I have had a large interest in security and hacking since I was barely a teenager, but now that I realize being involved in security is the career path I want to take I have become much more serious and passionate about educating myself. I have a decent GPA and have held internships, so I feel decently well rounded. The only thing I'd like to improve upon is my technical skills, which I feel would really round off the type of professional I want to become.
I finished reading Counterhack 2nd Edition within a couple weeks and jumped a million miles ahead to Metasploit: The Penetration Testers Guide, which admittedly wasnt the smartest move. I plan on setting up a few exploitable virtual machines, both linux and windows machines, any advice on that subject is also welcome. I can code in C++ and VB.NET but not proficiently, is this something key I need to work on? My current plan is to read until my eyes bleed and actively test and mess with my VM network and coding (python most likely.)
I plan on obtaining my Security+ cert before I graduate in the spring, just an entry level security cert showing I have some knowledge and interest in the subject. I then plan on working towards my CISSP after that, due to its supposed appreciation by HR and hiring managers. I assume I won't be working in a security-related position right out of college, so I was looking for some suggestions as to what positions typically lead to roles in security. or is it just a free-for-all in the job background sense?
A few other loose ends to tie up. What are some of the must-visit blogs/websites on the subject matter of Security? Any websites you guys visit daily or multiple times a day? Advice/first hand experiences for someone starting out in the corporate world?
I don't want to be someone relying on certifications achieved by regurgitation, I don't want to rely on knowing people, I don't want to rely on a relatively good GPA, I want to know my shit pure and simple. So any advice offered to me is incredible and I really appreciate it.