I have been reading this forum over the last few weeks and I must say there is a wealth of knowledge provided.  It's great to see how helpful commentators are.

I have a couple of questions regarding certification and, more broadly, about my situation which I suspect is somewhat unusual. 

To summarize: I have been interested in computer security for a number of years.  This interest has manifested itself through reading the occasional article here and there, learning how to use a few tools (for example, nmap, kismet, arpwatch), basic JavaScript (now mostly forgotten), and reading popular “hacking” books by people like Mitnick.  I watch videos from the various “cons” and on Security Tube.  I migrated from Windows to Ubuntu and do my best to understand the system e.g. understanding the /var/log files.  That said, I have never systematically been taught any kind of computer security or indeed any computing whatsoever! 

As such, therefore, the notion of paying a certain number of dollars and being “mentored” appeals.  I have looked at the exceptionally detailed course outlines for the CEH and OSCP and I am enthused by the content. 

However, as mentioned, I am not from any kind of IT background.  The self-described “noobs” in these forums have Computer Science degrees or have worked as sysadmins for two years or something similar.  I have nothing at all like this – only a personal interest in computer security.  My professional academic qualifications are in unrelated disciplines.

I am at a stage in my life where I need to determine my future career.  Otherwise I will just get older  and, while I currently operate in a professional environment (as a PhD student in an unrelated discipline), where I am is not where I want to be.

I am not interested in training purely as a means to an end (a job).  I am interested because training would provide me with new information, new ways of perceiving security, and new experiences.

I perceive two potential problems.

The first is that I will simply not be permitted to take the course.  The EC-Council states:

“Not anyone can be a student — the Accredited Training Centers (ATC) will make sure the applicants work for legitimate companies.”

Since I have zero experience in IT and certainly do not work for the type of “legitimate compan[y]” they want, the EC-Council's demand would suggest I have no way to take their training.

I understand the OSCP screen applicants too.

I understand their rationale but it puts neophytes like me who have an interest, but are not formally employed, at a disadvantage.

The EC-Council write that:

“This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.”

I am, indeed, concerned about the “integrity of the network infrastructure” but on a personal rather than professional basis. 

The second concern is whether I have the necessary knowledge (gleaned from experience).  I would take the view that, should I be permitted to take a course, I would learn what was necessary in advance (for example, shell scripting).  Anyhow, I would be less bothered about passing the exam and more focused on learning the information.

To summarize: the attraction of a course is that I would be taught in a co-ordinated form by professionals (obviously supplemented through intensive personal study).  This teaching would hopefully help me to find employment as well as providing me with knowledge which I find personally interesting and which I currently feel I lack.   

I hope that – considering my specific circumstances – people can provide advice.  Many thanks!

If you are at the interested amature stage then I recommend the COMPTIA courses as a starter.  These will help broaden your knowledge and give you a better foundation for whats to come