As for getting your foot in the door, start by learning about security. Do the CISSP even though you haven't got the experience yet. You can take the exam and be an associate. The important thing is that you learn. Learn as much about IT in general - programming, networking, OS, hardware. Those skills will come in handy. Learn about how business operates. Learn about people. Just keep learning.
And whatever job you find yourself in (until you get a "security job") apply the security concepts you learn to that job. If you code, code securely and make others around you aware of security concerns in coding. If you are a network guy, apply security to your network admin routines and spread the word. People will come to associate you with security, and you may find yourself transitioning into the role of "Security guy" offically