Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
Security engineers are usually the guys who work on the securing side of the equation. The guys who setup firewalls, IDS, auditing, etc.
Security analysts usually are the attacking / probing side of the equation. They are the pentesters, they are the guys who do audits for ISO, PCI, HIPAA etc. Basically the auditors are the break it guys and the engineers are the fix it guys.
However most likely you will become a sysadmin or network engineer with a security specialization, or go work for a security firm and be a network security consultant. People understand they need to secure their networks, however they don't want to pay for it (unless they are a large IT centric organization like say google) so they hire an outside group, or they just staff another IT position with someone who can do both their job and security. If you are looking for a path in security your best bet into the field is find a security group looking for an intern.
For tools grab yourself a copy of the Backtrack 5 suite and start learning the tools. Armitage and Nessus are going to be your two most commonly used attacking tools in the real world so those are the best to get practice with (though some of us really hardcore 1337 guys will call you a skiddie) . There used to be pre created VMs on the metasploit website that had common setups of XP and linux to be used for attacking, but I couldn't find them anymore to link them. Pretty much just setup a bunch of VMs in a lab and build a "typical" corp network (AD, sharepoint, FTP, web server, SQL). Books I really couldn't help you on as a lot of this stuff you can't learn by reading, you learn by doing. However metasploit, offensive security, and Room 362 all have excellent security realated blogs, as well as active security related webforums to go poke around on. There is a web show called Hak5 on revision3 that is all about security and hacker culture. They don't just openly show you how to pop boxes (well not so much anymore, they used to have some really good tutorial segments, and HackTip is sort of getting back to that) however they give you some really good ideas on projects etc for you to learn stuff on your own.