@rvs and all others without a budget:

Ironically, because 504 was vLive, I was more able to sell the class to my management. The class itself was more expensive than most, but there is no travel involved which saved my company a plane ticket, hotel expenses, rental car expenses, and a per diem. To top it all off, the class meets after hours since I'm Central time, so they don't even lose productivity from me for the week I would normally be out of the office. Most rational employers would have a hard time arguing with you that its not a great deal provided the training is applicable to your job.

Another way I sold the class is that just about the time I was lobbying for the class was the time a lot of news agencies ran a story about Russian mobs spear-phishing SMB's for financial transactions. Since we are a SMB, I posed the question how/who would respond to the incident if we were involved in such an attack. My training was approved the very next day.

Good luck!

I took 504 vLive with Ed Skoudis and John Strand, and it was great! I think I prefer the vLive format to the live classes.

1) You get your books a week in advance, so you can read ahead.
2) You have a few days between class meetings so you can digest and dig further between classes.
3) Classes only last 3-4 hours per session, so you don't get information overload.

***crossing my fingers for SEC542 - cause I could really use it***

When I took the 504 class with Ed and John, they stated that this class would replace the current Metasploit for Pentesters class. It was described as a total rewrite of the curriculum. Also, it was noted that it would be a 2 day course...

@sachitre:
You can bring anything you want that is printed/written on paper provided it collectively fits in a backpack.

@H1tM0nk3y:
CHR is a must have!!!! I will admit that I have not read it cover to cover, but the parts I have read only add to SEC504 and I would imagine SEC560! Its a wonderful book!

I would also add that if you have just graduated, your best bet is to get some experience first. You can always go and get an entry type cert like Security+, but pretty much all other certs will be easier and more useful if you have some experience under your belt first.

Good luck!

I'm not sure there's a whole lot you can do about wardriving other than disabling your AP/wireless router.

As far as detecting piggybacking, you should be able to detect this pretty easily by monitoring DHCP leases.

Congratulations!!!

You started off with what sounds to be probably one of the hardest certifications out there...

Here's another tip.

The C|EH is multiple choice, so you don't necessarily have to be able to go both ways to pass the test. (I understand that this doesn't help you learn for the sake of learning) But, the easiest (for me at least) solution is to work from the IP address to hex to binary to decimal. So no matter which way they ask the question, since I have all the possible answers, I can get to the correct answer fairly quickly by a process of elimination if they ask me to go from decimal to IP.

HTH

I don't know if it is applicable to the private sector, but when I was  in the National Guard, the only people that had to be HIPAA certified were the one handling HIPAA protected information. We basically had only senior enlisted and officers go through the training.

Converting hex to decimal is fairly simple multiplication. In the previous example CB represents 203. Here's how you get that:

Dec     Hex
0          0
1          1
2         2
3         3
4         4
5         5
...
A        10
B        11
C       12
D       13
E       14
F       15

Hex is base 16, which means that each digit is a multiple of 16 rather than 10 (decimal). In other words, 203 is equal to (2*10*10) + (0*10) + (3*1). In Hex you say (C*16) + (B*1). C represents 12 so C*16 is 12*16 which equals 192. B represents 11, so 192+11=203.

HTH

My opinion of certs is much like yours. I don't necessarily believe they prove anything other than you are good at taking tests. Even performance based certs are this way to an extent. I know plenty of people that are much smarter than me that don't have a single cert.

Now, as to why I got into security...I took a class in security during my studies, and I was hooked. I've always been very inquisitive, and so security appealed to me on the level that in order to really secure something, you have to understand exactly what is going on. Beyond just that, you must know not only what a widget is SUPPOSED to do, but also what it CAN do. This is a powerful motivator for me. As the OP stated, I'm like a "kid in a candy store" when I find some new or novel way of doing something.

http://www.foxnews.com/scitech/2010/06/15/pentagon-cyber-command-cyber-war/

Foxnews is not my normal source of IT related news, but this was an interesting article nonetheless. It reminded me of a session I sat in on of Ed Skoudis' titled "The Bad Guys Are Winning, So Now What?!" in Orlando last year at SANS 2009.

I'm curious to see on what side of the aisle everyone sits here. Should the gov't/military be involved in defense of private networks?

In my opinion, yes. However, there should be an opt-in. It shouldn't be something forced upon enterprises.

Network+ is pretty basic. Security+ is fairly basic, but a little less basic than the Network+ certification. If you get the Sybex study guides for both of these, more or less that is all you will need to pass the exams. My advice is read through them. If you know pretty much everything contained within already, you could take some practice tests and be ready to take the exam. If you aren't mostly comfortable with the material, study a little more in depth in your weak areas with Google.

Personally, I was glad that I did my Network+ and Security+ first, because it gave me the confidence to go tackle harder certs.

Good luck!!!

I know NOTHING about Nova Southeastern Univ. I only recommended it because the only schools you mentioned in your initial post were online schools, and to my knowledge, NSU is the only one of the NSA Centers of Academic Excellence that offers purely online degrees.

http://www.nsa.gov/ia/academic_outreach/nat_cae/index.shtml

Check out the schools on this list. I cannot speak to the quality of all of these schools, but they are certified against a list of criteria that the NSA has specified. If you are looking for online programs, checkout Nova Southeastern in Florida. I graduated with my Masters from Mississippi State University, and while I did not receive a degree specifically in the NSA program, I took most of my electives from classes in the program (I was two classes from receiving my Graduate Certificate in Information Assurance in addition to the degree I received in Information Systems).

In my opinion, though, be weary of online gripes. One size does not fit all when it comes to degrees...

Good luck!