I am a Computer Information Systems student finishing up my last year of undergrad. I have an extremely light final year of school, 4 courses over 2 semesters, so I've decided to take advantage of all my free time and learn as much as I possibly can on my own time before I graduate and (hopefully) find work.

I have had a large interest in security and hacking since I was barely a teenager, but now that I realize being involved in security is the career path I want to take I have become much more serious and passionate about educating myself. I have a decent GPA and have held internships, so I feel decently well rounded. The only thing I'd like to improve upon is my technical skills, which I feel would really round off the type of professional I want to become.

I finished reading Counterhack 2nd Edition within a couple weeks and jumped a million miles ahead to Metasploit: The Penetration Testers Guide, which admittedly wasnt the smartest move. I plan on setting up a few exploitable virtual machines, both linux and windows machines, any advice on that subject is also welcome. I can code in C++ and VB.NET but not proficiently, is this something key I need to work on? My current plan is to read until my eyes bleed and actively test and mess with my VM network and coding (python most likely.)

I plan on obtaining my Security+ cert before I graduate in the spring, just an entry level security cert showing I have some knowledge and interest in the subject. I then plan on working towards my CISSP after that, due to its supposed appreciation by HR and hiring managers. I assume I won't be working in a security-related position right out of college, so I was looking for some suggestions as to what positions typically lead to roles in security. or is it just a free-for-all in the job background sense?

A few other loose ends to tie up. What are some of the must-visit blogs/websites on the subject matter of Security? Any websites you guys visit daily or multiple times a day? Advice/first hand experiences for someone starting out in the corporate world?

I don't want to be someone relying on certifications achieved by regurgitation, I don't want to rely on knowing people, I don't want to rely on a relatively good GPA, I want to know my shit pure and simple. So any advice offered to me is incredible and I really appreciate it.

If you want some gnarly and fun training look at the offensive security stuff. OSCP isn't a regurgitation cert, you have to hack boxes to get the cert. It requires some upfront skill, but nothing major.

As far as different jobs that lead to security, there are a 100 ways to do it. I think you'll have the best success finding something you're passionate about, whether that's coding or networking, whatever. Then, try to figure out the security angle and go from there.

For news/blogs, I get almost all my up to the second information from twitter. Go to my twitter page and see who I'm following. I still haven't found a better source of information than following the major security folks.

My first post....ever.
First I want to say EHnet is a great resource. I love reading each post especially the advice given by so many.
Like mynamesgeneric I am seeking advice and possibly a mentor.
I recently graduated with a BAS in Computer Information Systems and have been in IT (Sys Admin) for 5 years. Before IT I was in the military 4 years and in telecom 8 years.
I have a few certs (CE|H, MCITP-SA, Sec+). I volunteer my IT services in my community,church, and neighbors. I have a passion for IT and learning but currently stuck
looking for my niche in the Security field. I would like to concentrate
on one thing and do it well.
Anyway, I am seeking a mentor in the network security or pen testing area.
Any guidance or advice would be greatly appreciated.

Not so much which is why I have been looking around. I work for a government contractor that is big on security. Great right? However, the positions are very limited/separation of duties. I also live in a small town. Another down side.
There are some security positions but nothing at the level of pen testing. I know, I have to start somewhere.