I don't think there is much you can do with these breaches to boost your career unless you know how to prevent them.  So research stories and at some point someone will post the rundown of what occurred to allow the breach.  In the case of anonymous/anti-sec it is typically the same attack vector: poorly secure web application with a even more poorly secure SQL backend that is vulnerable to SQLi attack.  So concentrate in Web Application Security and you should get some leads.  As far as working for a smaller company, unless it is a consulting outfit, you may not find too many opportunities.  regular SMBs can rarely afford nor have a need for a full time security engineer unless some compliance standard requires it.  If your buddy's consulting company wants to expand their expertise then pushing toward a Web App Security guy may help.

Bottom line, you will need to get experience and your best bet would be to get in as a consultant in a security company, even if it is entry level.  CEH will get you past HR but you may lack the technical skills to excel in the job.  You might want to also look into pursuing an eCCPT and eventually an OCSP which will help give you the much needed technical background to get a leg up.