Slashdot videos: Now with more Slashdot!

I say you should go for it. I don't think that the recruiter thing is the best way to go, though. As you have experienced, recruiters generally have their hands tied as far as what they can present to potential employers because of experience and degree requirements. That said, look locally. I grew up in a tiny dying town with almost no jobs in IT, but there was a local IT business (WISP, consulting, PC repair) that I got to work for as a helpdesk tech my Senior year in high school. When I went to college, I left on good terms so I had a Summer job waiting for me. Throughout college, I worked there and for the school of Engineering's network helpdesk. When I graduated, I was able to go on with a degree and experience to get the job that I wanted and now I'm working as a network security engineer and I'm 5-10 years younger than all my colleagues.

The point is, maybe don't look for an official start to your career right now. Instead, look for work locally that will get your foot in the door and give you experience. Find a local IT consulting or web design house and ask to work for them. Sell yourself like you did in this submission. If that doesn't work out, talk to your university. I don't know what they have going on, but I'm sure there are plenty of opportunities for undergrads to get involved. Talk to the helpdesk for your particular school within the university (like ECN at Purdue); talk to the university's global helpdesk (like ITaP at Purdue); talk to your professors. If none of those turn up anything (which I find highly doubtful), look into contributing to open source projects. Drupal, Joomla, and friends are possible projects to start with. Just don't quit looking for opportunities wherever they happen to appear and remember that there are more local opportunities than you may realize.

Came here to say this.

I've used KeePass (or, in my case, KeePassX since I'm on *NIX) for about 6 years and it's been great. Encrypted local storage that I can sync between devices if I want, with an Android app (KeePassDroid) available makes life easy. It's also the only approved password storage method where I work.

the normal curriculum generally didn't provide any exposure to computers beyond "Keyboarding" and "Computer Applications," meaning MS Office. I graduated from high school in 2006 and there was really nothing made widely available by my school. There was a vocational class for computer operations (only 4 students including myself took it), which was actually quite useful -- intro to networking concepts, intro to programming (VB 6), and all of the information needed to get CompTIA's A+ certification. Throughout the year, I was able to bat ideas around with the teacher, including the idea of making a beowulf cluster (just 3 or 4 nodes) to showcase some of the things computers could be used for. The class was the last half of the day and really helped solidify my basis into computing. At one point, the teacher had the network engineer for the school system come in to teach us how to terminate fiber (which we later ran to provide network access for the machine trades vocational class). I really have some fond memories of that class and to this day, I'm friends with the teacher.

My experience was *not* normal by any stretch, though. As I mentioned, there were only 4 students (later dropped down to just 3) in the class from the entire county. I was the only person from the hosting school (1000-1500 students). The teacher I had that year returned to industry the very next year and, from what I heard, the quality of the class dropped tremendously when his successor took over. To my knowledge, the class is still the same poor quality that it was after he left.

As far as I know, learning anything related to computers in high school (in most midwest counties) is learned the same way as it was a decade or two before -- individuals being motivated to learn for its own sake and befriending others who are like-minded. LAN parties, though passed off as completely useless by parents (more often than not), provide(ed) the greatest source of computing knowledge exposure -- setting up the LAN (and segmenting it from the user's parents' use), troubleshooting why a computer would fail to work, troubleshooting why a pirated game wouldn't run on one machine when everyone else wanted to play, and understanding physical infrastructure requirements (i.e. power) are routinely dealt with in the environment of a high school LAN party, and are directly applicable to industry (with much more learning outside of these parties to fill in the gaps, of course).

So many comments and none of them really answering OP's question. First: Yes, OP needs to ensure that what he's asking for is actually what he wants to do. Now, OP: How about using Open Source IDS/IPS? Something like Bro (http://www.bro-ids.org) could be a good option. It's completely scriptable and keeps track of general information (number of connections, what IP addresses are talking to what others, etc.), but where it really shines is that it alerts on "weird" traffic and since it's scriptable, you can write your own protocol inspection code to look at network streams on the fly and only pull out what matters. To implement this kind of system, I'd put a linux/bsd box inline acting as the network's gateway so everything on the network outbound goes through it, enable routing (linux: add net.ipv4.ip_forward=1 and net.ipv6.ip_forward=1 to /etc/sysctl.conf, bsd: add net.inet.ip.forwarding=1 and net.inet6.ip6.forwarding=1 to /etc/sysctl.conf), configure the firewall as needed (NAT and what have you), and set bro up to look at the traffic. Then I'd define very clearly what traffic I thought was "interesting" and warranted looking into. That traffic I would write some inspection code for and wait for alerts (which can be formatted however you please -- they're just text). Finally: Should an I[DP]S be used for oppression? No. Should this type of solution even be implemented at all on a home network? I think that's an issue that can only be answered by the client. Remember: anything can be used for good or evil. Make sure that anything you build and sell is going to be used for good (as much as you can ensure such a thing, of course). Talk to your client. I have a feeling that training for dealing with social engineering will go a lot further than a custom-engineered DLP system.

non-issue. According to the advisory, this particular issue "Spawns a root shell [and h]as not been tested for potential remote exploitation vectors." As has been stated multiple times earlier already, BT is generally used as root locally and (until someone determines remote exploitability) this is a local-only exploit. TFS is wrong. This is not a "critical flaw in BT," but a flaw in WICD that allows privilege escalation. Still something that definitely needs fixed, but if someone has local access to your box, you can pretty much assume they already have root.

Ahh. Point. I didn't realize that ISC support provided notifications in advance.

I am 100% with you up until you say, "I'm amazed how many people run large, production name servers on BIND yet don't have a cheap support contract. If you run BIND, rather than getting your alerts via /. look into a support contract so you get them directly from the vendor." I have a couple issues with this. The first is simply that it's perfectly reasonable to expect a good UNIX admin to handle BIND without issue for generalist deployments. The other issue I have is that you don't need a support contract to get these alerts. Sign up for the bind-announce mailing list (link: https://lists.isc.org/mailman/listinfo/bind-announce). Again, I'm totally with you up until the end there.