YuckTheFankees,

If you want to take a SAN course, GSEC or GCIH would be good to start out and get your foot in the SEC door.

Here are some books to help:

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2nd Edition - Dafydd Stuttard (Author), Marcus Pinto (Author)
^ big book just came out. Helped me alot with my GWAPT certification.

HACKING EXPOSED WEB APPLICATIONS, 3rd Edition by Joel Scambray, Vincent Liu and Caleb Sima
^ Dont know much about this one. It has good reviews on amazon.

One thing to remember is to expect to be derailed. My path has changed sooo much since i started, for example i expected to do the OSCP and CISA among other things by now. Like the greats you must be able to adapt.

My path was the following.

Linux (When i was in H.S.)
Network Security (College Degree)
Learned Python (In College)
I got a Info Sec Analyst Job (which I am now.)
Took GCIA
Took GCIH
Took GPEN
Taking GWAPT exam - err... thursday *crosses fingers*
Going Back to School for M.S. CIS
Looking to take EnCe
Then GCFA and CCE
Then GSEC, CISSP
Finally GSE

I really want to throw the OSCP in there somewhere. it may have to wait until i complete school.

As for impulses path i would change it to the following.
1.   Linux Skills (selfstudy) – Done – Took 1 month and 20 days (10/20/11)
2.   Python skills (selfstudy) - Process (this will be a never ending step. push to background look at 'gray hat hacking with python') &
3.   CEH (do this earlier it will set a good foundation)
4.   tcpdump / Wireshark skills (monitoring) (selfstudy) (first understand tcp dump and packet analysis, you will get wireshark better.)
5.   Wireless certification from Offensive Security (Online training)
6.   Metaploit / Nessus Skills (self study) (understand how exploits and payloads work. pre and post exploitation)
7.   OSCP certification from Offensive Security (online training)
8.   GPEN (selfstudy) (the business side of pen testing)
9.   Web pen tester certification from Elearnsecurity (online training)
10. GWAPT?

Powered on python, I Like it!.

I bet you someone was checking there email on the OP computers.

History of the world part 1, is where that quote is from. Congratz on the training.. saver and bring us back some of that learned stuff

This is wireless btw:

SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses

here is the more comprehensive list of vulnerable by design ISOs i have found

http://g0tmi1k.blogspot.com/2011/03/vulnerable-by-design.html

Simple Fast and Targeted = Scripts

Have you looked at Paros or Burp Suite?

Malware Analysts Cookbook

http://www.amazon.com/Malware-Analysts-Cookbook-DVD-Techniques/dp/0470613033/ref=sr_1_1?ie=UTF8&qid=1316517960&sr=8-1


Gray hat python

http://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921/ref=sr_1_1?s=books&ie=UTF8&qid=1316517985&sr=1-1

Counter hack reloaded should suit you fine. if that material isnt "disallowed" that should help i would make sure you look at the missed questions on your practice test though.

It looks like you have enough background to go through the GCIH (504) no problem. I think that will capture your interest as it deals with sec and forensics alike. I say go for it. you should do fine.

OSCP IT IS!

Wow this actually covers from stuff i am going through right now.

I am scheduled for the CISA in Dec. I wanted to complete a cert in the mean time by end of Oct. then study for the CISA. As I just completed the GPEN, I am up in the air as to if i should do the GWAPT or the OSCP.

P.S. I am also going back to school for my masters in Jan. I will be talking web app development which may compliment the GWAPT

Should i do my OSCP now. then cisa and Gwapt in jan or should i do the gwapt then CISA and OSCP?