sil - thanks for reposting this, I had been looking for it and I knew it was from you, but couldn't find the address!

Graduated from Drexel University....

Boy do I know this feeling and I actually think I am at a disadvantage for not having the computer science degree.  I changed my major 4 times in college, I entered as a business student, then economics, then international area studies, and finally Computing and Security Technology.  When I entered I loved working with computers and didn't want to lose my hobby, but ultimately I had no interest in anything else.  I took a ton of security courses for various areas of security, but I have always felt a coding base would have been better.  I find a lot of Masters programs for information assurance are in the Computer Science department and require a mastery of one computer language or another.  I have considered going back and get a BA/BS in Computer Science.  We shall see....

Question into the exploit creation, how to you go about doing further testing?  Say I find what I believe is a bug and write the exploit for it.  I can test it on a virtual machine locally, but is that enough of a test?  Obviously, wherever you submit it will test it throughly, but is it possible to test it throughly yourself as well?  In an ethical manner, as it were...

I will do the review.  I had a fear that the material might be over my head, but having read the first chapter on Amazon, I think I will be ok.  Hopefully, have the review ready by the end of the month?

Great information, thanks everyone!  I have a plan of attack, with a set of goals I'd like to accomplish prior to going after OCSP.

1.  Finish my CCNA (ICND2 is the test I need to complete)
2.  Complete Linux+ (I know a fair amount of linux stuff, but Linux+ with LPIC should get me where I need to be)
3.  Continuing working on Python and start BASH scripting
4.  Complete MCITP:SA (I work with Windows servers and would like to do Windows Security, so figure this should be completed).
5.  Maybe complete MCITP:Virtualization (I work with Hyper-V a lot as well)
6.  Purchased eCPPT awhile ago, so I will complete that

On top of that, I have a reading list I plan on completing in that time:

Wireshark Network Analysis
NMAP Network Scanning
Human Hacking
Backtrack 4
Grayhat Hacking 3rd Edition
Thor's Microsoft Security Bible (haven't purchased yet)
Shell Coder's Handbook (haven't purchased yet)
Metasploint Unleashed (haven't purchase yet)

I figure I am looking about a year and a half, maybe two years to get where I would like to be before OCSP.  Then I go through in some C/C++ and ASM to rock CTP.  Thanks again!

Don:

     Thanks for this, will definitely buy it as soon as it comes out.  Thanks again for all the help everyone!

I am finishing my CCNA (CCENT is about to expire) and I believe it is definitely work getting.  There was a post on here once explaining how to begin ethical hacking and networking is fairly important.  No use in being able to own a box if you can't get through the network right?

Thanks I will check out Dive into Python.  My ultimate goal is to do all of the above and ultimately look into exploit development.  I realize Python probably won't be the end all be all for exploit development, but for now being able to automate tasks and write programs would be awesome!  Thanks again!

So based off of the reccomendations on the forum (thanks everyone!) I picked up this book.  It has been awesome so far and I have been breezing through it.  What python book should I look to after this one?  I realize I will be no where near being a pro and looking for some suggestions....

Any plans for a review of this book?  I work in a Microsoft shop and on my list to checkout....

http://www.amazon.com/Thors-Microsoft-Security-Bible-Collection/dp/1597495727/ref=ntt_at_ep_dpt_3

I feel your pain on this subject, haven't gotten any bytes on my resume either.  I love those letters from head hunters (3 years of experience in support) saying I look like a good fit for a programming job that requires at least 5 years of experience.

Sil is 100% on the money about cyber attacks not being affective.  It is almost impossible to 100% confirm where an attack came from.  Also, with everything being so interconnected, an attack could do damage to an unintentional target.

Do you have to buy the 2 months or can you just do the month to month?

I got a response and I also found the information in a FAQ.  Basically, you can contact support and for $100 you will be given a 30 day extension to take the exam.