Hello Ruggine,

Welcome on-board EH-Net.

That's a wonderful introduction. Your programming skills will definitely help you with the security related researches. As far as learning security in the university network, I won't suggest if it is not a controlled lab. Try to setup a controlled lab network where you can practice and try out various security exercises. There are few threads discussing this:

Network pentest lab setup   

Pentest Lab: Web Application Edition

Wishing you all the best for your learning initiatives.

Happy learning 'n' hacking

Hello, ruggine! Welcome to the forum
You've come to the right place. I'm sure that you'll find solution to any question you might have. Just stick around and you'll learn a great deal just by reading the discussions.

Have you considered any certifications? Security+ is a good one to start with. Even if you have some security skills, most employers will ask for some concrete proof to show to them. Certification is that proof. Check security jobs in your local newspapers and make note of certifications employers look for and start working on them.
I would also advice you to purchase Counter Hack reloaded by Ed Skoudis and practice the material in your OWN lab.

Perhaps not. Make sure you've proper permission before you practice on your University network, otherwise you're just calling for unnecessary trouble.

Manu Zacharia has given you excellent links to build your own virtual lab. However, if you still have any confusion I'll just copy-paste a similar response I posted in some other thread. http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5376.msg28590/#msg28590

You do not need any expensive stuff to build your 'virtual' test lab. In fact most of the stuff in my lab is absolutely free. You can find various open source counterparts of commercial tools.
There are various 'free' virtualization products available like virtualbox, vmware player and vmware server. I'm a big fan of vmware products. Personally, I believe that vmware server will be enough for what you want to do. Vmware server is a stripped down version of the excellent commercial vmware workstation but contains almost all the basic features you'll require. You can download pre-built linux virtual machines from the vmware website http://www.vmware.com/appliances/directory/
There's also a free route to get Windows OS. Either you can download the OS from Microsoft's website which comes with around 3 month trial period. Furthermore, you can also download Windows XP SP2 virtual machine from  NIST's website http://www.offensive-security.com/metasploit-unleashed/windows-xp-machine-setup
As for the softwares like ftp, telnet daemons and webservers etc...well most of them are free anyway 

Jhaddix and Laz3r have posted wonderful tutorials to build a virtual test lab. You can get them here:-
Network pentest lab setup    
Pentest Lab: Web Application Edition

Additionally, you can practice on ready made targets like De-ICE live disks, hackerdemia and pWnOS all of which are available here http://forums.heorot.net/  You also have LAMP security disks http://sourceforge.net/projects/lampsecurity/  Also try your hands at the 'Skillz' section of this forum http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/board,12.0/ They will test your limits.
There's also a topic here at EHNet which will direct you to more stuff for practicing http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5043.0/

Welcome aboard!

Welcome! I am also new to the forum and new to Information Security. I guarantee you that this is an ideal place to learn!

Ah, but that is very much, still, ethical hacking.  Doesn't matter whether you're pentesting against an internal or external network.  Doesn't even matter if you're finding holes that the network owner is already aware of.  Very often you WILL get paid for this, because, even if you're just confirming their known flaws, there are legal and certification requirements that must be satisfied, through a pentest or audit.

As an ethical hacker, it's your job to find and disseminate security risks to the company, whether confirming existing or finding new ones.  Very often, I'm involved in a situation where the IT department knew about a hole, but didn't close it, because they didn't feel it was a high enough risk to the organization.  However, when I showed them, through a pentest, the amount of actual damage that could come THROUGH that hole, their mindsets changed.

Additionally, the internal side of things is VERY important, as it's where a skilled hacker / attacker is going to head, immediately, as soon as they breach the perimeter (whether by exploiting a flaw on the border servers, or by social engineering and client-side exploit.)  Either way, security holes on the inside MUST be closed, to avoid further potential data loss and risk.