Tactical76 is very correct.   HOWEVER, security is often a make or break issue for companies, and breaches and successful attacks are reputationally devastating.

Security is more and more becoming THE issue.   You will make mistakes.   This is not about fair and balanced advice.   Represent the risks accurately, and do not "go quietly into the night" unless and until you are sure that management has UNDERSTOOD the risks and accepted them.  Terms have different meanings to different people.   As an expert witness it has often been required to bring a judge or jury up to speed on terms that I use.   But until they understand what I am offering, they cannot make a informed decision.

I get this question a lot.

Infosec is not a very good first stop for those new to technology.  I always recommend IT/IS students to spend a couple years doing something else (appdev, sysops, networking, etc.) before circling back around to security.  All practisioners have their strengths and without a good industry baseline, those strengths are hard to forge.  That said, starting your career as, let's say, a Web developer and always incorporating OWASP Top 10 into your testing will make you a better developer and a huge asset to any team you join.  There's a good chance after a year or two, they'll actually send you off for training to be their appsec person.

Be a part of the community.  I worked in infosec for over a decade before taking part in community events.  I went to small one-day conferences and such, but never the local meetups or week-long cons.  My knowledge and local network for advice and reference improved drastically since becoming a part of the local scene.  That led me to attend a few cons, where I got to meet people who are at the leading edge of security practisioners.

Say hi.  A lot of us in cyber-security are kind of introverted.  We get into our little circles of friends and end up staying there.  We're pretty friendly, though.  When you attend a social event, make it a point to meet 3-4 new people.  Let them know you're new to the event and there's a good chance someone will take you around to meet people.  Add the people you meet to your Twitter feed.  You'll probably learn more there than anywhere else.

And when you do get into infosec, keep in mind that most people dislike us.  You can change that perception.  People see us as an obstacle to innovation, deadlines, and profit.  A good infosec team is a resource to the different departments to improve their stability and long-term profitability.  Sometimes we have to be the bad guys, but that's just so the real bad guys don't pwn us and our customers.

Not sure where to start as this is a huge area to cover and may differ if you are working in an organization (end user) or a consulting company;

If you are working in a company and need to

A) Convince your boss:

• Make a gap analysis and note the prioritize the risks.
• If boss does not care, shock and awe; create a real case from all CIA point of view, that you can showcase, usb attacks, mitm, lateral movement etc. Mind you that there are people in some industries that may think that data breach (confidentiality) is not a biggie, but for them not being able to access the data and use the ERP is (availability, integrity), thus when prioritizing risks make sure you see from all angles.
• Educate them constantly to the point of nagging :D.

B) To team mates, staffs and everyone else:

• Create awareness and educate them, if, they are not aware yet.
• Share videos, stories, best practices, guidelines and such.

C) And as for oneself:

• Learn psychology, and how to communicate properly, you will be meeting and need to convince lots of people of the risks related to information security.
• Never stop learning, you can only improve yourself and everything else if you know what is better than what is already implemented / known by others. 
• Be humble, you are both everything and nothing at the same time, no one likes an a-hole.
• Learn to code, it trains yourself on how to be orderly.
• And might want to to focus on one area of interest, IT security is a big world, and every industry vertical is kinda unique.

1) Get experience by building your own lab. Insecure.org has lots of free tools.

2) Do not become the Department of No. The biggest knock on INFOSEC community is that we are the people that will always tell you no. We need to learn that the customer has a need and they do not know the best way to secure it. That is our job to help the find a solution that reduces the risk to an acceptable level to the executives.

3) Look for things that are not being done. I got into INFOSEC because I was changing tapes on out backup server 14 years ago and noticed that it had an anti-virus console on it. I asked my boss who was monitoring it daily and she said "No one." I asked if I could do that and she said yes. I kept looking for duties I could add to my resume. This allowed me to gain experience in many of the domains.

4) Security podcasts. Use your downtime to listen to them. I used to have an hour and a half commute. Security podcasts kept me company and informed the whole time. I used "dead" time as training time. Some of my favorites are:

Paul's Security Weekly

The Social-Engineer Podcast

SANS Internet Storm Center

A few things to keep in mind:

1. Always look for ways to disrupt the cyber kill chain at every step.
2. Keep your personal cyber arsenal up to date.
3. Become a lifelong learner in every aspect of your professional life.
4. Give back to the "cyber" community.

Don't expect 6 figures after getting your CISSP.  If you are one of the lucky ones to land a six figure salary after getting one certification, good for you, you won the lottery.

I have mentored several folks and all but one of them lacked the delusion of making a hefty salary.  A career in Cyber Security will definitely command an excellent salary for years to come and if you focus your efforts on cloud services and or white hat practices, we are going to need more folks like you.

Just be patient and stay the course, the salary will find you if you love what you do.