First of all, Welcome to EH-Net.
Whether or not you are interested in being certified, I would highly recommend studying for either CEH or CPTS. They already did the work for you by organizing the field into core modules. There are several great books on ethical hacking, pen testing, certs, etc. You can get sample chapters of some of them in the Book Reviews Category
. Try this one, then explore the site for other book titles:CEH: Exam Prep 2
Also, look in the forums for the boards dedicated to the modules for the different exams. Again, this info is great whether or not you plan to take an exam:CEH Modules BoardCPTS Modules BoardCPTE Modules Board
As you go through the material in the boards and in the books, keep in mind that it is not a race to finish reading the material. As you get to each concept, tool or process, stop and look them up on the net, install them, get familiar with them. As you do that, you will find that your searching leads you to other places on the net, leads to questions, etc. It will really start to open the field for you.
As for starting your own pen testing division within your company, I was just having this discussion with Dengar13. As with any new venture, you not only need management buy in, but they also need to make the fiscal commitment to the right tools. As an example, Metasploit is a great framework, but when you start dealing with clients, they want a deliverable. That usually means an extensive report. Calculate the amount of time it would take to format the gobs of data from your pen tests into something legible for a client, and those packages like Core Impact that generate the reports for you quickly don't seem so expensive any more. We haven't even discussed the topic of getting your first client. You may need to drastically discount your pricing to "build your book" and get some testimonials. I could go on and on, so this may be a good topic for a new post.
Hope this gives you a good start,