Get Security+ certified, as that is the entry-level cert. Having an IT-related degree helps, but isn’t necessarily required as experience is generally just as good.
Once you have a basic knowledge, figure out what speciality, if any, you want, e.g. forensics, pen testing, etc. There are certifications for just about everything, so just figure out which ones you need to get you where you want to go.
Look at job descriptions for the field you want. That will tell you what knowledge and education you need.
Have a basic understanding of programming but you don’t have to be a programmer, i.e. don’t spend time getting a CS degree or becoming fluent in a bunch of programming languages.
Learn how Windows and Unix/Linux work. Consider getting Linux+ and MCP certified.
There is no one path to get started. Because there are so many domains within Infosec, you can’t just generalize it.
An Infosec Professional generally should have out-of-box thinking capability. You can use whatever resources you want to get there.
The following will definitely help you get started.
- Basic knowledge skills: Knowledge of one high level and one low level programming language. (Build at least a project in each)
- Topics: Know basics of Web application security, Network Security, IOT devices Security, Binary exploitation
- Books/Resources: Shellcoder’s/ Web application Hacker’s/ Browser Hacker’s Handbook to get started.
- Courses/ Certifications: Coursera CybserSecurity Track, Offensive Security Certified Professional(OSCP)
- Softwares: Ability to learn as you go.
- OS: *nix system, Windows(Powershell commands)
Over the 2017 year, I’ll be posting more materials, webinars and training lessons. So check back later for updates on the made available links.