I in no way think your chosen path is wrong.  Congrats on pursuing an information security degree!

But as you say, it is something you need to work toward.  B.S. in ISsec is a good technical start.  If you wanted to do a more managerial route, it could help with working with the business-types out there, which will come in handy too.

To me, a B.S. degree is simply a way to get in the door of a company, just like any career certs.  Most companies require B.S. degrees simply to make sure you are the kind of person that can stick something out for 4 years regardless of what "it" is.

The real trick is to keep your career goal in mind for the following years after school.  Keep pursuing it and learning as much as you can, taking as many opportunities as you can to move ahead toward the goal.

A common sentiment in this industry seems to be excitement about security is not enough, you need to REALLY know what you're doing to be taken seriously.  Go after the degree/certs not for the title but for the knowledge that title describes, and if at the end you can't talk at length about what you just accomplished then you probably missed something.  Ask yourself, if you were a business owner, would you want you securing your network?  If not, what can you do to develop that confidence?

Keep your goals in sight, get your degree, and keep moving and before you know it you will be there.

Well, we have to admit, they do deserve it.

It was one thing to get hacked and have so much data stolen.  To me the most epic of epic fail about this was how LONG it took them to get the network back up.

I had been wondering this myself.  Thanks for the discussion.

Actually just yesterday I had to find out what OS a customer machine was running without having any access other than I knew I could ping it.  Nmap saved the day.  However when I did it, I had a strange feeling like, "I wonder if this is throwing up any alerts?"

Congrats MaXe!  Thanks for all your contributions over the past year!!

Not to jump on the bandwagon, but ultimately I agree certs do not equal qualification and are mainly used for getting past the HR process.

However, I like having certs.   It feels like quantifiable method of judging accomplishment.  This feeling is 90% water vapor, 9% test taking ability/memorization, 1% actual useful knowledge... but I still like it.

The question remains: how is it possible to quantify a quality when qualities are inquantifiable by definition?

Sil (et al.) - point to as many objections as you want, businesses want a number.  Your worth as an employee, contractor, whatever is based on this number.  Certs make the number go up.  It's business.

I asked my contact at Global Knowledge about the instructor/materials.  It looks like yes they will be using the official coursework.  However, he could not provide me with the instructor info.  I was told the instructor can change up to the day before class starts so the course is essentially listed as instructor TBA until the day of.

Also I asked about getting the books early and he just said no (in a nice way).  I do have v6 coursework that I looked through about half, so maybe that's enough.

I believe they will be providing official coursework.  The training is through Global Knowledge, 5-day class.  I'll ask about getting the books early.

Thanks guys!

Well, the time has finally come to attend CEH class!  I'm really looking forward to taking the class, which is set to begin in about 3 weeks.

Question -
What kind of prep work would you recommend doing before starting the class?  I'd like to take the exam either immediately following the class or give myself a week to do touch-up study.

I have done a bit of playing with Metasploit (metasploit unleashed), I know Linux well enough to get by, lots of Windows admin work, almost done with CCNA #2 (had ccna a few years ago that expired), lots of college-level coursework in OOP like Java and .NET C#, played with perl/python/vbscript/powershell/ruby.  I'd say that's pretty well rounded, though not much of the above is extremely deep.

So what do you think?  Any advice on topics to brush up on before attending CEH class?

http://www.hackernews.com/2011/07/08/hnncast-2011-07-08/

Too bad... I liked watching the often under reported stories.

For some reason I was immediately brought back to j0rdy's April Fools joke.

Still getting a laugh out of that one... 

Great job, and congrats!

I'm a Network Application Engineer right now, but over the past five years or so I've moved from help desk (~1yr) to server admin, business/systems analyst, application developer, and network engineer, though not all of those had associated titles.  I've done security related tasks in all of them and having security principles in mind helps the decision making at any stage.

I guess it really depends on what you want to do with security, which is a huge question.  I still don't know where my diverse background will take me, but I'm thankful for every bit of it.

Cachedump, yep that worked.  I came across references to this script but didn't investigate.  Thanks!!!

Thanks, I did come across the Metasploit Unleased link, which I was successful doing, and the video is helpful as well.

This still relies on having a local account (the video uses "andrew") that has the same username and password as a domain user.  I want to assume there are no local accounts on the XP box.

One would think that somewhere the domain credentials have to be cached for offline login...

In their latest "press release" they seem to be expecting to be caught eventually and they really don't care.  I wonder if they can really speak for the whole when they say that?  Hm.

That is a good point about them being open about their hacks, which normal people don't typically hear about.  My guess is in the underground the hacks are just as sensationalized, though I could be wrong.

The culture of Lulzsec saddens me because I feel it is a culture of people who have lots of potential that can't make proper use of it, and they need to express their frustration in a kind of cynical, fatalistic activism.  Maybe I'm old fashioned, but I believe anyone with the kind of dedication, expertise and innovation it takes to do these hacks can really make a good life using their talents legally (and morally for that matter).