Bear in mind that IT security goes far beyond something with a processor in it.
There are physical access controls, personnel assessments, probability and impact assessments, budgeting, people-monitoring, process analysis and modelling...
Computers are a tiny part of it. This being HN I have understanding for the bias though.
Book: Web Application Hacker Handbook http://www.wiley.com/WileyCDA/WileyTitle/productCd-111802647...
I've seen it highly recommended and if you're not familiar with the field it's a good overview of exploit types for web apps.
Online training for free or cheap: Cybrary - mostly okay, but free.
PluralSight - https://www.pluralsight.com/browse/it-ops/security
Coursera has a Cybersecurity Fundamentals specializationd that's pretty good - https://www.coursera.org/specializations/cyber-security
Other books, if you wanted to go down the reverse engineering route:
Assembly Language Step-by-Step: Programming with Linux
The IDA Pro Book (for the strangely hard to buy IDA Pro, but the free version is pretty good)
Practical Malware Analysis