I have an SSCP and currently work as a 3rd line IT engineer. Whilst security is important at my current company it is not the main focus (they are an small IT support Company).
Security is where I see my career progressing but am finding it hard to find any roles that do not require previous experience in Information Security. I would still like a hands-on role i.e. SOC engineer or info sec analyst but as I said these jobs normally require you to have SIEM experience or the like which I wont have coming from an IT background.
I concur with the virtual machine thing. You need to setup your own lab at yourhouse. Here is something I posted in another post:
One of the key things to gain the experience needed is to volunteer. Even if you do not get compensated for it. Too many people I have worked with only want to do the job if they get paid WHILE they are doing it or learning how to do it. I would equate it to the players on a bench on a basketball team saying "Well, when I get paid like a starter, I will put in the hard work required to increase my skills to be good enough to be a starter." I agree, most companies want to be able to find the person who already has the "starter" skills and not the "bench warmer" type person, but I moved successfully from the bench warmer role to starter role because of stories like this:
In one interview the panel could see I did not have the experience performing the IT duties they were requiring because I had never formally held a paid position performing those duties. I was able to answer their technical questions about how to do things on the system. However when I said "Yes I have not performed these duties at work, but I have performed these duties in my home lab." the interviewer asked about the details of my home lab. When I told them I had 14 computers, a router and KVM switch to connect it all. I had 3 servers and 11 computers (This was before virtualization was a big thing, and yes it was noisy but my spouse let me keep all of my 'toys' running in the basement!)" They said that was impressive. I showed them a picture of it and they said "If you took that much initiative to set that all up, I believe we can teach you the rest. When can you start?"
I am sure there are jobs going undone at your workplace. Look for those and ask your boss if you can do them or shadow those people who are doing security.
You can setup all of the virtual networks you want but in todays environment you wont even get an interview to explain what it is you are actually capable of! lol! Like any every other job its not what you know its who you know. With out a strong network there is no cert (including CISSP) that will help you break into this industry.