I have a good background of ISO so decided to take the CCNA course, is that a good start to get into the second level in network field? And would that be enough to move to network security?
A CCNA will give you enough to become a minor router admin and is not enough to get into security. Networking is important as a whole as it will assist you in being able to weave your way around networks figuring out what is connected to what, how, why and where. Unsure what you mean about "second level" of networking.
Personally, I always recommend CCDA/CCDP studies in relevance to security as it helps you understand the architecture from the 50k foot view. The CCDP forces you to understand topics such as QoS, MPLS, VPN and other topics you can run into when doing this. Unsure how many pentesters I have met that couldn't tell you default information for say BGP, OSPF and why they'd likely not pierce a hole in an MPLS tunnel. But that is going too a bit of extreme for a pentester with less than say 10 years experience. Not too many people can stomach or tolerate networking so they end up stuck on Web Application Security and other boring areas of pentesting.
So to re-answer your question: No the CCNA does nothing for you when it comes to security. Understanding the OSI would have been enough and if you wanted to immerse yourself deeper on the networking side, CCDP and IE Security studies will get you there.
now here is the question, why does the hacker need to learn how to program? Say to modify a source code? or to build up some tools?
Do I need to learn more programming languages? Some of you mentioned Python is a good one, do I need to learn it too?
Here is the reality of this: 1) Programming simplifies your work and helps you out whether you choose to build your own tools or modify someone elses. It helps in discovering and exploiting faults (fault injection aka fuzzing) in badly written programs. Whatever language you choose, is optional and always opinionated. I snicker at those posting: "You need to learn Python" when almos NOTHING I DO is in Python. It might help you in a situation but is NOT the de-facto language and anyone telling you this is underclued. Had I to recommend a language it would be: "Any that makes you comfortable."
I tend to use shell scripting almost 99.99999% of the times as I try to avoid installing anything on a system since it attracts attention. Most people touting "Learn Python! ... Learn perl! ... Learn Ruby! ..." are generally someone who is used to firing off tools from their own workstation. Throw them on a contained system where they cannot use these tools because they are not installed, and watch them fail miserably. Understanding specific systems and their tools is THE MOST crucial thing you can teach yourself however, certain languages will AID you. If YOU however, rely strictly on a specific, you will eventually fail.
the question is how deep do I have to know about them to become a good hacker?
The better you understand the systems, the quicker and easier you will be able to find flaws, misconfigurations while keeping your noise ratio down. I say focus on systems more than programming for now.
And the other one is do I have to have certifications on them just to prove that I got what It takes to companies when applying for a job even as a security "guy"
Any cert you have will help not hurt. Providing a measurable record of what you know goes a long way so if you want to get them, then get them. Just be aware that experience ALWAYS trumps the cert.
Hacking/security certifications, the topic that we all have talked a lot about...
I started taking certs out of boredom. I already have over 13 years experience when I started taking them. Then I continued out of i) Boredom ii) a personal challenge iii) to annoy people with an annoying long signature (serious). Experience always trumps the paper in reality, and certs to nothing more but add to your salary depending on your logistics. Depending on your area of work, they may be mandatory as well. The goal to getting tangible results and your moneys worth, is to find out what interests you in the field of security. Then focus on becoming the best you can be for your own personal gain. The more you learn, the easier it will be to pass cert exams.
Finally, let´s say I finished CCNA, and I had about 6 months experience of working in networks, also I had a basic hacking certification...
This sounds more to me like: How can I hurry up pass exams and make more money... Nothing wrong with the concept, but the industry is cluttered with entry level people who have beginner "hacker" certs along with CCNAs.
My suggestion, first find the area of security which most interests you and learn as much as you can about it. Focus on making yourself the top expert in that category, read study break, break study read. Understand as much as you can until any question you're asked, you will not hesitate to answer. Once you're comfortable and you start seeing many people come to you for help, to ask a question, then start focusing on the exams. By the time you get here, it will be from experience and learning. Then start banging out the exams.
What too many people nowadays is rush the issue. A LOOOOOONG time ago, individuals were required to learn, then apprentice for years before taking the exam. Nowadays, it seems everyone is in a rush and when things are rushed, they barely go right in the long run. This is your life, no one's comment is going to make any impact on your life, only you can make an impact by doing what is right for you. Logically: "the right way is the only way..." The right way comes from time, patience, experience and learning... Not trying to rush through 6 months experience and oh college and oh... Learn as much as you can at the pace you feel comfortable with. Learn it because you want to learn it, because it interests you, not because everyone else is doing X or Y. If I had a dollar for every answer I have to shake my head at, I would be able to dish out monthly payments on a pretty nice car.