I can't tell you which path to take but i can tell you what are the jobs available locally.
The IT security market in overseas is different.
I'm not even sure what they teach you in Poly or Uni nowadays but my stand is still the same for anyone that i teach.
"Get Your Fundamentals Right"
Learn Safe Coding if you are into development or source code auditing like i do.
These are specialised jobs but you won't regret it cos these jobs pays higher but if something cocks up...you're the first person the fingers will point to.
Penetration Testing, as more and more companies put the information up in the internet and intranet...etc... there is a need to hire pentesters to do all the dirty work in case the system administrators missed out something that could lead to loopholes in the entire systems. It's not an easy job, you could make a lot of enemies if you are not friendly or tactful. Banks hire these people too and Banks pay quite well.
The rest are classified as niche market imho, jobs which require you to be either lucky and chance upon it or referred by friends. As these positions are very few.
Last advice, look through your past notes and ask yourself these questions:
"Do i really understand them thoroughly enough?"
"Are my self developed applications so good that they are free from bugs?"
if you answered "NO" to any of these 2, Post your questions here again if i'm available.
What they teach in schools are just touching the surface of everything.
If you ever got ideas for anything, write it down.
Remember this, "Ideas Are Premium"