I'll give you the full low-down, I'm mid 20s, from the UK. I have already done a science degree (to Masters level) and I've been unsuccessful in getting a job due to the current market for that job role and that part of the country.
So i want to go back to a passion I've had for years, which is in IT security. However, I have minimal qualifications (from school) for IT, but I have natural and self taught talent which exceeds even that of some people in university. I have a cousin who has an Honours in Computer Networking, and he said I would have walked his degree. However, I have nothing on paper to back anything up. My only hope is to start doing loads of certificates, likes CEH, ECSA, SANS,etc. I am willing to do whatever ones it takes. However, realistically, will I be able to get a job in the security industry with that? And what kind of salary could I hope for when starting out, and how much could it escalate to?

You may want to also consider going for a systems or networking position and not trying to go straight into security. You'll have an easier time getting an IT job with little experience than you will an infosec position. Also, make sure your certifications compliment your experience. It may be advantageous to start with something more general, like the CCNA, instead of loading up on professional-level infosec certs.

Don't forget Redhat certs such as RHCSA or RHCE. While the RHCE is not an entry-level cert, the RHCSA is and I'd say the Redhat certs are the most widely accepted Linux certifications.

Well you mentioned you had a science degree.  So you do have A degree.  Which always looks better than no degree at all.  A friend of mine had a Pych degree and was a high level engineer at the consulting firm we were at.  Now he runs his own firm. 

Best thing you can do is work towards some experience in IT in general and possible go for something like Security+ or CEH to back you knowledge up. 

Also, like Hayabusa mentioned, get involved with the community.  The more you network the better.

Good luck!

Thats seems interesting, do you have a link for a course/exams for that?

I did search, but I'm getting loads of links from different providers, just want to know which particular one Jamie.R recommends.

It's nice to hear you've already done a science degree, but it's sad to hear you've been unsuccessful, have you had any IT-jobs at all? I'm wondering if you're aiming too high, but getting a junior position within pentesting shouldn't be impossible 



What are these self-taught talents? Do you have any blogs? Websites? Created any videos, tools, whitepapers, etc.? (My point is, without experience, and perhaps no certifications within infosec at all, having these other things may contribute to getting a job.)


About the loads of certificates, if you want to learn something useful, avoid CEH and ECSA. Some SANS training is okay, but I haven't heard anyone say it's "hard", as in you actually find it challenging, compared to other training providers. GIAC are by the way, the certification provider that is related to SANS.

So you should focus on other certifications, from e.g., Hacking Dojo, Offensive Security or eLearnSecurity for starters, as you'll gain a lot more practical knowledge that you can use. Offensive Security certifications, even has quite a lot of value in the UK. (OSCP in particular.)


[quote author=pharmerjoe link=topic=8531.msg46884#msg46884
 I am willing to do whatever ones it takes. However, realistically, will I be able to get a job in the security industry with that? And what kind of salary could I hope for when starting out, and how much could it escalate to?
[/quote]

Whatever it takes, if you want to be one of the best, say goodbye to playing computer games (if you do that a lot) and other things that takes up a lot of your time. Then say hello to reading books about hacking (there's many good ones), papers, presentations (from e.g., Defcon.org and BlackHat.com), learning programming languages if you don't know any (like C or C++), or scripting languages like Python, or perhaps PHP if you're focusing on Web Application Security.

Instead of MSN, Skype, or whatever you use, say hello to IRC if you're not already there, where you might use hours discussing various infosec topics, for fun, or just random things in life.

That is some of what it takes, if you're going to be serious  In some point of my life, when I was working with IT-support, I was also using my own server outside work to find 0days in web applications, in the small breaks I had between calls when there was nothing to do. (I really enjoyed looking for 0days at that time (still do), even in small apps that hardly anyone use.)

[quote author=pharmerjoe link=topic=8531.msg46884#msg46884
However, realistically, will I be able to get a job in the security industry with that? And what kind of salary could I hope for when starting out, and how much could it escalate to?
[/quote]

If you're good, and you can prove it during an interview (the technical part), then experience and education may not matter that much, if you pass the technical part without any problems. We're of course talking about junior positions which you should be focusing on.

The salary, there's a website for that. When you step up from junior, and onward to senior, the salary can climb really high. If you're going into information security, salary shouldn't be your primary, second or third concern, it should be to get a foot inside, and get paid enough to live okay  (It isn't a bad pay juniors get either.)

Living in the UK gives you a nice advantage over living in many other countries, as there's quite a lot of pentesting jobs there, compared to e.g., Denmark, where the role "junior penetration tester", doesn't exist. (In fact, penetration testing hardly exists as a single job, it's often melted into consulting instead, which requires many years of experience, certifications, education, etc.)


That's just my opinion and advise of course