For once I am gonna be honest. No really. All of this is hard work, and @enso will at his leisure add even more color and detail, since he is the actual expert.
The fundamentals of infosec are:
- Coding practices
- QA
- Fuzzing
- Compliance
- Regulations
- On going testing
- On going maintenance
- Auditing
- Analysis
- Reverse engineering
- Incident response
- Documentation
- Education
- Controls
- Post mortems
…
The people, process, technology changes. This is a yuuuge undertaking. So start with one, not all.
