You have got to be kidding me.  This thread has turned into the geek version of "tastes great! Less filling!"  and Ginger versus Mary Ann.  Cerberus, the straight answer is that the information security field is still really young, and there is no standard way that folks tend to get involved.  Some people are going to start from the OSI model approach and move into the tools, some folks are going to start from the tools and move into the OSI model.  To be worthwhile you are going to have to be able to do both.  If you get stuck on the OSI side of the house then you are probably not going to understand how to actually carry out or defend against an attack.  If you get stuck using just the tools then you are a scriptkiddie who is completely dependent on other people to make your tools, and if you can't find the perfect tool for a situation then you're stuck.  Try this approach:  If you are already in the OSI mindset (like most students, sys admins, etc) then go on bugtraq and lookup the most common attacks against the systems you are familiar with.  Since you are already familiar with your systems then you should be able to understand what the exploit is doing to break your stuff.  The next step is to research the tools that use that exploit in order to attack your system.  Keep doing that and you'll start to pickup a good understanding of the exploits and the tools.  If you are already on the tools side of the house, then just go the opposite direction.  If you're using nessus, take the time to actually read the reports, follow the links, and understand what the vulnerabilities are that it is finding.  If you're throwing around nmap then read the man page and every time you see a networking/protocol term that you're not familiar with, go research it.  If you're into metasploit then take 10 minutes to bring up the code of the exploit you are about to fire off.  You're probably not going to be able to make heads or tails of it, so take a couple of days to familiarize yourself with some coding.  You'll eventually have to get to this point if you are going to want to write some of your own toys, which is starting to become necessary to avoid mature IDS/IPS systems.  By the time you work through these steps you'll start to be able to figure out where you want to go next.  Before long you'll realize that each of these areas is an enormous field of study by itself, which is why most "super hackers" actually focus in one area at a time. 

That cuts both ways.  I'd sit on the witness stand and suggest that you are probably one of the guys who wrote the virus, stole their identity, and charged all of those 900 calls to their credit card.  Still, coin flip, but becoming less so every year as the public becomes more and more computer literate.

dean busts out the SODDI defense... FTW!
http://cyb3rcrim3.blogspot.com/2006/06/trojan-horse-defense.html

Dean, good addition to the discussion.  Just to throw more fuel on the fire:

-Any live distro CD is going to be a good solution for your local system since any data is not going to be persistent.  You turn the computer off and it all goes "poof".  Well, except for all of the network traffic that brought the feds to your house in the first place.  The problem is that sometimes you are going to need to store some data for long term use.  Working with a gig size file in an OS that runs only in memory is going to cause some problems.  (hint: load BT2 live CD, mount local hard drives, turn them all into TreuCrypt volumes, throw all your crap in the secondary hidden volume)  Major problem with this solution is that the user is still at risk of getting picked up before they can kill the system.  At that point everything is still available.  Mot of the time you wouldn't want to turn everything off if you went outside because you're going to lose a lot of data (the whole live CD thing).
-Even using remote systems, proxies, bot nets, IRC, P2P, malformed packets, encrypted tunnels, smoke signals, isn't going to be perfect.  It is a great first step (as dean pointed out), but at some point you have to interact with those systems in order to do your work.  If that can ever be physically traced back to you, you're in trouble.  That means don't let it be physically traceable to you as per dean's "use coffee shop" comment.  You are still vulnerable to physical observation, though.  If I see you at the same couple of coffee shops every time we are tracking naughty data, well, as was already pointed out, actually catching you with the data is only part of the case.
-I'm not l33t enough to rootkit a thumbdrive, but I can drop some fun stuff on the system you'll be plugging into.  That might get me what I need.  Now, if your live distro was stored on the USB key and you were booting off of it...
-I have rarely even heard of deadman switches that work as advertised.  If you wire them correctly and are actually in the right spot to use them then you might get away with it.  But that's a lot of assuming things work correctly.  (Note: the coolest one I ever saw was a guy who stored all of his CD's and DVD's inside microwaves.  He had all of them turned on, but plugged into a power strip that was turned off.  All he had to do was turn on the power strip button to nuke everything he had.  Too bad for him that he got arrested at his mom's house.)
-Antiforensics are a bitch, but not if you are only using the data on the system to support a case not make it.  If you stomp my time stamps I could still use other data (physical observations, network logs, my rugged handsomeness) to convince a jury that it was probably you that pulled down that picture from boysinsprinknlers.com.  That being said, it does start to introduce a lot of reasonable doubt.
-Dean's last point is dead on.  Most people get caught by being stupid, cocky, and lazy. If they used all of the recommendations that he brought up they'd probably be in good shape.  Most of them won't.

That will always be a catch for investigators, but it is offset a bit if those parts of your hard drive are still mounted when the system is taken into custody.  If you can secure the suspect before they unmount those areas or power off the system, then the encryption is worthless.  If they do manage to get it locked you can often make your case based on the network traffic you've been monitoring and the bits and pieces left over in the host OS that will indicate what they've been doing.  Remember, if the feds are kicking down your door they've probably already got a pretty good load of evidence against you. If you get a court order allowing you to rootkit their system before you take them into custody, you'll probably already have the password plus a log of the activities.  That naughty traffic also has to go somewhere and do something, which they probably already have observed and recorded.  Unless you are just hacking stuff for fun you are going to have to do something with the data you've collected. (use the credit card numbers, sell the data, control your bots, etc)  All of that activity leaves evidence scattered all over other networks, not just your home systems. If all else fails, I've seen situations where the suspect is subpoenaed and order to produce the password.  If they don't, they are held in contempt until they do.  That puts some heat on them to comply since they can sit in jail as long as the judge can allow.

I've served my share of warrants, and I think there are some problems with your scenario:
1)Assume that everything is just the way you've laid it out.  You are still in trouble.  If you've done something on the level that would cause me to come kick in your door, that means I've probably been monitoring your traffic for awhile.  When then traffic goes dead the second I come through your door, we tend to cal that a “clue”.  Even if your server isn't right there with you, it will take 15 minutes to call the judge and get an expanded warrant.  In the mean time I'll be reminding you that destroying evidence is a felony, you're buddy is probably going to screw up the whipe, I'll pull everything off with EnCase, but by then I'll be tired and pissed off.
2)To be a bit more realistic, your above scenario isn't going to happen.  If I'm interested enough in you to kick in your door that means I'll be monitoring you, not just your traffic.  If you are working with someone else then you are probably going to meet with them at some point, which means I start watching them.  Trust me, it won't take more than a couple of days to figure out that when you, him, or both of you are at home then the naughty traffic is occurring.  That means I get two search warrants, and when your door is being kicked down, so is his.
3)To be even more realistic, the above scenario is also a bit unlikely.  If I think there is a chance that you'll destroy the evidence, why am I going to give you a chance?  There is this place called “outside” that people go to in order to get food/alcohol/smokes/paychecks/transvestite hookers/etc.  It is usually a lot easier and a lot more fun to wait for you to go get a slurpee, arrest you in the parking lot, and then watch you piss your pants when I tell you that we just served a search warrant on your place 15 minutes ago.  I'll probably even drink your slurpee for you.
4)If you've really done something bad then the above scenario isn't going to happen either.  Almost every agency that would be doing this kind of investigation is going to have access to their own keyloggers, trojans, backdoors, etc.  (Read up on the FBI's Magic Lantern)  Again, if you are doing something that is going to get your door kicked in then you are probably worth having someone install one of these little toys on your system.  That means I've captures all of the keystrokes for your putty sessions which negates your “but its a remote system and you can't see me” argument.
5) Unless you are doing this hacking just for shits and giggles, at some point you probably expect to make a profit off of it.  Most hackers get busted by investigators following their money trail rather than their network trail. 
6) Once all of this goes to trial then your remote setup is going to work against you.  It just goes to show the judge and jury that you were very aware that you were involved in something illegal.  It will probably add an extra year or so onto your sentence in Federal Pound-Me-In-The-Ass prison where your only joy will be reading my smart ass forum submissions.

The most I've seen is a couple of dozen channels.  At any point in time about 5 or so have 20+ people.  The main channel seems to be 50+ most of the time.

I'm lurking on cyberarmy's servers for now.

Was there ever an IRC chatroom setup?

Bill,
  I've been a reader of the site for awhile, just never made an account.  Hopefully I'll bring something to the table other than comic relief.

I haven't used virtualbox since VMWare made VM Server free.  Most linux distros will have package that will let you install it without too much pain.  It will definitely allow you to stand up virtual networks as you need them.  Basically you can just assign virtual NICs to each machine that you create, and then you can use the command console to descibe how the NICs relate to each other.  For example, if you wanted to simulate an external penetration test you could create a VM with your testing system (or use your host OS), create another VM and use it to make a firewall, then create a third VM for your target system.  You'd give the firewall VM two NICs, and then use the main console to set one NIC as the external connection which will connect to your testing VM, and then set up the second NIC as the internal connection and connect it to your target OS.  This would let you try out various firewall configurations to see how they would affect your penetration testing.

(First of all, Congrats on the hire)
This post caught my eye because I end up doing most of the technical interviews for my firm.  For the rest of the folks out there that might be interviewing in the near future, make sure to try and get a specific job description in addition to the title of the position.  Most of the people I interview are sent to me by the HR/Recruiters, and all they've been given are a generic job title and description (ie "IT Security Consultant").  The problem is that we are usually trying to fill several positions at once, and since the recruiters don't have the background to understand most of the technical aspects of the job they just throw all of the "security guys" together and send them to us.  We are expected to figure out during the interview what position, if any, the person would fall into.  So, as a bit of advice, try to find out before hand the specifics of the actual position for which you will be interviewing.  Most of the time the position will fall into one of three slots: auditors, vulnerability assessment, and pen testing.  If you see audit key words (controls, regulations, etc) you'll be expected to speak to stuff like SOX, HIPPA, FISMA, and so on.  If you see general security words (common tools, scanners,etc) then expect to be able to speak to the general OSI model, the scanners, types of exploits, stuff along the lines of the original poster's questions.  If you see anything about doing manual exploits then you'd better be comfortable speaking to application hacking, zero day exploits, client side attacks, and so on.  There is nothing more uncomfortable for the interviewer and person being interviewed than when the person being interviewed is completely in over their head.  Just my two cents...

Hello EHN community,
   I am an experienced penetration tester and computer forensics examiner looking for hourly or contract work.  I am physically located in the Midwest region of the US, but I can work remotely for any global region or time zone.  In addition to my technical skill set I have extensive experience producing professional formal reports, managing large scale engagements, and I regularly present to C level executives.  Currently I am a consultant for one of the Big-4 advisory firms where I manage their penetration testing and vulnerability assessment teams.  My full resume is available upon request.
EDUCATION:
-Bachelor's & Master's in Computer Science
-CISSP, CISM
TECHNICAL:
-BackTrack Suite, Metasploit, Paros, AppScan, Nessus, etc.
-EnCase, Helix, Autopsy, FTK
-C, C++, Ada, LISP, HTML/XML, Java, JavaScript
EXPERIENCE:
-(Present) Security Consultant
   --Multiple Fortune 100, State/Federal Government customers
        --Several international customers
-Manager of DoD SOC
-Air Intelligence Agency
-Air Force Office of Special Investigations
   --Computer Crimes Investigations