My top 3 choices narrowed down are: crypto, pen test or forensics.

Still working on my degree however anyone have good resources to learn the above?

yea, start hacking shit

This. Obviously finding or setting up your own things which are actually legal to hack is preferable. I recommend visiting http://overthewire.org/wargames/.

Generally speaking, there are no true entry level positions in info sec. The majority of those positions that are labeled as "entry level" are entry level for that subset of IT and not actually entry level. Honestly, your best bet is to get your foot in the door doing help desk (not a call center) or desktop support and move into security from there.

Although you didn't list it, programming in security is huge right now for malware analysis and reverse engineering. I only mention that because I've seen your posts relevant to programming.

For pen testing, look towards oscp. C|EH is popular because it fulfills DOD requirements, but it's not that highly regarded. It's good to know the material that's covered by that cert, but I would not recommend spending money to get it. You'd have better ROI with security+.

That sounds super intimidating but interesting, I've never even heard of malware analysis or reverse engineering in regards to programming and security. Sounds cool though, I'm going to read about it. Got any neat sources to share?

I agree, interesting but intimidating! Outside of research, it sort of falls under incident response...so I guess it counts as part of "forensics"? You don't need to be a seasoned programmer, just having a very good understanding of the concepts should be enough to get into the learning. Cybrary has a decent "class" on malware analysis, worth a look. (they have a bunch of decent stuff actually, 100% free). I've also heard good things about this guy:
https://zeltser.com/introductory-malware-analysis-webcasts/

Beyond that, getting familiar with the most popular debugging and analysis tools is the best way to start. I'd also say to look industry certifications as a model of what to learn/study. GIAC is the gold standard for security certifications, they are very highly regarded, but are amazingly cost-prohibitive for most individuals. But looking at what the certifications cover is a great way to guide your own independent studies. The SANS Institute does most of the "official" training for GIAC, here's a relevant course syllabus:
https://www.sans.org/course/reverse-engineering-malware-malware-analysis-tools-techniques

Amazing, thanks man. Will take a look at all of that.

What kind of job in infosec are you looking for? Programming, hacking, research, or something else?

Crypto: Unless you're incredibly talented and have a master/phd in crypto you're probably not going to get a job doing crypto research. We always recommend customers use the latest secure algorithms. Making your own is incredibly error prone. Look up the SHA-3 competition. 51 algorithms were submitted by experts in the field and only 14 passed the first round of examination because they have a cryptographic weakness or are broken in some way. The 14 other algorithms were then analyzed and most were thrown out because of issues with performance.

Pen Testing: This could help on your way to becoming an infosec researcher, but you'll have to work very hard and put in a lot of your own hours outside of work to keep ahead of the curve. You can get this type of job as an entry level job and you'll learn a lot on the job.

Research: This is a job you're not going to get unless you've been working in infosec for a while or you have a good resume. I've talked with the researchers at my company and they're incredibly smart and talented. They're also all over 30 and have been hacking practically since started using computers.

Programming: This is the easiest job to get in infosec because you won't need any experience in hacking or infosec. As long as you show an interest in the field and you know how to do the programming they're interviewing for you'll get the job.

I've been working in infosec for a few years and I'm currently working as a programmer. I've learned how to hack while working this job. I learned partly at work and partly in my own time. For me and my work ethic this is the right position in the field. I put in ~45 hrs at work each month and often participate in hacking/ctf events with co-workers outside of work hours. That is how I learn a lot about crypto and hacking.

This post was edited by waraholic on Oct 9 2016 10:02am

Even if i am not a cs major (cis major) are the oppurtunities about equal in terms if getting a job as a programmer? I understand there are many different fields of programming. For instance, would an interviewer be more cautious hiring a just out of college cis student than a cs student to fill a backend position? Or does it all come down to skill and knowledge etc?

This post was edited by Shakti on Oct 10 2016 01:19am