hmm...maybe my opinion was based on the movies i saw and not the list. i see i missed quite a few. someway i see alot of movies like for example swordfish where the hacker is profiled like that. i really like the part where they compare languages, hehe 

i totally agree. i believe it makes you a better hacker if you understand the concept behind the hack then when you just run a script and hope for the best...however the borderline between script kiddie and (ethical) hacker are quite grey...

Good article! however i believe that the most populair ones always feature the young playing in his room with computers type. There is a link in the article referring to the 50 movies he used for his study. so if your on a friday night at home and dont have anything to do, just work up that list.

thank you all!

@Dutchie: ill see if i can contact a moderator about our request

i guess we all have to start out as script kiddies right? nothing wrong with that, but you need the motivation to go beyond that. keep learning. most important: hack to learn, not the other way round. if you don't, you will always be a script kiddie...

to be honest, CEH isnt really a purely technical or purely management for that matter. the best advantage you will get from the course is the ethical hacker mindset. sure you will learn some tools and the way they work. but why they work is much more interesting. i would say its the best step towards sysadmins. if you know how they get in, you will know how to keep them out. anyway it was the best way my boss could spend his money

funny, i started the other way around. when i landed my security job, i immediately pursuit CISSP. i'm not saying it was the best idea, but i'm glad i did. another thing to keep in mind that could come in handy is this:

http://www.bankinfosecurity.com/careers/articles.php?art_id=2025&pg=2

remember that the only gain you will have is with the points mentioned by Adriano!

because all the "good" answers have already been given, i can only tell you what NOT to do

stay away from the cissp in 21 days book, way to high level and does not cover the thing that is mostly required (CISSP "mindset" which can only be obtained from the original material).

also the CISSP for dummies was mostly a waste of time. some areas were covered perfectly, while others were lacking and some even too deep (way to technical for the exam).

on the other hand, a few good tips that came from CFD are:

get some earplugs. i really hated to be in a room with 100 people all eating, drinken and moaning about the difficutly of the exam.
get plenty to eat/drink for yourself, 6 hours is killing!
schedule some breaks, it will improve your focus and speed during the exam.
don't plan anything after the exam, maybe the only thing you want to do is grab a beer (with some friends if you prefer).

good luck and tell us how you did!

thank you for the warm welcome! i'm looking forward to see what this board will bring me.

good to know. ofcourse i want to get the most out of the course, including the extra challenges. So i guess the best advise is to take the complete package (60 days). considering this i have to wait before i can register. i'm planning a little holiday in early may so starting in the end of march/beginning of april would be a good option...

glad you like the list!!! if people need pointers on installation of for example the hacme's just let me know, i'm willing to help!

good luck with OSCP! did you get the 30 day or 60 day package? i'm trying to get an idea how much material it contains so i can see if its possible in 30 days.

here the list i promised:

CTF4 (Capture The Flag 4 from LampSecurity.org)
CTF5 (Capture The Flag 5)
CTF6 (Capture The Flag 6)
De-Ice1_100 (first challenge from heorot)
De-Ice1_110 (used to attack the first challenge)
De-Ice2_100 (second challenge from heorot)
pWnOS (the last challenge from heorot, focussed solely on milw0rm)
DVL1.5 (Damn Vulnerable linux)
Hackerdemia (another challenge from heorot)
Moth (Moth by Bonsai information security)
OWASP (opensource web application security live cd with tools)
Ubuntu WebGoat (OWASP vulnerabilities)
WinXP Foundstone (Hackmes challenges)
WinXP Mutillidae (Mutillidae vulnerabilities)

and the urls:

http://sourceforge.net/projects/lampsecurity/files/
http://heorot.net/livecds/
http://www.damnvulnerablelinux.org/
http://www.bonsai-sec.com/en/research/moth.php
http://www.owasp.org/index.php/Main_Page
http://www.foundstone.com/us/resources-free-tools.asp
http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10

good luck with building the lab!

i have a bachelor in IT communication systems and a master in IT science. during these studies i gained some what people call "script kiddie" knowledge, hehe. After i graduated i started with my CISSP immediately. Actually i'm ISC2 associate, because i cant comply to the needed experience in the security field yet (already corrected in the signature). after that i got the possibility to do CEH, wich i took with both hands. right now i'm orienting for OSCP or maybe (if the budget lets me this year) LTP. knowledge wise i feel like i'm sky rocketing right now, and i love it. I want to keep it that way for some time to come...ambition is definately there, so we'll see whats gonna happen...

reminds me of the following:

in the beginning the internet consisted of a few smart users and a lot of dumb terminals, now...

i see alot of people asking where to start and if this is the right career for them. since i'm already too deep in it to quit i was wondering what people do to get in contact with other "enthusiasts" nearby. sometime i wish i had like a studygroup with the same interest and a place to hang out. any new student should have a master who is willing to train newcomers, or at least direct them in the right way. At this point i discovered hackerspaces. a little info:

http://hackerspaces.org/wiki/

i was wondering what your opinion is about these spaces and if there any good for the ethical hacker. most of them have a much wider scope then just ethical hacking wich could drive then away....what do you think?

still not home (stuck on work for another few hours) but here are a few from the top of my head (i'll add the links later)

lampsecurity, CTF 4,5 and 6. documentation is available from the same source. very good and focussing on webapplications (so prepare for SQL injection and stuff) also covers a few good tools, but for a start it can be quite hard.

De-Ice, 1,2 and dont forget pWnOS! very good one wich is focussed on milw0rm and exploit-db!

Hacme's Foundstone. A bit harder to do because of the installation needed. then again it took me about a day to get the most of them working (trust me, with my knowledge, you will probably be quicker)

DVL. just download, boot and get started. no manuals, no pointers, no documentation...the ultimate challenge! a good tool to start with is the OWASP os, or if you prefer BT use BT

Mutilidea (sp?) is based on the OWASP top 10. havent done this one yet so dont know if it is any good.

Moth. same here, havent done this one yet.

the last 2 require some installation too, but didnt give me much trouble.

in my personal lab i also included some standard installations of a linux distribution, windows XP/Vista/7 and Server 2000/2003/2008 as victims.

the main advantage of a virtual lab is when you use backups and mess up, its delete and copy and your ready to go!