I've explained the security sector to young folks like this. Think of security as the top layer of a pyramid. It's the final building block on a solid foundation of experience and knowledge. You can't secure what you don't understand.

The base of the pyramid is solid harware and software skills (OSes in particular)
The next level up is networking and protocols
After that, network administration skills
The one after that is programming languages
Finally, the top of the pyramid is security

Only after you've gone through these basic areas can you be effective in a security role. When you get there, then you have new challenges like auditing, regulatory compliance, etc.

Please note that a security professional no longer practices soley in the technical arena. You now have to have a variety of business skills, auditing skills and legal experience to an extent.

You have a long road ahead. Build your knowledge and be sure you understand the concepts before moving on to more complex material.

That's about the best generic advice I can give you.

--TH13