Wow...this was borderline interesting as a viewpoint. Unfortunately, I was blinded by the third grade writing quality.

"Hard to believe that I ever thought I would be sitting here wondering about the state of security as a viable career path."
I'm sorry....what? Did he mean never??

"So what to about this show?"
Ok...wait... no...wait....huh? Some other guy and I need to edit 3,889,334 other blogs. We don't have time for this.

Anyway, SaaS is good for some people. I think SMBs would benefit most, as a result of lower overhead from SaaS options. Once you get to a larger enterprise, where there are constant changes to infrastructure and this requires constant tuning and auditing of it. A cost benefit analysis would probably lend more towards on site personnel constantly monitoring this evolving monster. There's also a certain trust value that some business still hold on their proprietary info and the lack of trust they have with any third party, no matter how well recognized.

TJX puts a lot into their network security now. Obviously after the enormous black eye (bloody lip, broken nose, and knocked out teeth) they got; security has been something they no longer see as an extra if they can, but as a critical necessity. This requires constant attention and this attention needs to be well demonstrated and conveyed to management. SaaS doesn't provide the face to face "What the hell happened?" or "Why are we spending this again?" that many corporate Lulus need.

Anyway...I'm tired so that's as much as i can output for now.

Again....man that was written like crap. I just find it hard to take anything like that seriously. No matter how good of a point someone (not necessarily this guy) makes, if you can't come off intelligently, then it is very difficult to take it seriously.

Interested to see what the rest of you think.

Just checkin. 

Isn't Gerard Butler (Leonidas in 300) the new "gamer" stereotype? Oh, wait...pimply kid eating hot pockets in a basement ran him like a puppet...nevermind. 

This was pretty interesting. I was wondering about the CAP. Does anyone around here have any experience/knowledge to share about it?

I am confused, were you agreeing with me? You restated exactly what I was saying.

The Kensington lock is a deterrent, like the 4 foot fence around the building. It'll stop some jackass from just walking away with it; but it won't stop someone determined to get it. If they're really determined.....they'll just take it from you with force and go. The Kensington lock is better than nothing at all.

I thought I would add one more thing that seems to be very often overlooked.

Wikipedia.

 I found it an invaluable resource while studying. I also used a CBT and CCCURE.org. After the CBT I took practice tests on CCCURE and anything I was still weak on, I used Wikipedia to get a better grasp of.

Maybe I'm just a cheap bastard, but why spend money for information that's freely available with a little extra effort? As well as being more in-depth than CISSP study materials. Just 'cause the test is "an inch deep"...doesn't mean you can't (or shouldn't) go further.

Ha....yeah...I have seen the "tastes great, less filling" post.  I watched some interesting videos by Google on the topic of IPv6 and the changeover. I will try to post the link for anyone that is interested...if anyone is.

http://www.youtube.com/watch?v=mZo69JQoLb8


There is one, but there are many more if you just search Google and IPv6 (or just IPv6).

Does anyone know of any tools that are already able to take advantage of IPv6?

Hello everyone, this is my first post and hopefully people will be able to excuse what may be a slightly vague question. With IPv6 coming out in the not TERRIBLY distant future....well....being more widely used I suppose is what I really mean. How is that going to change the current security work? What I am trying to get to is...will all tools have to be redone with support? Are there tools that already have updated to support IPv6? Will people who just learned TCP/IP need to go back to the drawing board and learn v6 now or will it be like updating your MCSE from 2000 to 2003, and you just need to recap on the new stuff? How does 6 differ from 4 as far as the OSI model, in the sense of pen testing? Unless you have the 4 stuffed inside the 6, then 4 and 6 arent gonna play nice, right? Well...this has become more vague, incoherent and out of the scope of "Ethical Hacking" and more into "Networking" so I will quit. First post....cut me a little slack.