1. Start with the BrainBench network and internet security exams, to get yourself up and running (www.brainbench.com)
2. Tackle the CIW Security Professional exam next (www.ciwcertified.com); some colleagues of mine wrote a pretty good book on it called "CIW Security Professional Certification Bible," Hungry Minds, 2001.
3. Tackle the TruSecure ICSA (TICSA) certification next, or some other entry-level "serious" certification credential: (SANS GSEC, ISC-squared SSCP, etc.). You'll start seeing books on most of these certs at mid-year, right after you polish off items 1 and 2.
4. From there, let your budget, availability, and interest dictate some mid-level security cert to you (most require 3 years of on the job experience, and take a fair amount of study, so expect to take a hiatus between the previous step and this one): CISSP, ICSE, SANS GIAC Level II, and so forth.
5. If you plan to work in environments where specific products or hardware are in use, you should also investigate vendor-specific security certs from companies like Cisco, CheckPoint, ISS, and so forth. Combined with the preceding elements and 3-plus years of experience you should be able to get a pretty good job.
This was first published in February 2002