You mean the seventh edition? Yeah, you're right. I read the fifth one (2005!), and I can tell some methods are now deprecated or have increasingly evolved. But I don't know about 2012... However, I was still able to learn a lot from it. And it taught me to find resources to keep learning, so, it definitely wasn't a waste of my time.
Holy shit stranger, you are a hero. I definitely feel more confident moving forward with this program now. I'm already prepared to learn a lot of stuff on my own (I didn't know for sure but I had a feeling universities wouldn't be keen on teaching actual hacking skills). I've ordered this
>http://www.amazon.com/Hacking-Exposed-Network-Security-Solutions/dp/0071780289
because it has been recommended to me several times. If you have any other book recommendations I will soak them up gladly. I'm also working on going through some courses at www.cybrary.it.
By setting up an environment do you mean virtual machines to practice on?
The first book i picked up a few years ago was Hacking Exposed. It was a good read and gave a good sense of the cracking stream of thought. It alos gives a basic overview of many exploits and tools used in the wild. Just my 2 cents.
Believe it or not, you are talking about a semi-well-trodden path. A fair number of people move from the arts into web development (typically front-end), front-end design, and system administration (usually Windows, but I have seen some *NIX administrators who were schooled in and had previously worked in the arts). It is usually from there that they start to pick up on cybersecurity, though I will admit few people take it very far because most people who move into IT from film, graphics design, etc., usually love the front-end work too much -- it's generally people-facing, it lets them explore their love of art, and it's just fun.
If you do go that route, it's actually the easiest method for getting introduced to security concepts, getting introduced to the security team, and then you can make friends with the security folks at the company and use those relationships to explore more and/or transition to cybersecurity. It is much more difficult to go from outside of IT (in general) into security unless you do something like auditing or you take a burn-out job (e.g., incident responder, "security researcher", or "threat hunter") -- the burn-out posts are always looking for more meat to put in the grinder, but they are a great way to hate your day and get completely turned off of security.
Outside of that, if you want to get started, my recommendation would be to:
1) pick up a copy of either (or both... both is a good thing) "Hacking Exposed" or "The Hacker Playbook". You might be able to find them at your library. They are both old (well... Hacking Exposed is from 2012), but they offer you the ability to read about various vulnerabilities and methodologies at a high-level in nice, controlled, bite-sized chunks (Hacking Exposed is especially good at that). Don't expect or demand understanding of everything, though -- the goal is introduction to the concepts and terms.
2) try to find a reputable podcast that you enjoy, but make certain that it's not by someone who hasn't been doing it for long, doesn't know what they are talking about. I hesitate to mention it because it's still a work in progress (we started less than a year ago and are still working through the process of making them), but mine is this one. I would caution against many of the popular ones because they tend to have grossly incorrect content, give unrealistic expectations, and will completely misguide you, taking you down paths that are significantly less successful or giving you the wrong impression regarding the complexity of things.
3) as I said before, play. If you want to learn cybersecurity, you can't learn much from a book, video beyond terminology and some high-level things (not entirely true, but it's hard to learn application from a book). If you want to try some capture the flag things to start off, ones like TryHackMe are fine for absolute beginners, but know that they are all completely unrealistic and represent little that you are likely to see "in the wild".
4) befriend someone in cybersecurity and have them mentor you. You might actually have that opportunity at your current job, though I will tell you that until you move into something IT they might not take you too seriously, thinking that most of it would be over your head, which may mean that they give you less than they would have otherwise.
I found Hacking Exposed to be a useful starting point.