Glad to hear this update! 

At this point Sony's new motto should be:

Sony
Make Believe Security.

+1 w/Don and WCNA. Since you're 8 years in. I'd grab the CISSP. If you end up taking an auditing role, I'd go for CISA once you hit the infosec job experience requirement.

For Incident Handling, you might want to look into some network and computer forensics material; there's tons of forensics experts on this forum floating around and I'm sure they'll chime in soon. Definitely take a look at the DoD 8570 requirements if you decide to get into government contracting:

http://www.giac.org/certifications/dodd-8570/

Contracting itself is a whole other topic of conversation but if you're looking for a quick fix, it's one thing to consider.

Sil had a great forum post regarding the different types of InfoSec roles and certs he believed had the most impact when it came to actually learning the material:
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,7836.msg42104/

There's a thread that started a little bit ago about CISSP study strategies:
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,7863.msg43431/topicseen,1/#new

Hope this all helps 

I answered all the questions in 2.5 hours and took another hour to make sure all the answers I put in the book matched those on the scantron. I used the 25 at a time method for about three cycles but then I said screw it and ran through the rest of the exam  .

I should have taken breaks but after about 100 questions, I just wanted to get it over with.

I'm super late on this but incase you're still watching:

If you have absolutely zero knowledge in networking you could start out with some free videos from Professor Messer:

http://www.professormesser.com/free-network-plus-training/professor-messers-free-comptia-network-certification-training-course/

These videos cover the Network+ exam and will provide you with fundemental information about networking in regards to stanardsa and basic equipment.

After that I would suggest reading the following:

http://www.amazon.com/CCNA-Certified-Network-Associate-640-802/dp/0470110082
http://www.amazon.com/Network-Warrior-Gary-Donahue/dp/1449387861/ref=pd_sim_b10

These books will scratch the surface (relative to CCNP level knowledge) of such as routing protocols and subnetting Cisco's way. This knowledge will not only help you with your CEH studies but its also applicable to several types of jobs in the industry.

Congrats Trocco! Whats next for you?

Here was my plan of attack:

Materials:

• Shon Harris 5th Edition AIO
• Official CBK
• Eleventh Hour by Conrad
• StudyIScope Questions (3 exam set)
• Ccure.org Paid Membership
• Carnegie Mellon VTE CERT videos

Method:

• Started with Shon Harris at domain 10 and worked backwards; read chapter, took notes, answered end chapter questions.
• Watched VTE CERT video on the domain.
• Cross referenced domain in Official CBK for any material I didn't understand.
• Did 50 questions on the domain on Pro setting from CCure.org
• Rinsed and repeated until I hit Domain #1. Once that was done, I reviewed the domains in the correct order.
• During the last two weeks before the exam, I took the StudyIScope exams once and went back over my notes and read up on anything I was still having trouble remembering.

My target was 5 days per domain (reading wise) but some were shorter than others as I had experienced a lot of the content of those domains in some of my previous jobs. In terms of the exam, a great friend of mine told me to take the exam 25 questions at a time. Essentially, you count that in your head 10 times and next thing you know it, the exam's over .

I am awaiting my results so I'll see how well this worked out for me. I definitely felt extremely confident walking out but anything can happen.

(Specific to degrees)

At the beginning of my career, I definitely noticed the effect of my B.A. Criminology degree in IT interviews. I would always get the classic "What are you doing here?" and "Why aren't you aren't you a cop or lawyer?" but my break came from my tone, resilience, and drive to succeed in interviews.

Since the commercial expansion of InfoSec, Criminology definitely comes more into play (Forensics/Law) so its not as much of a stretch to validate its IT relevance these days.

Some of the most versatile and knowledgeable professionals I know have B.A.s/A.A.Ss in non-IT related fields and they're doing more than fine. Having a degree, no matter what its in, gives you a well-rounded appearance to hiring managers as it shows completion and dedication to set a program.

I agree with everyone else in regards to getting your foot through the door. If you can get in there and deliver, your experience will slowly chip away at questions looming around a non-IT degree. A few years later, the questions around my degree have definitely changed; its gone from "whys" to "Oh, you have a degree? *check mark*".
 

+1. You definitely do not deserve to be harassed; the key word with Law Enforcement would be "threatening" or "imminent danger" depending on whether or not this harassing is just online or has manifested physically (I'm assuming at this point its virtually as you did not mention the latter scenario).

I was wondering about the training for this as well (50% off is pretty awesome). Maybe this is closer to IACRB's CEPT without the vul dev and reverse engineering?

Without violating NDA (for the networking issue), all I can say is think back to your pentesting methodologies and how networks work in general. Think about how hosts get IPs and what that interaction looks like. Think about what tools you could use to see network interactions.

Your host machine (if bridged) or guest VM(s) is/are supposed to leverage the two VMs. If you happen to get root on CPTVM1 before CPTVM2 or vice versa then so be it.

The networking advice sounds extremely basic but if interpreted right you'll soon be on your way. In my experience with this exam, you will definitely find multiple sticking points where things just don't work as expected but the pain and anguish is well worth it and  will be vastly beneficial in your overall development.

Nice post. I want to add this book to the mix.

I forget whether or not it delves deep into NSE but still definitely a good read from Fyodor himself!

http://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717/ref=sr_1_1?ie=UTF8&qid=1318400948&sr=8-1

I currently have it on my kindle but have not broke into it (as usual with most of my security books  ). I will definitely try to voice my opinion on it when I get the chance.

I was thinking about coupling the readings with Vivek's videos and hopefully take the OSWP as soon as it updated. Knowing the quality of Vivek's videos, I am 100% certain this should be a good read!

Thanks mile2 and good luck guys! 

+1.

In terms of the practical, make sure that you are documenting the steps you took to complete each phase of the pentest and the details involved. The final engagement report is a vital role in whether or not you pass in the end regardless of whether you get roots or not (actually rephrase; I don't think you can pass with no root pws).

My advice would be to take snap shots, title them according to what you were doing at the time, and maybe make a little notepad document correlating the events with the snapshots.