I can help you there.

I may even have an available position very soon. Shoot me a PM.

In the meantime check out:

http://hackucf.org/blog/ (they welcome non-students and are VERY active and friendly)

https://www.owasp.org/index.php/Orlando (I run the chapter)

http://dc407.com/ (I am fairly active, but this group is floundering a bit due to most of us getting jobs and being busy. it's mostly just a monthly hangout but we are looking for new blood to breathe life into the group)

We recently held http://bsidesorlando.org/ (I'm the primary organizer but have some good friends helping out as well)

Also I believe http://407.binrevmeetings.com/ still meets (407 group for http://www.binrev.com/forums/) but am unsure how active they still are.

And of course the standard ISSA/ISACA/Infragard blah blah.

Wow. This is gold. or platinum. Great stuff. Thanks for sharing guys, I'd heard mention on twitter but not checked it it out til now and am glad I did. Anything web services is so rare to find. (Talking about Axis2, not the intro)

You may want to check out https://www.youtube.com/watch?v=XR6Sxe3wlDE and the  other videos on the Paterva channel. I believe this one goes through creating your own transforms and may be helpful. I have not used Rapleaf myself so YMMV. Work/Life is pretty crazy right now but when I get a sec I'll try it out and followup on this thread. May be a week or 2 though.

Have you looked at https://github.com/cmlh/Maltego-Rapleaf ?

Internal scans can be done by any "qualified" internal security person. PCI does not define what qualified means but I suspect the day will come when they start requiring internal folks to become ISA or PCIP. Your QSA determines whether this is being properly managed, not the council. Yes, much room for interpretation. Welcome to PCI.

External (internet facing) scans must be done by the ASV. The ASV MUST do the scanning but you will have access to the reports. The ASV will also handle documentation for exceptions. The ASV is responsible for the validity of that scan, and their license depends on its accuracy. The customer cannot manage that process but they can certainly work with their ASV for remediation consulting and providing documentation to support requested exceptions. What confuses people is you might have access to manage a hosted scanner in your ASV environment. It's not the same as the ASV console.

ASV certification IS awarded to qualified individuals but only if they work for an ASV company. See https://www.pcisecuritystandards.org/training/asv_training.php for more info

They are like Pokemon... Gotta Catch 'Em All! I have a problem, I really do. Is there a Certaholics Anonymous? (CA - Infosec Acronym Collision Alert!)

But seriously this is one of the friendliest, most helpful communities I've been a privilege of being part of and EH.net attracts real professionals, not the script kiddie havens that so many other forums boast. Sure we have some of those as well, but the guys I admire and respect in the industry show up here from time to time and I've learned so much from you guys. I'm proud to be a member of this community, and have even referenced it in job interviews where people in the know gained respect for me from that relationship as well. The free training doesn't hurt either

A decade or so ago I was a newsie and hardware reviewer for a prominent PC Mod forum called pimprig.com (I went by another name I won't mention here but if you really want to dox me have fun at archive.org because that site fell off the net years ago) famous for the awesome Caffeine Machine coffeemaker PC. I was also active in several other overclocking, gaming and sysadmin type forums. But I have to say hands down that this is the most awesome and open forum for learning I've found. That's saying a lot because I've been fortunate enough to find some really great communities on the web. I'm here for the long haul. I may go inactive for a couple weeks at a time as priorities realign but I always come back here.

For those of you new to EH.net and wondering if it's worth it to stick around, if you are looking for a career in the technical aspects of security, especially in security testing don't even second guess it. This is where you want to be. Don't overlook the other awesome communities like the PDC mailing lists, intern0t, OWASP and elsewhere but you will always be welcome here as long as you can be respectful and ethical in your quest for knowledge.

I'll probably do DefCon/BsidesLV, DerbyCon, and OWASP AppSec USA (NYC) this year as well.

That's awesome both of you! Such an accomplishment, and I'm really excited for you! Major congratulations are in order. If either of you will be at SANS Orlando or B-Sides Orlando in March/April look me up and I'll buy you a beer.

http://infiltratecon.com/training.html ?

There are tons of hints both on the twitter feeds as well as the questions that are asked in the game posting. Just dive in and it will start falling into place.

There IS an easier way. Only took me 2 tries. Use your tools to aid your eyes. What's disappointing is how I got one of the later flags. Not sure I did it the right way, felt like cheating but got the answer. ;P

Thanks Andrew it looks interesting. Just not sure how crazy I am about shooting all my vulnerabilities up to a cloud service. I'd welcome something like this internally though.

I touched on some of these issues in a recent blog post (mostly focused on vuln mgmt lifecycle and how current products don't really meet our needs) http://sentinel24.com/blog/vuln-mgmt-lie/

It's really a shame that the vuln scan vendors missed the boat here. If you purchase additional expensive tools like RedSeal you can start painting the picture of which vulns actually matter and follow attack paths, but you are looking at about a $50,000 entry point there. According to Ron Gula, Nessus + PVS + Security Center can do this as well but nobody helps with the integration with workorder systems in any meaningful way that is so critical to remediation workflows.

False positive reduction is hell in and of itself and is often a manual process. One thing that can help here is a documented change management process. If you know you patched XYZ on servers ABC and the report is telling you otherwise, chances are it's a false positive. one thing that really makes all this hard is backported change issues inherent in many Linux distros where the Apache issue has been fixed but it still reports as a vulnerable version. You may have better luck tracking positive change than trying to track reported vulns.

The other thing is understanding context of reported vulns. There have been instances where critical vulns did not concern me because they held no critical information, had no trust relationships to other systems and were fairly invisible to the public. Little impact here. Starting with an understanding of your assets, what matters, etc is hugely beneficial.

As ajohnson infers, rolling your own is often the only way to accomplish this. I've been debating creating my own tool for awhile now to work with common scanner products, workorder systems and other open source vulnerability and application repositories but the problem is what I've defined for my own needs is hugely intimidating to take it on as a project. I'd be happy to work with someone if they are feeling up to the task though.

More secure than what? a soggy napkin? If you want secure, run a stripped down gentoo or *BSD box with only the bare necessities, no compiler, services disabled, FDE, etc. BT5 not only runs as root (yes you can change but, I run a BT5 VM with a locked down user and su when I need root but it's still very insecure) but has so much cruft installed you will have an extremely hard time making it secure. That's not what it's designed for. Choose the right tools for the job. Hell I'm pretty sure my Windows 7 box the way I have it locked down is more secure than most BT5 installs.

NAT vs bridged doesnt matter for wireless, thats just the wired virtual network. For wifi sniffing in a VM you MUST use a USB adapter. Only other option is install baremetal OS, but chances are you are going to want a card compatible with your wifi tools and will probably end up buying a USB ALFA or TPLINK anyway.