chrisj - I never said he wouldn't have to read...  I simply gave some options to help get him moving.  He'll most DEFINITELY need to read. 

Oracle's VirtualBox is  free virtualization solution you can use, and there are plenty of sites where you can download trial versions of OS software (including MS's server code), to install and run in the VM's, for your learning.  Some even have images already built.

For router simulation and that sort of thing there are numerous PAID simulators, and there's also GNS3, which is free, but requires you to find and use valid Cisco IOS images (you're supposed to use your own, but there are a lot of them posted on the net, if you dig around a bit.)

If you're not into books, look into CBT's.  There are some free out there, and some paid, but sometimes, if you're like a lot of folks, SEEING the teacher / material in action is an easier way to follow it.

Good luck, and if you need help, let us all know.  I'm sure that pretty much any questions you have, at this level, will be answerable by one of us.

I know another buddy, who's planning to start his PWB course on Sunday the 21st.  Told him to watch here (don't think he's a member yet), and read up on the forums, as well as sharing his experiences from it.

The few I'd heard from, who benefited from the lab report, said they had shown, through their exam report, too, that they were VERY close to getting a final box, which would've passed them, so their report details kind of 'proved' that they had the proper knowledge and just weren't able to finish things off.

That said, though, I've never actually seen one of said reports, obviously, to be able to vouch for it, or to validate what I'd been told.

I swore I read' CCIE Sec lab'...  (NICE!)  Sounds like you enjoy being busy.  Congrats again, on your pass!

Congrats, and welcome out of 'lurker' status!

Congrats, and glad to hear SANS swapped out, for you!

Willing to help any way I can, don.

I might use PM on here, more than many, but it's nothing crucial.

Happy to help moderate.  I know I'm generally in, looking at posts, more than 'most', due to my availability, so happy to help where I can, there. 

Would consider blogging, as well, although I've never been one to keep the world up on my day-to-day thoughts / activities, and as security / penesting are only my side / part-time gig (always willing to change THAT), I might not have as much to share, in a blog.

I'm not much for writing website code (unless I'm looking to break it, it's been yeas since I developed websites / pages), so my skills won't be much help, there.

Testing, sure. Glad to help.  OpenID / Twitter logins, again, sure, although I generally don't use that feature.

Let me know if I can assist.

My statement was more or less to say that not ALL VPN's are equal.  Don't just assume that ANY VPN is of equal value.

Assuming the VPN solution is solid, the end result is an encrypted session, anyway, so unless someone compromises your actual host (your laptop), your data should be encrypted, via VPN, as it crosses the wireless.

Just that I've seen a few VPN solutions that I HAVE foind holes in, where I was able to pull off some wizardry, and hack / gather the end-users' data, unencrypted.  So the point of the last sentence was to make sure your VPN solution is solid, too.  Not ALL have holes.  But I prefer a VPN solution that uses a 'full client', when possible, versus one that is established solely across a browser session, when it's initiated.  When I said 'web-based', I was referring to the latter (the browser- based / initiated ones)

Edit: and the VPN situation would apply, regardless of Jetpack or McD's wireless, so don't base the original decision, solely on VPN.

The two are essentially the same, with a key distinction:

Both are wireless, but at least, if you change the defaults on your Jetpack, there's less chance of someone getting your actual key.  And because it's your Jetpack, you have more control over encryption type being used, etc.

But at the end of the day, if you use a good VPN / secure tunnel, for any data you need secured, you'll save money by using McD's bandwidth (no cellular data), unless Verizon has suddenly come back with unlimited data plans.  I know they dropped them, here.  It sounds like you'd be using it a lot, so your data plan would be costly, if you use the Jetpack.  When I used a mobile hotspot solution, it was for 'random' occasions, not everyday, consistent usage.

That said, the VPN solution is one you'll want to look closely at, as well.  I've found quite a few holes in the web-based / ssl vpn solutions.

I pretty much use burp, all the time.  

Two reasons:

A.) Acunetix, with all it's bells and whistles, is costly and tends to be unreliable, from my experience (I second cd1zz on that)

B.)  Burp just WORKS, and works well / consistently.  I personally know no experienced and trustworthy pentesters, who would disagree.

I guess if you're prepared to cross-check every finding from Acunetix, using tools like burp, anyway, to validate the findings, having multiple tools is nice.  But if you can do without it, and get by without it, I'd stick to burp.

It's really the same with most of the GUI vuln tools, etc.  Sure, they're handy and faster, in many cases, than manual testing.  But they usually come with a hefty cost associated, and if I can show the same vulnerabilities using free tools, without having to cross-check findings, etc, then I prefer to save my time and money.

My 2 cents, anyway...

Looking forward to hearing another 'pass'

Good luck!

^^ what he said ^^

Oh, and one more note...

If you're at McDonalds or wherever, that they HAVE wireless, you really have no need to leave your JetPack on, anyway.  You won't be using your data /Verizon's services, while you're on restaurant wireless, so turn it off, while there, and that part ALSO becomes a moot point.

The only reason to have it on, there, is if you're trying to get others to connect through YOUR connection, which isn't really ethical.

I don't have a Macbook, but I'd assume that, just like a windows laptop, there should be a setting to tell it to do nothing when you shut the lid...  I can't believe they wouldn't have one...

If that, in and of itself, is enough to answer all your questions (besides changing the passwords - and the SSID if possible - to something other than the default, which I'd still strongly recommend), then by all means, find out how to do it, so you can take it with you, and that solves your issues.

As far as sidejacking, etc, that's a whole other discussion.  Apologies, that I don't have time to jump in on that one, this morning, but I'm sure others here might respond to it.

Good luck in your learning.