you can still find copies of Helix2008R1.iso floating on the internet that's free.

While Ketchup brings up a good point that most certifications just mean you can study and find the right answer you have to think like the employer.  To them, it means you have some idea of the topic area and are willing to further pursue knowledge on it.

It's not a hard exam, it's meant to be entry level.  While some people bash it, it actually accounts for more than people think.  It can count as (1) one year off required experience for some certifications and the US DoD 8750 recognizes it as Level II Tech.

www.giac.org/8570/
www.dtic.mil/whs/directives/corres/pdf/857001m.pdf

I started messing around with Google Wave a few days ago and right away Ziplock popped on my contacts list.  Since the main purpose so far to use Wave is for real time collaboration/communication, I think it's a great way to ask questions about the courses and any problems you may be encountering while registered in one.

Run it with other rainbow tables or JTR, don't ask others to do the work for you... that's lazy.

Passed GCIH on Oct 22nd...  For those thinking of taking it but don't want to spend the money on the training or materials, I chose the road of self studying.  I used the practice tests, Counter-Hack Reloaded by Ed Skoudis and some cheat sheets from SANS and packelife.net for the exam.

You should also take a look at defense contractor's since you already have the security clearance.  Some of the bigger ones are :

• Lockheed Martin
• Boeing
• Northrop Gruman
• Raytheon
• General Dynamics

Hakin9 is another good one (hakin9.org)

An article about the redraft of the controversial Rockefeller-Snowe Cybersecurity bill which if you're unaware of would give the White house and the President the power to disconnect private-sectors from the Internet if they declare a cybersecurity emergency.

Other sections of the proposal include a federal certification program for "cybersecurity professionals," and a requirement that certain computer systems and networks in the private sector be managed by people who have been awarded that license.
-------
Article
-------
http://news.cnet.com/8301-13578_3-10320096-38.html

---------------------
S.733 redraft copy
---------------------
http://www.politechbot.com/docs/rockefeller.revised.cybersecurity.draft.082709.pdf

looking for suggestions on some good IDS/IPS books... I know there's quite a bit out there so if anyone has read one that stands out link me.... I'm not looking for a tool specific such as a Snort book but just a good general one covering many.

Appreciate it.

Anyone else have a chance to rifle through this act yet?  I've bee doing some reading and some interesting points have been brought up:

1) The bill gives the President of the United States the power to "turn off the Internet" in an emergency.
2) The bill requires mandatory licenses for practicing infosec professionals.

I'm more interested in how the second point listed above about InfoSec licenses will be interpreted.

Info on debate : http://shuurl.com/R5360
HTML version of Act : http://shuurl.com/M5358

I would say watch the videos along with the lab manual... there is a time limit for lab usage unless you request more lab time and add another fee.  If you get stuck there's always the IRC and forum to help assist your questions.

I kept getting an error when I used unetbootin and the Helix1.9 version but I read somewhere that I had to use the Helix2008R1.iso for it to work.  For whatever reason... it worked.  Try it with that version and it should work.

Not bad at all... I have prior experience with FTK but I would just say to look over their free study guide on their website and you shouldn't have a big problem.

I registered, got a confirmation email a day later with a link download to the image file and instructions to visit a test site with a passcode in order for me to register and take the test.  I just took the test, says I passed with the results so I'll keep you guys posted after a recruiter contacts me if it all goes legit.