CISSP is seen as the go-to certification for security professionals. But you need 5 years of experience in one of the domains, in addition to passing the 6 hour exam. Then move on to CISA (Certified Information Systems Auditor)... Security+ and CEH are not bad entry exams. How-ever since security is a multi disciple field any exam would help you... A+ will tick off hardware, CCNA through CCIE will cover networks, take any OS theory modules available to you in your studies to better understand device attacks. Try practicing security principles in your daily life, where you look at any "system" and think about how you "break-it", or "alternate-it" to your benefit, then you either re-design if it is possible, or wrap it with systems that reduces the risk of the vulnerability. And get use to writing reports...