The way I did it... I started off as a janitor. Don't laugh.
Cliff notes version:
Applied and got a job shipping and receiving for one of the original internet backbone companies. Not enough work, so they had us be janitors too. Built Point of Presence (think data closet, but also routed internet traffic through it). Wired building for VOIP and Data. Found out what they did, lots of time spent doing personal study, and transferred to their Network Ops Center.
Things learned there: Locks, Unix, Networking. Interest in defense after company was hacked.
Changed to a Teleco. Worked they're SONET and IP NOCS.
Things learned there: Fiber Optics, Laser Communications, more networking, Wireless networking. Unix administration. Interest in War driving and war walking.
Laid off, back to school. CIS degree and Anthropology degree. Managed a bar.
Some interest in security, some interest in physical security. Encryption and tunneling.
CO-OP as a data base reports writer. Used tunneling to get around the school's blocks on some sites. Tunneled connections home to do homework and things when there were not reports to write programs for.
Changed to Automotive Data Center. Watch over Electricians installing equipment and cables (cat5, cat5e, Fiber optics). Go between network engineering vendor and auto company. Did wireless audits (look for rogue APs in sites), and ran the network sniffers.
Learned Sniffing and how to look at packets. Network data graphs.
Changed to publishing company. Started as the Unix / Linux admin. Used tunneling to play around and test things from home. Then showed how to test remotely from my desk. Firewall admin got mad that I could tunnel around the rules. Punishment was taking over the firewall. Set up VPN connections, hunt out people breaking the AUP, locked down the firewall more, etc.
Currently, work for an IT company. Maintaining Load Balacers and server farms, making changes to firewalls, and setting up VPN for B2B and remote user access.
Every chance I got, I offered to work the security side / Defense. Some times I got to, some times I was ignored. When I could, I got in good with the security groups. Not in their department, but at least came off as someone that had skills, and understood the security side too. I've spent a lot of time over the last 14 years studying up on things on my own time.