My background: I started working with computers when I was 16 years old and started my own business at the age of 17 fixing computers/networks in SOHO settings.
In 2001 I was off to college to study for a BS in CS. I had tons on my plate during this time (school full-time, work full-time, commuting to school), so I dropped out of school. In 2006 I went back to school and finished my BA in Political Science/Government (instead of CS) and graduated in June 2009.
While in school, I worked at a computer repair shop. There, I learned how to preform data recoveries, identify in-the-wild malware (no virus definition to remove it), Windows operating systems (98-7), hardware, networking, some Windows Server stuff, some Mac OSX, and some *nix.
For the last six months I have been working as the Corporate IT person for an internet company on the California Central coast. We run Windows, Mac, and Linux desktops. I manage 2 Windows 2003 servers, a VOIP phone system, and 5 switches. My job is pretty cool, but there was almost no learning curve for me since these are all things I have worked with in the past. If any thing, it was a lot of shaking off the dust.
Where I'm going with this: Ultimately, I would like to be a network and server pentester or security engineer. I want to learn to bypass firewalls and gain access to servers. Why? It seems like a job I could never get bored with and would always be challenged. It sounds fun and totally cool. I would like to be working at as systems administrator in the next 6-9 months. From what I have come to understand, the systems administration experience will greatly help when it comes to pentesting similar systems. When I interviewed for my job there was mention of this being a possibility, but I would rather feel like I have control of my career.
I have read the posts with similar topics:
http://www.ethicalhacker.net/component/ ... ic,5818.0/
http://www.ethicalhacker.net/component/ ... ic,5825.0/
These posts are great, but I don't feel they quite address the question I'm about to ask.
My question (finally): When I'm off day dreaming and looking pentesting jobs, I see a lot of requiring/preferring a BS in CS or Network Security. I usually see:
12: Education requirements: Bachelor of Arts/Science or equivalent degree in computer science / security or related
area of study
13: Years of experience: eight plus years of experience with a degree/ equivalent experience without a degree will require eleven plus years of experience
Completion of a 4-year degree. Technical focus preferred.
So, would it be recommended/needed to get a BS in CS or Network Security to pass the HR screenings to be able to land a job in InfoSec? I know / know of Systems Admins, Data Base Admins, and Network Engineers who don't have technical college degrees or degrees at all. But, when I see things like this, it gets discouraging.
I have been working on re-learning a lot of the things I fell out of practice with over the years. I'm also going to start working on my alphabet soup (CCNA Security, LPI, Security+ to start with) to build up some good fundamentals and go from there. But, what I really want to know is: even if I have a bunch of the most respected InfoSec certifications, will that be enough to help me land a job pentesting networks and servers or in reality is it going to take a second bachelors? I don't really have an issue with racking up some more student loans, and I would just do night/online classes to get the degree (I figure it would take 1.5-2 years).
I'm open to recommendations and suggestions, and appreciate any and all advice.
Edit: I'm also hoping to have seriously killed this horse, once and for all.