This is kind of a tough situation because most of these products are crappy. Burp is the best, but only for one site at a time. It doesn't do well even with large, single sites.

The problem you're going to face is that the "right" product you find that can handle such a huge workload is probably going to give you the same marginal results, at best.

The only product that really comes to mind that you might want to consider is Nexpose. It does web app scanning, although I'm not sure how well, and it can get pricey but it's worth a look. You can schedule and it seems to perform well on larger engagements. I was also going to say appscan but you already don't like that product.

Appscan is like 30K and up, is that an option?

If you got every box, you should be good. No idea what this other challenge is you're talking about. My advice is to sleep well before and knock off the easy stuff first in the challenge.

Nice work!!

Your path will be unique, but as long as you achieve your milestones you can get there. To begin, those milestones should be certs. You certainly don't need a college degree to pentest, some of the best don't have a degree. My personal opinion is that if you can find a IA or IS degree that is a balance between "credibility" and cost, it cant hurt. Who knows, in 10 years you may need that college degree for some type of management gig.

To over simplify the process, and if money is no object here is how I would do it:

CCNA or MCSE -> GPEN -> OSCP ...

You will need to learn how to troubleshoot, that is probably the most important skill that does not come with a cert. As an electrician, you probably already have a knack for this. The ability to quickly analyze and fix issues is imperative.

This is probably the most common question here. Seems it comes up at least every week or two, search around and you'll find the same answers on each one.

Where are you located? Depending on your current salary, the strategy may be different.

First of all, "Backtrack" has a million tools on it, you need to know which tool to use for the task at hand. Otherwise its like trying to screw in a bolt with a tool box.

For OWASP, the likely tool to begin with is Burp. The "wireless grid" has no impact on OWASP, that is simply the network medium.

You can start here: http://www.securityninja.co.uk/hacking/burp-suite-tutorial-the-intruder-tool/

You cant just "run commands" an expect magic to happen. Web apps are usually custom written, so you need to know what you're looking for and subsequently plan your next steps. Learn about what each of the top 10 really mean.

Go read this book cover to cover: http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/1118026470/ref=sr_1_1?ie=UTF8&qid=1366896847&sr=8-1&keywords=web+application+hackers+handbook

Keepass

20% is a pretty big hit, but depending on where you are now, you could make it up. Feel free to PM me with specific numbers and I can give you a better idea (at least at US rates).

App security is exploding just like the rest of security. There are companies that will allow you to stay as a practitioner by doing something like this: associate -> consultant -> senior consultant -> principal or super senior, or whatever the term is.

It really depends on what you're trying to accomplish. If its for the love of the work, or if its to try and position your self for another position in 5 years, whatever, MY advice would depend on a number of other factors.

They're both awesome for pen testing.  Core impact has exploits in it that are not public and Meta Pro can help automate large pentests, it is a phishing platform and does some other stuff. Not sure about web app scanning, I doubt it. That would be be creeping into their other product, Nexpose. I always turn the Nexpose spidering/scanning option off. In my opinion, web app scanners are only as good as the guy using it. Burp is the only option + someone who knows what they're doing.

For network, you need a good vuln scanner. I like Nexpose. However, there are a billion vulns that dont show up in a vuln scanner either. Again, it depends on the person driving. I guess what I'm saying is that you need multiple tools. Meta pro and core are expensive, the rest are not. What you give up in the pro, you can make up with old school metasploit.

I completely disagree. Just gave Acunetix another shot this week on a client and hate it even more. Worst. Product. Ever.

If all you need are pretty reports with false positives, Acunetix is your tool.

I assume right click on the taskbar is dead too? Any right clickage?

Wireshark would do the trick. You just have to know what you're looking for

Can you use removable media or is there a CDROM either virtual or physical? If so, just drop a shell and try to escalate from there. Are there any other apps the regular user can access at all? Like in the system tray? Sometimes AV will still be accessible and within the AV you can escape the restricted desktop via the same methods....help menu etc.

I hate Acunetix, I use Burp Pro for everything now.