Not to equivocate, but some companies require degrees or give preference to candidates who have them, and some don't. In many if not most organizations, experience trumps a degree. This is true not only in security, but in other areas as well, such as application development. Much depends on company culture.
All things being equal, of course, a college degree will help, even if it's in the liberal arts. For most hirers, a degree signals that the candidate was able to set a goal and achieve it. By the same token, an advanced degree will trump a four-year degree.
Which certs should I obtain?
Like degrees, certifications can only help you. Personally, I'm not a huge fan of the (ISC)2Foundation certifications, although Certified Information Systems Security Professional (CISSP)cert remains one of the most requested and respected general certifications. In my personal opinion, it suffers from a poorly designed test. Most people walk out of that test shaking their heads because it seldom maps to the expensive study materials students were told to buy. But the certification covers a wide range of security topics, and studying for it will only make you stronger.
I'm also a big fan of exams from CompTIA. They are often considered basic or beginner's exams, but I guarantee you that even a hardened veteran will learn something studying for one. EC-Council certifications are fairly good. The tests sometimes need work, but the course materials and experience you'll gain from studying for these exams are valuable.
Best of all are the SANS certifications and degrees. Unfortunately, they also tend to be expensive. But if I see that someone has a SANS certification, then I know they're on top of their stuff. SANS has awesome practical training, great instructors, and great books -- on top of tons of free information you can download from the SANS website. If you're going to be in charge of particular hardware or software, it helps to have the certs involving those items, such as Microsoft, Cisco, and the rest.
If you can't easily pick up degrees and certs, become an expert. Read everything you can about your intended field of study. Buy books, read all the online information you can find, subscribe to blogs, and try your best to hang around (at least digitally) with people who are the experts in the field. The more you learn, the stronger you'll be as a candidate.
Arm yourself to the teeth
For the actual job you're seeking, prepare like you're going to war. Go to the employer's website and learn everything you can about the company: its history, its organizational structure, its products. Learn about its biggest competitors and the industry in general. Then try your best to throw in a response or two in the job interview that shows you know about the company you're applying to and the industry in which they operate.
Sign up for Computerworld eNewsletters.