I do like the lessons learned section. I have been out of the unix world for almost two years now and had never used OPIE. After reading the writeup, I can see the definite use of something like this. The next time I have to admin a unix system, I'll definitely be using that to cover my butt.
From a pen-testing perspective, I found it enlightening that the sshd config files were misconfigured, allowing login access from the Internet (although this was specifically not desired). Have to remember to check your configs with a real world test, don't just trust that everything lines up the way you think it should.
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk