I'm curious to know what is the purpose for many here in studying slash certifying slash learning "ethical hacking" are you involved for the challenge, for the fame, for the money. What possessed you and now possesses some of you to continue on the road to ethical binary destruction? (hacking)

Personally, I like the challenges involved in learning something new everyday. I've been involved now professionally for who knows how many years, 14 or so plus on the security side, computing since the days of my Adam w/Smart Basic. There are so many arenas in security (penetration testing, firewalls, networking, cryptography, programming, etc.) I sometimes feel like a kid in a candy store. Cert-wise within the past 4-5 years, I started ramping up on certs not because I really care for them, but because of the market. Certifying is a dual edged sword. Some of the smartest people I know have zero certs. Yet some of the lamest (for lack of better terms) have the highest paying jobs because they certified.

Right now, I just like the challenge and have started looking at the certification process as another hack. I'd like to be able to learn enough to earn as many security related certs for the sake of saying: "another challenge down" yet at the same time much of the content bores me at times... E.g., I just took the CISM this past weekend and finished in an hour and five minutes. This is the second time taking the exam and the first time I failed by two points (scaled scoring). The first time, same results, I finished in about an hour twenty minutes and had to run to catch a plan. No studies, etc., this time I swore I would study and take my time... I did not study but I DID take my time... I even spent another 40 minutes going back over my answers but quickly got bored...

So there you have it... Personally I do it for the challenge... Why do you do it? (By the way, my focus for the year is scattered... CREA + Juniper certs + CISA*maybe* + ISRM coming up)

My opinion of certs is much like yours. I don't necessarily believe they prove anything other than you are good at taking tests. Even performance based certs are this way to an extent. I know plenty of people that are much smarter than me that don't have a single cert.

Now, as to why I got into security...I took a class in security during my studies, and I was hooked. I've always been very inquisitive, and so security appealed to me on the level that in order to really secure something, you have to understand exactly what is going on. Beyond just that, you must know not only what a widget is SUPPOSED to do, but also what it CAN do. This is a powerful motivator for me. As the OP stated, I'm like a "kid in a candy store" when I find some new or novel way of doing something.

like you, I took CISM last month June 12. Why I took it? well, it's related to my new job now that I've moved on to IT Security, so CISM is just nice. I haven't got CISSP yet...maybe next year.

I did CISA because my previous job requires me to be certified as I'm an IT auditor, and took CEH because part of the job is to learn new IT hacking stuffs, more like an interest to me to know how to use the tools, but not necessary means I'm going to do pen-test in my rest of the career.

cert or no cert, in reality, it does helps in passing thru the HR filtering, that segregates you out from those without having certs. then again, passing the interview is one thing, performing the job is another after you got the job!