I suppose it depends on your goals.

1) Do you want to work for a company's incident response team? Get HR friendly certs as well as technical certs.

2) Do you want to work for a pentesting firm?

3) On your own, as a consultant?

I'm in a similar boat as you, and certainly not an expert. I am considering taking the PWB online course at offensive-security, once I get the time and $$.

Search the forums, I found a LOT of answers to these questions by very qualified people.

Did she use iCloud for backup?

I hope to take this soon. Considering how I am going to fund PWB. I know its not that much compared to many other courses, but $1100 is a lot for me.

Once I start, I'll offer the newbie perspective, if anyone is interested.

Backtrack, and most other distros can manage well on many different configurations. You'll be getting a USB Alfa card for wireless pentesting, so the builit-in wifi isn't so important. Generally speaking, I'd avoid buying HP, Compaq, and Dell. My favorites are Lenovo and Acer, though the PB laptop you found seems like a good deal. Look on newegg.com and tigerdirect.com too.

I use a crappy old HP to learn on. Stuff it full of RAM and go. If you need multiple VM's for a lab full of vulnerable computers to practice on, get some old desktops and load them up. Save your money for training and books.

Its also possible you were doing a stellar job, and were let go for reasons entirely out of your control. Politics suck, and often people suck too.

Yup. What he said he said.

Have gotten several calls from residential customers who get phone calls from scammers pretending to represent Norton or Microsoft. One woman was very scared that hackers got into her system, even though she hung up and never did anything with her PC.

The other customer fell for it. The scammer convinced her that he was from Microsoft, and that her PC was hacked. So she turned it on and went to the website he directed her to, and he established a remote session using showmypc. He then told her all her files were corrupt, and scared her by showing event log entries. Then he wanted her to go to Western Union send him $25. She refused and he hid her desktop icons, and hung up. She thought she lost everything and called me in a tearful panic.

She's all cleaned up now, and better educated about phone scams I hope.

Those of you who support end users, do you get calls like this?

I've seen videos posted by other forum members of pentesters using similar SE techniques to trick corporate users who should know better, pretending to be the Help Desk, or similar. Do you find that these sort of methods work better / faster than vulnerability scanning and exploitation? Or do you do both, and report the technical issues and the SE issues?

I plan to shoe-horn pentesting into services I already offer, once I have the knowledge. I've been running a my own one-man computer networking and repair business for ten years, so the clients are there, well sort of.

 As has been mentioned before, the problem is that most customers don't care about real security. They just want to check the box to be in compliance with all those "annoying computer laws".  They think there is no obvious benefit to spending the money, its just a cost. 

Those who won PWB, please share your thoughts as you take the course. I plan to do this sometime Nov-Jan perhaps, and your input would be invaluable to relative newbies like me.

Another awesome prize. I'm new, but I'll post if I can contribute something worthwhile.

I've looked at the free MIT videos, and Python The Hardway. I found the hardway stuff to be more helpful.

If the computer the POP email is being stored on is vulnerable, then the email can be comprised. Doesn't make POP email clients "bad".

If you  are using webmail, and your traffic can be sniffed and passwords stolen, also doesn't make webmail "bad".

Put it in a larger context and discuss pros / cons. No clear answer but can be an interesting chapter in your book.

I'm 40 and I could learn a lot there, I think.

So you have responsibility for AP's you have no control over? What is your role there?

Trying to tackle this from "boot people off with deauth tools" seems like too much hassle.