Sure that could get you somewhere!  Particularly if you are motivated.  I was in a similar position as you.  I was actually in my third year of a bio-chem degree when I switched to computer science and engineering.  I though tI wanted to be in health care...but all of my electives were in CS.  Computers were a mojor hobby.  then a professor said "you know you can make money doing this".  for some reason it never clicked, you can make money doing something you enjoy!

Anyway, long story short, I would add a couple electives in development and programming.  this way you get to see that world too.  it looks like it is primarily networking.  The biggest advice I could give is, be curious...then be curious about being curious...then learn and learn.  Just latch on to what ever amuses you and be creative.  the beuty of this field is (for now at least) is that you dont really have to have a specific major to do a specific job.  Get the degree and get as smart as you can on what you enjoy.  Before you know it the good life will come.  I have this idea that if you get paid for something you would do for free or a hobby, you are rich.

Your right on the qualifications to be a QSA.  But the pen test requirement can be done by anyone.  That is were people that decided to try BackTrack are going to jump in the business.

any way you look at it, if you are good at what you do, this is a good thing.

I agree with Jason.  I work with several PCI needy companies that try to skirt the issues.  Some of them dont know that they need the pen testing until we show them in writing.  Then there is the argument that they do the vulnerability scan and "what is the difference".  It is a battle, but when it boils down to it, I get paid to break stuff (pentest) and find stuff (forensics).  I cannot complain about the hardships:)

Role, I bet it does bring out some "posers".  But that is OK.  I think that will just bring awareness and help set standards.  Hopefully...it is x-mas and I am trying my hardest to look at the bright side!

this is really interesting.  And I can understand the need.  But there is no way that a simple tool would work on a majority of the cases we work.  I like the idea, but it seems a little over simplistic.  A breathilyzer is very specific and has concrete rules.  I think it would be more like being at a crime scene and having tools to detect blood, seman, hari or other things and determine the dna.  From what I have dealt with over the last couple years, there arent a whole bunch of absolutes. 

Anyways, I am sure there is some logic that could flag things appropriately, but I doubt it would be 100% (or even 60%).  I think it would have to be on limited cases...like "is there CP on this machine".  Not fraud.

good idea, but seems over simplified.   

This can go on forever.  But I think the reality is to do what makes you happy when you wake up in the morning.  Most people in this business are not in it for the pay only.  I bet 99% of the people on this board are naturally curios people and like the “gee wiz” aspect of what they do.  Some like creating things.  Some like making things talk to each other.  The over all picture is do what gets you excited.  Even if that changes as you progress…just keep following your interest because you will get really good at it and become that “go to guy”. 

As far as your degree path – I am not sure it really matters what the degree title is.  I could be wrong, but I’ve never seen it be an issue.  As long as you get the classes you enjoy and are applicable to your path.  I have several degrees.  And after my first job, I don’t think they come up much.  I have an MBA, CS and engineering undergrad and a couple others.  I don’t think it would ever come up that my emphasis on engineering would come up.

I think the bottom line is find what you do well and what you enjoy and try to be the best at it.  The money and career will follow. 

that is so funny.  that was my first thought. "so how do we find that text and exploit it?"

I agree with the editor.  Along with some additions.  Usually a company will not allow a personal computer on the network.  and when you do you would lose all  (or most) privacy.  this is normally a huge security risk for the the company.  Even if you are vlan'ed to a seperate segment it is a threat.  What if you are not going through a web filter and accidentally  (or on purpose) go to a porn site.  The company can get in trouble if someone walks by and complains.  and you could be fired.  There are so many issues technically and policy based that lend to the IT needing a certain amount of control. 

so yes it can be monitored if they want.
Cant really control your laptops remotley.  But if they are monitoring they can shut down your acecss if a problem arises.

I agree with that first part.  I guess there should have been a disclaimer.  If you are providing valid data, you are a good guy regardless of who you represent.  If you are picking apart another forensic expert you can be frowned on.  But really I think it all has to do with the situation.  If you argue on the defense about a specific practice that the other party used to prove a child porn case...punch yourself (unless it is absolutley legit and not a goofy technicality in a growing and erratic feild).  But if you work for the defense and show that it was indeed from a virus or different user...that is a different case.

I havent found this to be so.  There may be personal issues out there were someone has a problem with you working for the defense.  But Industry wide I havent run into anythin gremotley close to this.

A big part to remember is forensics is forensics.  Just like testing DNA...it is or isnt.  If you gain a reputation for being professional and honest, you should have no problems.  Plus, everyone knows that the defense is not always guilty.  Now if you turn into a scum bag that gets a CP person off under false pretense or technicality...you should probably punch yourself in the face.  but that is just a personal view:)

this is actually pretty damn funny. 

I am a former AF info warefare guy, and I have to agree.  it is probably more political than anything.  Someone wants to lift thier leg and mark their territory and work on that next peice of brass.

I am also in Nashville.  Forensics here is a small world...just like everything else in Nashville...you know how the good ole boy network is.  Being a former cop I cant imagine that it would be hard to get good consulting work with Metro, TBI or the state.  From what I understand their forensic program is really under staffed. 

Cheers!
Shane   

What part of TN?  I also live in TN.  Ther eis a good forensic program in north GA:
http://www.kennesaw.edu/coned/sci/index.htm
If you have expereince, you can take some of there classes and get pretty ramped up. 

Are you looking for a degree or certifications?  If you already have a degree (regardless of what it is in, I would go the cert route first.  then top it off in acedemia.  Just my two cents.

I think the biggest thing is to simply be curious.  If you are not curious this is not the field for you.  First be a generalist...then find something you really enjoy and dig...and dig...and dig.

I am completley shocked by this.  This makes no sense at so many levels.  Unless there is a VERY clearly defined principal of what is an investigation and what is not an ivestigation, it cant really hold up in court.  Most of it has to do with who asks you to perform the duty. 

Can this leak into corporate life? 

this is just crazy.