Security Testing - Where on earth do you start?

I’ve been a tester for around 12 years now. I’ve got experience in API testing, UI Automation, Load Testing, Performance Testing etc. but I haven’t done any Security Testing.
I’ve bought a couple of books a while back, but I haven’t done a great deal with them.
• Patrick Engebretson’s Basics of Hacking and Pen Testing
• Occupy the Web’s Linux Basics for Hackers
I thought it’s about time to revisit and try to learn a little about Security Testing, but, and maybe it’s my age, the amount of information is overwhelming.
I don’t have a specific question, but more of a series of questions. Just starting with Penetration Testing, below are some general questions. Please feel free to answer as many (or few) as you wish. Just after some opinions and steer.
• Training & Certification : Does anyone recommend any particular courses or certification?
• Good websites : OWASP seems top of the pile, but again, it contains an incredible amount of information
• Roadmap : Does any one have a general roadmap for getting started?
• Kali : It’s covered a lot in one of the books above. What are your thoughts on it.
Beyond that, if you have any books, source material that you find indispensable, feel free to comment.