Haha, you are not a real man until you build your own Linux from Scratch!

hell_razor: I completely agree about being familiar with Redhat/CentOS/Debian, that is pretty much all you will find, and knowing the ends and outs is going to help you the most.

Now can someone find a great pic that shows a distro war?

I agree if the user is a new linux user, but the reply was more at Pookie.  He said he had been using Ubuntu for over 2 years, but feels like he still doesn't know linux that well because of the GUI. Walking through the Gentoo install guide is not daunting at all, it walks you through the entire process telling you every command to type. If you find that overwhelming then I think the Linux+ might not be for you.

In my opinion if you are going to really learn linux you don't go with Ubuntu or some other drop in install.  Go grab the min install cd of Gentoo and work your way through the install guide.  Not only will it help you setup a base system, but Gentoo has an amazing amount of HOWTOs and a great community for trouble shooting issues.

I have noticed several of their typos and mistakes, but they seem to be getting better.  I think it probably has  to do with who made things. They have several offices across the world, I am assuming that some stuff was able to sneak through unnoticed because of it.

I have currently taken the CEH and ECSA and plan on doing their LPT program.  The reason I am doing their program is because I work for myself and the certs set me aside from other people. When dealing with upper level management they MIGHT have been given a list of what to work for, but sometimes not. So just having the Licensed Pen Tester makes them wonder, 'why are these other guys not licensed?'

In my opinion a certification is really what you make out of it.  I could honestly go get one of my friends that knows little about computers, shove them in front of some dump, and have them memorize for a day and go pass the test. That is the bad side that we all don't talk about much, but we know it happens.  I think the EC-Council program has about the right price point, and phrasing in their tests, to keep just anyone going out to get certs with out some experience.

BillV:  Thanks for all the info you share here on the board.  At this point we are playing the game of will the background check beat the ECSA certificate in the mail.  I am currently placing the spread on EC-C, but we shall see who wins sooner hopefully than later. 

SephStorm: yep, in the states it has to come from the FBI and that requires a full fingerprint card to be sent in. 

Here is the actual application (7.4m PDF)
http://www.eccouncil.org/Portals/0/Documents/LPT-Application.pdf

I will add my congrats, and look forward to hearing what the OSCP is like!

Please correct me if I am wrong here BillV, but when the new test (CEH at least) comes out it will have some overlap?  So say you studied or took the course for v6 you could still take the v6 test through the rest of the year or for 6months, something like that.

I well let you know as soon as I apply to the LPT program, I am basically waiting for the FBI check to come back, and the ECSA cert to come in the mail.  I do have a question on the LPT application though.  The reference letter part is kind of confusing.  Am I supposed to fill that out and send it in so they can send it to the reference, or have the refer send it to EC-C, or actually take it to the refer and get the response and send it all in together?  It seems like the last option, but you would get manipulated answers I would think if you were getting the letter and form from the person yourself.  I figured I would just call and ask when it came closer to time.

BillV: Thanks, yeah i think it might have been one of your original posts that referenced the extension of CEH that made me decide to just self study. I would honestly like to see them revamp this test a lot if they are going to keep it.  I can understand why it could be useful, it just needs to be tuned.

j0rDy: Yeah 50 questions, I think they give you two hours to take it, more than you would ever need. If you have the CEH you know how the wording is on the test questions, it follows the same format.  Which honestly probably is why I missed a couple, i have a tendency to skip the paragraph and jump straight down to the question.  So if you do that you can finish the test pretty quickly, hah, you might just miss a few if you are not careful though.

Thanks guys, it sounds like it is worth getting then.  Let me ask you this, how many diagrams are there in it?  I know it sounds weird, but would rather just grab it on my kindle, but all the diagrams can be a pain when trying to reference anything.

Honestly I would say not to worry much about the CPE credits.  If you can make a conference once a year, and you are really into security then the credits are everywhere.  Just take an interest in a local security group or two and you can get them very quickly.

One thing to use caution with on the tests is that you can be the best hacker in the world and miserably fail the test. It basically comes down to what the testing group decides what it is important and the wording of the question is.

Good luck in what you decide, honestly one thing you can try is looking at some jobs you really like, and seeing what the requirements are to get the job.

I was just replying to your comment on my ECSA thread and thought of some other stuff that applies more with this thread.  I feel like a lot of the certs are just to qualify to HR to get an interview, especially the CISSP, but it can all be rote knowledge. I think we can all say we have learned while prepping for tests, but we have also crammed a bunch of things in there and dumped them as soon as the test was over.  That is where I feel the OSCP takes the next step by making you demonstrate what you have learned.

Also slightly off target is the CCIE, that has always been one of my goals also. One thing that made me rethink that a bit is the Wilhelm book Professional Penetration Testing, he says that he has never came across a CCIE on a pen testing team. Really pen testing is my love, so made me wonder why that was.  Out of the pay grade i guess. 

Anyways, interested to hear other views on all this from the guys here. . .

Ha, knwminus: I was just about to reply to your other thread asking about the CCNA Security. The CCNA really doesn't scare me at all, I have all the networking basics down, and torn apart and rebuilt my Cisco lab enough times to feel pretty good about working with the routers and configuring ACLs, but good to know that the CCNA Security doesn't seem to be too daunting. I am thinking that needs to be one of my next goals as soon as i knock out the CISSP.

Does anyone happen to have the CISSP All-in-One by Shon Harris that they would like to sell or exchange?  I really wanted to run through the book before the test, but not sure if it is worth the $40 to use as a review.

Thanks

Well the problem with this one is I did not have the course material like i did for the CEH.  But somewhere i read someone had a forum post pretty much saying if you know the output and switches for the tools in the CEH then you have half of this test covered. So I started there, then went through the ECSA pages on the ECC site and took notes and made sure I had generally that area covered.  Then I found an old practice test that EC-C made and looked over that.  Really that was about it, I honestly try to read and study as much as i can about pen testing, and working on my CISSP as a self study.  So between the CEH and Sec+ you should be able to review notes and take this test without too many problems.