I love programming. I began with DOS/Basic in the mid-90s, and worked my way through: Pascal, C, Matlab, VBA, Fortran, and bash (linux basic), though I have only used VBA and bash in work as an engineer. So no IT experience and no Computer Science degree (actually its Physics but that is not helpful to me), though I am pursuing a Masters in IT with a Security emphasis. I understand computers very well with A+ certification, and I have heard recommendations about CISSP, Security+ (some question this one), Network+, and EC (Ethical Hacker). I understand the basics of malware and network mechanics with the different communication layers. I have a CEH review guide, a Hacking for dummies book, and an Operating Systems Security book which I am studying at the moment.
Now I need to understand what to do, so I can focus my efforts and make a difference. Certifications require experience, but the right jobs require certification and experience. What should I do and what kind of timetable am I looking at for each step? Thank you very much in advance.