Why is there a shortage of people in network security? What kind of people are lacking?

Enterprise 2023-05-05 00:25:58 views: null

1. Why is there a shortage of people in network security?

The reason for the lack of people is that there are new needs.

In the past, all enterprises centered on products. It didn't matter what loopholes you had, whether your user information was leaked or not, as long as the products I made were popular.

All this came to an abrupt end with the promulgation of a series of laws and regulations related to network security, such as the "Network Security Law", "Data Security Law", and "Network Security Review Measures". The country and the individual have begun to pay attention to network security. You see You can feel the strong concern that the recent national network security review of Didi has aroused.

According to the requirements of the new network security laws and regulations, if your company has a network security problem, not only the company must be punished, but also the person in charge of the company should be punished jointly, or even sentenced to prison. Do you think which boss knows the seriousness of this problem and can sit still?

So there is a gap in cybersecurity personnel.

2. What kind of people are missing?

**A.** Most companies need someone who understands general security protection. The specific requirement is to at least ensure that there are no loopholes in the enterprise's portal website, that the internal information of the enterprise will not be leaked, and that it will not be held accountable by relevant departments. The enterprises mentioned here refer to enterprises with a certain scale and informatization needs, excluding small workshops, small processing factories and the like.

**B.** Enterprises providing Internet products need people who understand R&D security. Due to the previous environment, most R&D personnel did not have knowledge about network security. As a result, those who understand R&D do not understand security, and those who understand security do not understand R&D. Understand. Although this situation is gradually improving, it is still a great dilemma for such enterprises.

**C.** Enterprises providing Internet services need people who understand business security. I personally think that business security is actually the most difficult part, because it is not the same as R&D security. After all, R&D personnel have certain network and information knowledge, and they have a lot in common with network security, many places - click and connect. Business security needs to be very familiar with the business process. However, most people who are very familiar with the business are the backbone of the business, and generally do not have much energy to study network security in depth, which also leads to the occurrence of many business logic loopholes.

**D.** Large-scale enterprises (such as large state-owned enterprises and multinational enterprises) need people who understand network security traceability Q and emergency response. Such enterprises often have a large number of information assets and complex network structures, requiring specialized departments to conduct control inspections within the enterprise, and at the same time trace and deal with problems found.

**E.**What network security products and service providers need is what we call network security personnel who understand offense and defense. If you want Party A’s father to give you projects and funds, network security product and service providers need to prove their strengths. The best way to prove their strengths is to accept the "Voting Certificate Q", which is your service ability to dig out loopholes and the protection capabilities of your product.

What I listed above is just a general classification, and cannot cover all situations, and the needs of each type of enterprise listed are not separate, but only focus on direction. For example, a multinational Internet company needs people who understand conventional security protection, R&D security, business security, traceability and disposal, and so on. .

3. Ways to solve the security personnel gap

According to the above content we analyze one by one.

**A.** People who understand conventional security protection: Generally, the information department of an enterprise will solve the problem by itself. At this time, the enterprise information department will consider whether it is necessary to recruit a separate security officer based on cost and demand. After all, many routine security protections can be solved by ordinary information operation and maintenance personnel by themselves, such as patching, closing high-risk port Q, and modifying weak passwords.

**B.** People who understand R&D security: There are very few people who understand both R&D and security. At present, the commonly used method is to test the code through related network security products, and there are also capable companies to conduct research on R&D personnel. Network security training, in this regard, the industry also has many cases that can be used for reference.

**C.** People who understand business security: It is almost impossible to recruit such people directly. If necessary, they can only be cultivated from within the business department.

**D.** People who understand safety traceability and emergency response: This type of people is almost only needed by large companies, and only one team is needed. The team size does not need to be particularly large, and it is generally trained internally Combined with external recruitment, the recruitment is also for people with high technical strength.

**E.** Network security personnel who understand offense and defense: This part is what we often call network security personnel.

4. How to learn safety

So what skills do you need to master to become a network security engineer with a zero-based entry into network security? Regardless of self-study or looking for training courses, is it difficult to get started in network security as a zero-basic novice? Generally speaking, getting started with network security generally requires the following knowledge, you can refer to the roadmap:

(Each module can be expanded, so I won’t expand it one by one here, the length 1 is a bit long, and the content is more)

If you are learning other technologies and have strong self-discipline, then learning by yourself is enough, otherwise it is not recommended to learn by yourself. Since network security itself is a major with strong offensive and defensive combat capabilities, the field of network security must be practical, and true knowledge comes from practice! The situation that requires practice is not something that can be touched by self-study, and other assistance is needed.

How to get started?

Let's get down to the specific technical points, the network security learning route, the overall learning time is about half a year, depending on each person's situation.

If you refine the content you need to learn every week to this level, you still worry that you won’t be able to learn it, and you won’t be able to get started. In fact, you have learned it for two months, but you have to learn from east to west, what? The content is just a taste, and I haven't gone deep into it, so I have the feeling that I can't get started after studying for 2 months.

1. Concepts related to web security (2 weeks)

  • Familiar with basic concepts (SQL injection, upload, XSS, CSRF, one-sentence Trojan horse, etc.);

  • Google/SecWiki by keyword (SQL injection, upload, XSS, CSRF, one-word Trojan, etc.);

  • Read "Mastering Script Hackers", although it is very old and has errors, it is still possible to get started;

  • Watch some infiltration notes/videos to understand the whole process of actual infiltration, you can Google (infiltration notes, infiltration process, intrusion process, etc.);

2. Familiar with penetration related tools (3 weeks)

  • Familiar with the use of AWVS, sqlmap, Burp, nessus, chopper, nmap, Appscan and other related tools;

  • To understand the purpose and usage scenarios of such tools, first use the software name Google/SecWiki;

  • Download the backdoor-free versions of these software for installation;

  • Learn and use, specific teaching materials can be searched on SecWiki, for example: Brup's tutorial, sqlmap;

  • Once you have learned these commonly used software, you can install Sonic Start to make a penetration toolbox;

3. Infiltration combat operation (5 weeks)

Master the entire stages of penetration and be able to independently penetrate small sites. Look for infiltration videos on the Internet to watch and think about the ideas and principles, keywords (infiltration, SQL injection videos, file upload intrusion, database backup, dedecms exploits, etc.);

  • Find a site/build a test environment for testing by yourself, remember to hide yourself;

  • Thinking penetration is mainly divided into several stages, and what work needs to be done in each stage;

  • Study the types of SQL injection, injection principles, and manual injection techniques;

  • Research the principle of file upload, how to truncate, double suffix spoofing (IIS, PHP), parsing exploits (IIS, Nignix, Apache), etc.;

  • Study the principles and types of XSS formation, the specific learning method can be Google/SecWiki;

  • Study the method and specific use of Windows/Linux privilege escalation;

4. Pay attention to the dynamics of the security circle (1 week)

  • Pay attention to the latest vulnerabilities, security incidents and technical articles in the security circle;

  • Browse daily security technology articles/events through SecWiki;

  • Pay attention to practitioners in the security circle through Weibo/twitter (if you meet a big cow’s attention or a friend’s decisive attention), take time to check it every day;

  • Subscribe to domestic and foreign security technology blogs through feedly/fresh fruit (not limited to domestic, usually pay more attention to accumulation), if you don't have a feed, you can look at the aggregation column of SecWiki;

  • Cultivate the habit of actively submitting security technical articles to link to SecWiki every day for accumulation;

  • Pay more attention to the latest list of vulnerabilities, and recommend a few: exploit-db, CVE Chinese library, Wooyun, etc., and practice when encountering public vulnerabilities.

  • Follow the topics or videos of domestic and international security conferences, and recommend SecWiki-Conference;

5. Familiar with Windows/Kali Linux (3 weeks)

  • Learn Windows/Kali Linux basic commands and common tools;

  • Familiar with common cmd commands under Windows, such as: ipconfig, nslookup, tracert, net, tasklist, taskkill

  • wait;

  • Familiar with common commands under Linux, such as: ifconfig, ls, cp, mv, vi, wget, service, sudo, etc.;

  • Familiar with common tools under the Kali Linux system, you can refer to SecWiki "Web Penetration Testing with Kali Linux", "Hacking with Kali", etc.;

  • Familiar with metasploit tools, you can refer to SecWiki, "Metasploit Penetration Testing Guide";

6. Server security configuration (3 weeks)

  • Learn server environment configuration, and be able to discover security problems in configuration through thinking;

  • IIS configuration under Windows2003/2008 environment, pay special attention to configuration security and operation permissions;

  • The security configuration of LAMP in the Linux environment mainly considers running permissions, cross-directory, folder permissions, etc.;

  • Remote system reinforcement, restrict user name and password login, and restrict ports through iptables;

  • Configure software Waf to strengthen system security, and configure mod_security and other systems on the server;

  • Conduct security detection on the configuration environment through Nessus software and discover unknown security threats;

7. Script programming learning (4 weeks)

  • Choose one of the scripting languages ​​Perl/Python/PHP/Go/Java to learn programming of commonly used libraries;

  • Build a development environment and choose an IDE. The PHP environment recommends Wamp and XAMPP, and the IDE strongly recommends Sublime;

  • Python programming learning, learning content includes: grammar, regularization, files, network, multi-threading and other common libraries, recommend "Python Core Programming", do not read it;

  • Write the exploit of the vulnerability in Python, and then write a simple web crawler;

  • Learn PHP basic syntax and write a simple blog system, see "PHP and MySQL Programming (4th Edition)", video;

  • Familiar with the MVC architecture, and try to learn a PHP framework or Python framework (optional);

  • Understand Bootstrap's layout or CSS;

8. Source code audit and vulnerability analysis (3 weeks)

  • It can independently analyze script source code programs and find security problems.

  • Familiar with the dynamic and static methods of source code audit, and know how to analyze the program;

  • Find and analyze the vulnerabilities of open source programs from Wooyun and try to analyze them yourself;

  • Understand the causes of web vulnerabilities, and then search and analyze them through keywords;

  • Study the formation principle of web vulnerabilities and how to avoid such vulnerabilities from the source code level, and organize them into a checklist.

9. Security system design and development (5 weeks)

  • Be able to build your own security system and put forward some security suggestions or system architecture.

  • Develop some practical security gadgets and open source to reflect personal strength;

  • Establish your own security system and have your own understanding and opinions on company security;

  • Propose or join the architecture or development of large security systems;

I also sorted out some learning materials and notes for you, most of which are quite good, I hope it will be helpful to you!

Big gift package: "Hacker & Network Security Introduction & Advanced Learning Resource Pack" for free

There is no threshold for obtaining the above resources. As long as you really want to learn about network security, go ahead and do it boldly!

5. Summary

The field of network security is like a towering tree full of fruit. There are countless onlookers standing under it. They all claim that they like network security and want to pick the fruit from the tree, but they are hesitant when faced with the vine branches that hang down from time to time. indecision.

In fact, you can climb this tree by just grabbing any vine branch. What most people lack is such a beginning.

Guess you like

Origin blog.csdn.net/jazzz98/article/details/130287114
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com