volunteer to work extra hours outside your normal working responsibilities and assignments.
2. I'd also urge you to obtain an entry-level security certification to get yourself into "security gear"--such as the CompTIA Security+, the TruSecure TICSA, or the SANS GSEC.
Once you get going on your Master's you'll be able to focus in on the subjects within information security that you'll want to study in greater depth and that will help lead you on to more advanced certifications. The CISSP requires four or more years of direct, relevant work experience in infosec, so you'll need some more time before you can qualify. A CCIE of any kind is a fantastic credential to earn, so if you want to work in the Cisco arena, I can't help but endorse the CCIE Security as well.
Sounds like you've got a pretty good plan together. Now, all you need to do is complete all the years of work, study, and the many exams that lie between you and your goals. Good luck!
This was first published in October 2003