Amen brother!

I must admit that it has its bad side - the long hours is certainly one I was anticipating though when I started in this field! Having done it for ten months now, i think I can categorically state that a lot of the qualifications the article mentions are not especially relevant for a technical security bod. Quite a few of them (the CISSP especially) are policy-based qualifications - which might be fine for people who are willing to grind away with all that dross (you certainly get well-recompensed for it, especially in the financial sector) but for nerds like me, I'd rather trawl through a load of IDS logs looking for suspect traffic any day of the week!

I'm still looking at doing the CEH course, but the more I look at it, the more it seems as though the course is an entry-level course, and not really worth anything to me educationally. Sure it'll look nice on my CV, but to be honest, even though its vendor-specific, the JNCIA is the cert I'm most proud of, as it was bloody hard to get. The CEH looks more and more like a course aimed at legitimising script kiddies who know nothing beyond Kismet, NMap and Auditor than it does a 'proper' security course.

I must add that I love working in Security. I've wanted to do it for the past three years and, unlike every other area of IT I've wanted to do (DBA, Network Admin spring to mind) it hasn't proved to be boring within six months of starting it!