So this is the usual sort of 'I'm looking for advice' thread.  My specific questions though are about how/where I can get started in offensive computing when I already have a TS clearance (EDIT: And I am in the US).  I'm in my 20's, but have been using computers since floppies were floppy, so I have a wide but shallow background (smattering of knowledge in some languages, some networking stuff, but nothing to impress).  

So does anyone else have experience in Top Secret jobs? Specifically, I guess, what do they need, and what might be a "ok, you can learn that on the job since you have a clearance" sort of thing.  

I talked to one company that was very interesting, and they seemed to scoff at certifications (they poo-pooed CEH as likely to be out of date once completed) so I am currently not too concerned with certifications.  Is this folly, or is this a cross-industry attitude?

Right now I am setting up some virtual machines and going to look through crackmes.de (which I saw here, in a post by SynJunkie - Thanks!) I was thinking to supplement this with other tutorial/poke around packages I find in the Tutorial section in the forums, and free books.  Is this a good way to learn? Any other tips or ways that have worked for you?

Also, what other sites do you recommend? This might just devolve into a favorites posting, but winnowing down the field of sites I've collected from here would be appreciated.

Thanks for the read-through and any advice! Also, if this post is scattered please feel free to ask questions, I am still pretty scattered and trying to figure all this out.

Thanks for the reply/help!
Yeah, I sort of figured the one company that (says they) put no weight on certs was a fluke...
I'm definitely glad to have found this site and I bet I'll be using it a ton, like you recommend.  Thanks for the motivation and the advice.

My recommendation would be to checkout http://securityclearancejobs.com by Dice.  You can see what jobs are available in your area and what their job requirements are.

Good luck.

My experience (even in the clearance venue) is that certs will get you in the door for an interview, but that's about it.  After that, you're on your own for the technical interview.  Every job I've had (with an without a clearance) I got in the door for the interview through a friend or because of certs/training and then got the job because of performance in the technical interview (sometimes hands on).

I'd do a cert or two if you have the time (don't go overboard), but focus more on knowledge.  And networking is key.  If you aren't on linkedin, get there.  That being said, you need to keep your clearance active, so take a less then ideal job in the mean time so your clearance doesn't age off.

Just my $.02.

Certs to get in the door, check
and linkedin? cool, thanks for the advice, I have avoided it as just another darn social networking overload site, but I'll definitely check it out now...

Oh and another random question: what are some good keywords? I have been checking out the major defense sites, but have been troubling narrowing down the jobs. Still getting just a lot of IT maintenance jobs... I've used keywords like cyber, security, penetration, information assurance/IA, CEH, CISSP, other cert acronyms, embedded, assembly, real time. Any other good tips?  I suppose I am looking for a dynamic job, not one securing one site's system, but one securing/breaking many. (I think, heh - still figuring this out...)