So in an effort to not be a computer janitor for the rest of my life, I've been blitzkriegging on my certs so that one day I can be a pentester. I guess the eternal question has yet again come up, "do these certs really matter?"

I can't answer that. I know people who have their CompTIA certs, their MS certs and they don't really know their stuff, or they are in a place where their employer can't let them use the knowledge they may have learned in order to get those certs. In listening to Exotic Liability, I hear that it is a problem in the security industry too.

I don't have a college degree. I know that is fairly common, but I've always been told that certs were the way to go if you don't have a degree. I can't really find a job working in the field, even as a low level security pentester (Dong of America: Florida, not going anywhere any time soon) I'm not really all that skilled in a lot of hackery type things, but if anything I just gotta work at it enough. (tl;dr get my ass in gear and build my lab up) I'm not sure that I will ever contribute great things to the community, but I want to be above the standard lately (that I've been hearing about) of 'professional' pentesters and as they said on EL: social-security engineers and tool runners. We need security justice!!!

Speaking of tool running, I recently got my ACE cert through work using the FTK for computer forensics. I work in law enforcement, if I haven't made that apparent yet. I was volunteered at work because I'm interested in security and I usually complete my work very fast and have multiple projects finishing at any one given time. While the toolkit is nice and it does it's job very well, it is not what I imagined computer forensics to be. In fact, the most difficult part for me was learning how chain of custody worked. It was a huge disappointment. Ah well.