Old.

tntcoda,

welcome to EH-net,

This topic strikes close to home so I thought I'd provide you with my experience as it seems I'm running roughly 1 year ahead of you.

I graduated from a UK uni with a 1st class honours in computing. Like you I've always had an interest in security. Nearly been working in my current place for three years (one year placement, one year whilst completing final year and one year after graduating). Don's advice rings true, keep doing whatever your day job is and jump on any opportunity to work on a security related project.

I've mostly completed my usual tasks whilst focusing on the security aspects like tightening ACLs/firewall rules, hardening servers etc. I've also been fortunate (or unfortunate depending on your view point) in that I've handled a couple of real-world incidents. Nothing makes the management types look at you differently than when the senior guys start panicking and the new-comer whips out a backtrack/helix CD and deals with the situation calmly

Basically, I'd echo Don's advice, get in where you can and push the security aspects where possible. If you company has any standards certifications (ISO 9001, 27001 etc.) this can be a good place to start by offering to do the security audits (that most people don't enjoy doing). If your place has a security department you can push for a transfer once you've 'proven' yourself, if you place doesn't have a security department then you amy become that department

In terms of pay, I can't speak for the whole UK industry as I don't have that much experience, but from my experience security type people are being paid more than programmers at the moment. (But security is a hot topic in the UK currently so this could be a blip).

Good luck with your final exams