Parisa Tabriz has a nice post on how to get started as a security engineer. She does mention some resources but the post is not really a check list of things you should do and sites you should visit. Rather, it is a series of observations based on her own career and how she landed a job at Google.
She starts by making the quotidian observation that it's not like the movies. A lot of the work is like other engineering: detail oriented and often tedious. Still, she clearly loves her work and has a real enthusiasm for it.
She notes that there's no standard curriculum and that the practitioners come from many different academic backgrounds. Her two best suggestions, I think, are
- Stop reading and get your hands dirty actually doing the work
- Write code; it will help you understand the problems that developers face trying to write secure code.
There are several other useful suggestions. If you're interested in the field, it's definitely worth taking a look at Tabriz's post. After all, she's a Security Princess.