IT security is a more and more specialized domain in the information technology field. It used to be that system administrators fulfilled the role, regardless of whether they had specific training in security, but now increasingly, corporations want dedicated IT security staff to take care of maintaining security policies, intrusion detection systems, firewalls, penetration testing, and so on. Sometimes they contract this out to contractors, or they hire full-time employees. As a result, a lot of IT pros who have made a career in system or network administration are tempted to make the switch into IT security.
IT security is often seen as the most mysterious, cloak-and-dagger type of computer discipline. Pen testers in particular are dreaded by a lot of traditional IT folks, simply because their whole goal is to break everything you’ve set up and get into your systems. But making the switch really isn’t that hard. In order to go into IT security, you need to know all of the basic system and network administration tools, but you also need another layer of knowledge and skills. You need to be able to think like a hacker, and use the tools that they use in order to find out what you need to do to keep them out. So as you can imagine, the most important tool is experience. If this is something you want to do on the side, then start by subscribing to the security mailing lists. The SecLists which hosts the archives of many other popular mailing lists like Bugtraq and CERT.