read up on CISSP certification, SOX/PCI/HIPAA compliance auditing, Computer forensics, Windows administration, Linux administration.
you'll need a strong background in both systems and network administration to make a successful business. as well as a deep network of human contacts. most large companies do their security in house and only call in consultants for project work/audits. its far easier to make a successful career working at a large company doing security than it is to make a successful business providing that service to companies. small/medium sized companies the task is often still part of the system/network administrators position, with outsourcing of project work ( often to vendor recommended companies).
at the grunt level: 90% of the job is looking over logs and reports for discrepancies, the other 10% is remediating/explaining those discrepancies. at the upper end its vulnerability and penetration creation and remediation ( meaning you'll need good programming skills as well).
if you don't already have a strong background in system and/or network administration or low level programming languages ( like assembly) , you should start with that before looking at specializing in security. because without those skills you'll never succeed.
