I graduate with my BA in information security in May and have already been accepted into my Master's program in information security management. While I enjoy aspects of enterprise risk management, my real passion lies in the practical aspects of recon, vulnerability scanning and exploitation.
My question is, what are the steps that I need to take to get to the point where I can enter the field of pentesting? I am a voracious reader and love network engineering and security.
I consistently score in the high 90's on my CEH practice tests, but cannot sit for the exam until I have some experience in the field.
Any suggestions would be appreciated.