Since I have written a lot of network security technology-related stories before, many readers and friends know that I am engaged in network security-related work, so people often ask me on WeChat:
I just started network security, how should I learn? What should I learn? What are the directions? How to choose?
Unlike back-end development positions such as Java and C/C++, which have a very clear learning path, network security is more about exploring on your own. There are many things to learn and it is difficult to form a system.
Friends who often read my articles know that my articles are basically based on technical output based on stories, and rarely talk about workplaces and interviews. The main reason is that everyone’s pressure is already very high and the pace is fast. The official account is a place for everyone to relax, try to write some brisk content. However, as more and more people ask me the above questions, I will write a special article today to set the stage.
In recent years, as network security has been listed as part of the national security strategy, the development of this once subdivided field has accelerated a lot. In addition to some traditional security vendors, some Internet giants have also increased their investment in this area. , Followed by attracting more and more fresh blood.
Cybersecurity branch
In fact, on top of the concept of network security, there is a bigger concept: information security. This article does not discuss the difference between the two in terms of academic division. Unless otherwise specified, the article treats it as a concept. Let's take a look at the actual work direction and the subdivision routes.
In the technical category of this circle, jobs mainly have the following three directions:
Security R&D
Security Research: Binary Direction
Security research: the direction of network penetration
Let me explain them one by one below.
Security R&D
There are two main categories of R&D posts in the security industry:
R&D positions that have little to do with security business
R&D positions closely related to the security business
You can understand cyber security as the e-commerce industry, education industry and other industries, each industry has its own software research and development, cyber security as an industry is no exception, the difference is that the research and development of this industry is development and network security business Related software.
That being the case, common jobs in other industries also exist in the security industry. Front-end, back-end, big data analysis, etc., belong to the first category above and have little relationship with the security business. Here we focus on the second type of R&D positions closely related to the security business.
This classification can be divided into two sub-types below:
Do security product development, do defense
Do security tool development and attack
The products to be developed by the security industry mainly (but not limited to) the following:
Firewall, IDS, IPS
WAF (Web Site Application Firewall)
Database gateway
NTA (Network Traffic Analysis)
SIEM (Security Incident Analysis Center, Situation Awareness)
Big data security analysis
EDR (security software on terminal equipment)
DLP (Data Leakage Prevention)
antivirus software
Security detection sandbox
To sum up, most of the products developed by security are used for detection and detection and defense against security attacks, involving the terminal side (PC, mobile phone, network equipment, etc.) and the network side.
The technologies used in the development of these products are mainly C/C++, Java, and Python three major technology stacks, and there are also a few GoLang and Rust.
Compared with the other two directions, security R&D positions have lower requirements for network security technology (just relative, the R&D of some products does not require low security skills), and I have even seen many companies that have nothing to do with security. know. In this case, if you have an understanding of network security technology in addition to basic development skills, it will naturally be a bonus item when you interview for these positions.
In addition to the requirements of general development skills, security R&D positions can focus on the following technologies:
The above list is only the most directly relevant part, and we need to understand more security technologies to better develop products. Continue to look down.
Binary security
Binary security direction, this is one of the two major technical directions in the security field.
This direction mainly involves software vulnerability mining, reverse engineering, virus Trojan horse analysis, etc. It involves operating system kernel analysis, debugging and anti-debugging, and anti-virus technologies. Because they often deal with binary data, binary security is used to collectively refer to this direction over time.
The characteristic of this direction is: need to endure loneliness .
It's not as good as security research and development that can have tangible product output, and it's not as cool as the direction of network penetration sounds. This direction is more time for silent analysis and research.
Take vulnerability mining as an example. It takes a lot of time just to learn all kinds of attack techniques. In this field, in order to study a problem, it may take months or even years, which is definitely not something that ordinary people can persist. Not only that, success is not just hard work, and more depends on talent.
People like the heads of Tencent's major security laboratories, well-known leaders of TK and Wu Shi in the industry have already understood the meaning of vulnerability mining, and have mastered this skill. They can think of new gameplay in a dream. However, geniuses like this are so few that most people can't match them.
If programmers are hard pressed, then binary security research is hard pressed Plus.
If you still have the courage to enter this field after reading these, then these are the things you need to learn:
Compared with security research and development, this direction is not only more technically difficult, but also few companies provide these positions, and they are basically distributed in several first-tier cities in Beijing, Shanghai, Guangzhou and Shenzhen.
Network penetration
This direction is more in line with most people's perception of "hackers". They can hack mobile phones, hacked computers, hacked websites, hacked servers, hacked intranets, and everything can be hacked.
Compared with the binary security direction, this direction is easier to get started in the early stage, master some basic techniques, and pick up various ready-made tools to open the hack.
However, if you want to change from a script kid to a hacker god, the further you go in this direction, there are more things to learn and master:
The direction of network penetration is more inclined to "actual combat", so there are higher requirements for the breadth of technology , from network hardware equipment, network communication protocols, network services (web, mail, files, databases, etc.), to operating systems, attacks Techniques and so on need to be understood. It is more inclined to be an all-round computer expert, who integrates various technologies for "real combat."
The direction of network penetration has the following directions:
Security service, commonly known as Party B, is the most important direction to provide Party A company with security capability support, such as penetration testing, product security testing, etc.
Security capacity building, commonly known as Party A, domestic companies with a small scale have their own SRC (Security Emergency Response Center), which means they have their own security team.
National team: you know
Learning route
After talking about the three major technical directions above, let's talk about how to get on the road. Let me talk about my views.
First of all, don't think about directions, first lay the foundation!
Step 1: Computer Basics
This first step does not have much to do with network security, but a basic ability that anyone who enters the IT field must master. The following five major courses are the techniques that the university teachers taught us to learn the best no matter what technical direction you are in. Now it seems that they are still out of date:
computer network
Principles of Computer Organization
operating system
Algorithm and data structure
database
In fact, each of these courses has a lot of things in it. Basically, they can't be mastered in one study, but with everyone's career, different technical stages will have different understandings and feelings.
For specific learning, it is recommended to refer to agile development and iterate continuously: have a rough understanding -> have a further understanding -> thoroughly master -> learn the new by reviewing the past. Don't worry about learning and understanding one course before entering the next course.
Step 2: Programming ability
After having some of the basic skills above, you need to do something at this time to write some code and exercise your programming skills.
The following three items are the best languages that practitioners in the security industry can master:
Shell script
Master the commonly used Linux commands, write simple Shell scripts, and handle some simple transactions.
C language (C++ optional)
The C language has no complex features. It is the ancestor of modern programming languages. It is suitable for writing low-level software. It can also help you understand computer knowledge such as memory, algorithms, and operating systems. It is recommended to learn it.
Python
C language helps you understand the bottom layer, and Python helps you write functional software such as network, crawler, data processing, and image processing. It is the programming language that programmers, especially hackers love, have to learn.
Step 3: Safety first experience
With the first two steps in place, it is time to get in touch with some network security technologies. At this stage, you still don’t circle yourself and only learn technologies in one direction. At this stage, my suggestion is: But when you dabble, see the past .
Network protocol attacks, Web service attacks, browser security, vulnerability attacks, reverse cracking, and tool development are all in touch, know what this is for, and discover your interest in the process, and let yourself be interested in various fields of network security The technology has a preliminary understanding.
The fourth step: divide the direction
In the third step, I slowly discovered my point of interest, whether I like to develop various tools, or I like to hack websites, or I am obsessed with attacks on the host computer...
At this time, you can think about the direction behind yourself, and then start to focus on this direction, and continue to cultivate deeply through the technologies in each direction in the above mind map, and become a master in a certain field.
study method
The technical classification and learning route are introduced above, here to talk about the learning method
Reading and learning, this is the most basic
Actually, the development route needs to write more code, read excellent open source code, analyze more samples in the binary route, write EXP, etc., and use the website to practice hands more in penetration testing (legal way), etc.
Play CTF, participate in more cyber security competitions, and exercise your hands-on skills in an environment close to actual combat
Mix in circles, mix more communities, communities, and forums where security giants appear, master industry information, and understand the latest technological trends (the HD version of the mind map is available)
to sum up
The above are some of my personal suggestions to friends who are new to network security. Finally, there is one point that needs to be explained:
The technologies in the different directions listed above are not strictly independent. On the contrary, they often complement each other and need to be combined and integrated.
Everyone's cognition is limited, and I am no exception. This article is just my family's words, I suggest that you read more people's summary and experience, and compare it horizontally.
Tips
If you want to get the full HD version of the above thought guide, you can reply " safe " to get it automatically.
Welcome to continue to pay attention to Xuanyuan. Next, I will take the time to output a compilation of safe route learning quality materials, so stay tuned.
Previous TOP5 articles
Too slow to bear! The CPU is using hard drives and network cards again!
I almost lost my job because of a cross-domain request
That's it! The CPU just begged for something to happen soon!
Which hash table is stronger? Several programming languages are arguing!