Is ChicagoCon Dead? 

Here's a link to Ed's template: www.counterhack.net/permission_memo.html.

Just my thoughts take them for what they are worth. . .

To level-set my goal is knowlege and not a cert.

My introduction to "Ethical Hacking" was through CEH v5 and thought it was a great class.  The instructor added his own "real world" content and the last 1/2 day he put together a capture the flag.  He focused on the best tools for the goal and skipped the others.  It was great. 

On the other hand, I decided to take the v6 version of the class.  The proctor (he didn't instruct) read the slides and, since it was his first attempt at v6 failed at the timing, didn't cover the necessary material.  There was no capture the flag so I'm not sure how I could say that I could do more than download and install the 50 + tools covered.

Based on the discrepancies with my two experience, I'm not sure whether the first instructor saw the shortfalls of the class and decided to make it something more that it was intended to be or the v6 instructor was just bad (or a combination of both).

With that being said, I then got introduced to the SANS courses through this site.  I was never a big fan of SANS for multiple reasons but based on what I was reading I thought I would give it a try.  I first took 504 and am currently in 560.  Not even considering the difference in the quality of instructors (don mentioned this earlier) the quality of the classes definately outweigh the ~x2 the price.  The courseware is actually usable; not only throughout the class but as a resource when you go home.  In these classes there is also a capture the flag, at the end, that isn't trivial.  Though these are team events, you will be able to guage your abilities when you walk away.  Based on my experience, these classes are definately newer but, hands down, more mature compared to ec-Council.

Though I haven't experienced it, SANS at home is said to be pretty good for those that don't have direct access to a SANS event. 

Again, just my 2 cents. . .   


Crosby

I definitely agree with the emphasis on the instructor, though it's probably out of your control.  I sat through the v5 class and had a great experience.  I recently attended the v6 class with a different instructor and my experience was horrible.  The first instructor kept the class engaged and added personal experience stories and thoughts as well as "capture the flag games".  The second instructor read the slides with "little play time".  Either way if your just getting into the security space it's your own fault if you don't learn alot (with or without the certification).

I guess as far as Certs go, if your goal is Information Security then I would consider GSEC or Security+ to get a foundation.  From there, you need to figure out the size of org that you want to move into.  For instance, if your goal is to join a small to mid-size company than you'll need to work to increase the breadth of your knowledge.  In large companies roles are specialized so I would consider looking at getting really knowledgeable about a single focused area (this would get you in the door and then you can move around from there).  MIS, SANS, or you’re local training center can usually provide specialized training for UNIX, Windows, or Network security.  Either way, once you get some experience than the mgmt doors should start to open.

If you're looking for resume fodder the CISSP/CISM will do that but neither will prepare you to provide strategic leadership to an IT shop.  Unless you fall into something (luck), Certs aren't going to compare to years of experience.

I used the book "Certified Ethical Hacker" by Michael Gregg and it provided more then enough info to pass the exam.  It also serves as a great resource since the eccouncil books don't have an index (at least the old ones didn't).