1. Are you on-board with what we may have to do?

I trust you to make whatever changes are necessary.  It's not like other sites don't change.

2. How extensively do you use PMs through our forums?

Not very.  I probably haven't sent a PM in six months.

3. who's interested in Blogging for EH-Net?

Maybe.  I've been blogging on my own site for a while.  I just can't say if I'd want to move things over or not. 

4. Who's willing to help test?

I'd be happy to provide feedback, but I work full-time and am in school so I couldn't devote any serious time to testing.

5. Who's willing to possibily help moderate the forums?

I'd be really happy if I could just delete spam when I see it.

6. Anyone willing to lend a hand who has expertise in PHP, MySQL, design?

Not my area

7. Shold we implement OpenID, login with Twitter?

I'd be willing to log in with Twitter.  Would there be any way to associate with our current usernames or would we lose those?

Degrees and certs are both used as screening tools.  If you don't have what they're asking for, your resume may get tossed.  In general, I think degrees are more valuable, but there are cases where a cert will win out; for instance, a CCIE is probably more valuable to a network engineer than a degree.  The ideal move, however, is to get a degree and some certs.

In your case, you already have a B.S. in engineering.  This should be enough to get you past a resume screen.  Lots of people work in IT/security with degrees in unrelated or semi-related fields.  Most employers are using degrees as a marker of intelligence/work ethic without worrying about the particulars of what you learned in the degree.  A CS/IT degree with a focus in security would add a little, but you're not losing out by having what you have.

I'd recommend getting some certs now and worrying about the M.S. later.  The CCNA is very useful and will show that you have a good foundation in networking.  The CEH is an HR favorite but my impression is that most actual penetration testers don't think very highly of it; it's often required or preferred for pen testing positions, but you'll probably learn more doing something hands-on like the OSCP or eCPPT.  The various SANS certifications are pretty well regarded, but they're expensive.

Once you have more experience in pen testing and a few certs under your belt, a master's degree will make more sense.  Master's degrees are often preferred for senior technical or management positions.  Having a master's degree for an entry level role probably won't help a lot and may hurt you.  Some employers will assume that you're just using them to get your feet wet and will move on within a year or two--employers like to expect loyalty, but most won't show you any in return.  

Are you going to do your master's online or would you go back to school full-time?  If you're going to go to school full-time, it may be less disruptive to just get the master's now and ignore my previous advice.  If you do, be ready to convince your future employers that you're willing to put in some time and not jump ship right away.  You may find an employer who is happy to see that you have a master's (Google prefers them) in which case you just win outright and don't have to explain anything.

Good luck.

An exploits has two parts: there is a dropper/delivery program that can be written in C, Python, etc.  That is not complicated to write.  The real trick is finding the vulnerability, figuring out how to exploit it and developing the shell code.  You won't be able to do much without learning some assembly.  Without it, you can't customize shell code, debug using gdb/IDA/Olly, or use any non-trivial exploitation technique (e.g. return-into-libc). 

If you're still interested in Python, I recommend "Practical Programming: An Introduction to Computer Science Using Python".

http://www.amazon.com/dp/B00A32NYK8/ref=rdr_kindle_ext_tmb

You may also want to check out Zed Shaw's "Python the Hard Way"; just Google for it.  He runs the site Programming Motherfucker.  It has a lot of good resources:

http://programming-motherfucker.com/become.html

I think the point of the challenge is to do it manually.  The easiest way I can think of off-hand is to use a logical AND to test if each bit is set. 

Define "not overly big on math".  If you decide to major in CS, you will probably need to take 2-3 semesters of calculus and possibly 1-2 other math courses such as statistics, discrete math and/or linear algebra.  If you struggle in math courses or haven't taken anything beyond introductory algebra, you should probably look to major in something else.

Either a CS or IT degree can help you to develop some of the skills you need, but neither will directly prepare you to be a penetration tester.  CS is very heavy on theory (algorithms, computation, languages) and will also cover OS internals, organization and architecture.  Most of this is not directly applicable but this knowledge will provide you with the background that you need to go wherever you want.  You won't have trouble learning a new scripting language, developing shellcode or building tools. 

An IT degree is more practical and may even include a course on penetration testing (mine did), but it's not as technical as a CS degree and won't give you the same ability to dive deep into technical problems.  My IT degree program (at Capella) was pretty heavy on policy, procedure, standards, frameworks, etc.  It introduced many technical areas (e.g. forensics, penetration testing, application security) but the coverage was only survey-level and not sufficient to make one employable in any of those areas.

If you can handle the math, I recommend getting a CS degree, possibly with a minor in Business Administration.  Study security and penetration testing on your own while you complete school.  If you can work part-time in any area of IT while you complete school, even at a help desk, do so.  If you don't want to do the math, do the IT degree. 

I decided to do the IT degree because I'm already in management and hope to move further up the ranks.  I was already pretty technical and wanted to learn more about policy, procedure, etc.  I also hate math classes (but love math).

Good luck.

Congrats guys.

I think the bar to get started is a little lower than superkojiman puts it.  You need to understand basic networking and system administration.  You don't have to be an expert in either of those to start learning security, but you should understand how computers talk to each other and be able to setup a small network.  You should also understand the difference between regular users and administrators and be able to do basic configuration and setup for a workstation or server.  You will eventually want to learn Windows and Linux, but you could focus on one to start and then branch out when you're comfortable.

In general, programming is not a prerequisite to start learning about hacking or security, but it's helpful.  For getting into certain areas (e.g. web application security, exploit writing), it's very necessary.  Good languages to know include Unix shell scripts (e.g. bash), C and Perl or Python.  If you're focused on Windows, you may want to learn Powershell or a .NET language.  For web app security, you'll want to learn some HTML and Javascript and may also want to learn to develop web apps (in any language).

Please note that I'm addressing what you need to get started.  If you want to be really good, you will eventually have to develop quite a bit of expertise in system administration, networking and/or programming.  You can learn some of this side by side while you learn about security.

If you're just starting out and don't know a lot about computers yet, you probably should put security aside for a while until you're more competent with the rest. 

I don't know where to tell you to start for just learning more about computers.  Maybe an A+ study guide?  Does anyone else on the list have suggestions for that?

Are you in college?  Does your school have an IT, CS or MIS program?  Are you in it?

It's based on participation.  If you're active on the forum, you have a chance to win.  Just starting or responding to a couple of threads won't do it.

Be active and stay active.  You may not win the first month out, but if you keep at it you've got a pretty good shot.

Hakin9 is a joke.  They spam people to get them to write articles and they don't even have technical reviewers.  Occasionally they get good articles, but many of them are really bad.  You can generally find better stuff online.

Some pros recently submitted an article about NMAP that was complete gibberish (on purpose).  The acronym for the title was DICKS and nobody noticed.

http://seclists.org/nmap-dev/2012/q3/1050

I wouldn't waste a dollar on it.

Congrats.  Time to update your profile and change it from a WIP.

It wasn't that bad.  I thought the test was harder than the practice exams I'd taken, but it was less technical.  The difficulty was from poorly written questions (odd word choice, grammatical errors) and questions that are meant to distract you with extra information that isn't relevant.  There were also a few questions that had two answers that were equally correct.

It took me about 1:50 to finish.

I attended the iSWAT training a few weeks ago and took the CISSP course.  This morning, I took the exam and passed. 

I don't have an endorser so it may be a couple of months before I'm an actual CISSP, but I'm very happy to have the exam behind me.

Don: Thanks again.

I'm not sure if I'll pursue any new certs in 2013.  I'm trying for the CISSP in another week.  For 2013, I need to decide whether to start grad school or focus on getting a new job.  I'd also like to write a book which I can't do if I start grad school (no time).

Assuming I get a new gig, I may look at the CISA or CISM late in the year.

If you're going to do a bachelor's get it in IT/CS unless you feel compelled to do something else.  Some employers are picky enough to want a directly applicable degree.  Do you have any college credits now?  If not, look for a community college where you can pick up your lower division requirements cheaply.  Don't pay an expensive private school thousands of dollars to take English 101 unless money isn't an issue for you.

At the MS level, you could go technical (IT/CS again) or get an MBA depending on what you want to do.  If you're looking for a CISO or CIO spot eventually, get the MBA.  If you want to stay technical or maybe do some lower-level management, get the technical MS.

Should you get a degree at all?  I don't know.

I'm was in a similar spot and I decided to go back to school two years ago.  I'm finishing my BS in IT in two months.  I'm also 31 and have worked in IT since I was 17. 

There are a lot of ways to stay in the field and make good money without a degree, but it's a much harder road.  I work in higher ed and have some interest in staying in that area or possibly working for the federal government so the degree is a hard requirement for me.  Colleges and public employers usually have rigid hiring requirements so you'll get rejected for a lot of those jobs without the hiring committee ever seeing your application.  Some companies are more flexible, especially if they are small, but many aren't. 

On the downside, a degree may mean taking on a lot of debt if you don't have a tuition reimbursement plan available to you.  I'm paying my own way and I'm going to have debt so I need to move into a higher paying job in the near future or my family is going to have to tighten our belts.  In this economy, that's not a fun spot to be in.