I am in Houston, TX with a BS in Physics, computer programming skills, A+ cert, an interest and basic understanding of networks, operating systems, and security, and a desire to move into computer security in the next few years.  MS in IT is in progress (6/2010).  My job experience lies mostly in seismic engineering/geophysics with only minor interactions with an IT department, but I have probed systems and implemented programming to create highly successful scripts in VBA, bash, and DOS.  I am looking for leads to get into the IT field, and am willing to consider relocation with the right opportunity.

I have read many threads but none of them address the situation (or remotely similar situation) of being completely new to the entire IT field by experience, well-versed in computer IT and programming by personal study, private work, and interest, let alone working with a degree and experience in a very different, but still technical field.  Also, I am looking for specific time lines as a specific guide.  For instance, beginning with a recommendation of steps 1 and 2 concurrently for 6-12 months and 12 months respectively; where the steps are identified and requirements are noted for commencing each step.  I have looked far and wide to find only bits and pieces of this information not compiled together into useful and understandable form as a guide.

CEH by EC-Council may be said a beginner certification, but I know it requires 2 years of experience and Security+ (DeFino, 2010, p. xviii) for the self study program; otherwise the official course program (pricey) is required.

When are CISSP or OSCP for me?  When and for what jobs are they helpful?

How do I build my own lab and practice there and what does that mean exactly?  Is that just running Wireshark and other programs on other networks on my home computer, and if so how does that help my application?  How do I find these local groups of which you speak?  What roles, if any more, should they play in my career, beyond networking and interesting technical discussions?

Applications to job offerings which sounds interesting for me have met a dead wall, so some suggestions would be useful here.  Jobs like network engineer, sysadmin etc., usually require 3-10 years of experience and never give me feedback, let alone rejection letters, on my application.  But going these other directions implies that I know how to make them best fit into my plan to advance my career as a hacker/IT security pro, but at this moment I do not know how.

More advice needed, please.

DeFino. (2010). Official CEH Review Guide.  p. xviii

I need some advice for a plan to become a network security professional, including how and when to get work experience and certifications.  For others in a similar situation, the advice here should be tailored to someone who has not got their foot in the door, who loves hacking and computer programming, and who has a BS degree outside of computers but has realized that security is where their heart lies.

I love programming.  I began with DOS/Basic in the mid-90s, and worked my way through: Pascal, C, Matlab, VBA, Fortran, and bash (linux basic), though I have only used VBA and bash in work as an engineer.  So no IT experience and no Computer Science degree (actually its Physics but that is not helpful to me), though I am pursuing a Masters in IT with a Security emphasis.  I understand computers very well with A+ certification, and I have heard recommendations about CISSP, Security+ (some question this one), Network+, and EC (Ethical Hacker).  I understand the basics of malware and network mechanics with the different communication layers.  I have a CEH review guide, a Hacking for dummies book, and an Operating Systems Security book which I am studying at the moment.

Now I need to understand what to do, so I can focus my efforts and make a difference.  Certifications require experience, but the right jobs require certification and experience.  What should I do and what kind of timetable am I looking at for each step?  Thank you very much in advance.