As a popular industry that has emerged in the past two years, network security has become an industry that many people who have nowhere to work but want to change careers are more yearning but have doubts. After all, the development history of network security is relatively short, and the current domestic network security environment and The market situation is not yet known to the public, so after switching to network security with zero foundation, is it good to get a job? Today we will thoroughly analyze the employment situation of network security for zero-based career change entry.
First of all, we need to understand what jobs are available in the network security industry and the career development path of network security.
Some of the current main positions in the network security industry are: security engineer, security operation and maintenance, security service engineer, web penetration test, web security engineer, security research and development and security pre-sales positions.
For example, they generally work in security companies such as NSFOCUS, Sangfor, 360, Tianrongxin, etc. as security engineers, security services, and penetration testing positions. In Party A units such as operators (China Mobile, China Telecom), financial companies ( Ping An Technology, China Merchants Bank) and more in security operation and maintenance, web application auditing, web penetration testing and other positions. The specific job responsibilities can be roughly referred to as follows:
Security operation and maintenance:
responsible for the maintenance of servers and terminal equipment
Responsible for business security risk assessment and vulnerability mining
Responsible for the inspection and implementation of security incidents
Penetration testing
Responsible for the implementation of penetration testing and risk assessment
Provide network security attack and defense technology and emergency response work
Responsible for new technology research and products, and service implementation
Security Architecture
Responsible for the construction of the security system and defining the security model
Responsible for system security architecture planning and implementation control
Responsible for the tracking and analysis of various security issues and security incidents
Security development
Responsible for the research and development of the company's security products and tools
Responsible for the development iteration of some self-developed security platforms
Participate in the research and development of the company's security platform construction
Guarantee evaluation
Responsible for the safety evaluation of safety service projects
Responsible for the implementation of information security service level protection projects
Assist customers to complete the implementation process of graded protection
Security Management
Responsible for the formulation and review of information security-related processes, norms, and standards
Responsible for the construction of the company's overall security system
In general, there are many kinds of jobs related to information security, but from a technical point of view, they are basically divided into three categories, penetration testing related (scripts, network), protocol analysis related (reverse, network), bottom layer Security-related (kernel, drivers). The positions directly related to information security are positively related to technology and contacts. The longer the experience, the higher the position and the stronger the irreplaceability. Therefore, the career development path is sustainable and stable with a lot of room for growth.
So what skills do you need to master to become a network security engineer with a zero-based entry into network security? Regardless of self-study or looking for training courses, is it difficult to get started in network security as a zero-basic novice? In general, getting started with cybersecurity generally requires knowledge of the following:
-
Basic network reserves, common network protocol principles, various topological structures
-
Operating system reserves, basic principles of common operating systems, use of common commands and server construction
-
Middleware reserve, basic principles and usage of common middle prices
-
Database reserve, common database usage and environment construction
-
Programming language reserve, the use of common languages such as Python, Java, Go, C, C++, shell, etc.
-
Security basic knowledge reserves, common security testing steps, methods, and processes
-
Security vulnerability reserves, common WEB, Mobile, client, middleware, database and other vulnerability principles and utilization and detection ideas
When many people talk about network security, they either think of mysterious hackers, or technical masters with profound knowledge of computers, or they have no understanding of network security at all. The two levels of differentiation are very serious, which leads to people who want to learn network security. Stay away from this industry.
In fact, whether it is difficult to learn about network security is a question that varies from person to person. To say it is not difficult to learn does not mean that he has a higher IQ, and to say that it is difficult to learn does not mean that his IQ is lower. Regarding the criteria for judging the difficulty of learning network security, the main reason is that everyone has different learning methods. Everyone knows that the straight line is the shortest distance between two points, but in reality, many people have to go around several times to reach their final destination.
If you are learning other technologies and have strong self-discipline, then learning by yourself is enough, otherwise it is not recommended to learn by yourself. Since network security itself is a major with strong offensive and defensive combat capabilities, the field of network security must be practical, and true knowledge comes from practice! The situation that requires practice is not something that can be touched by self-study, and other assistance is needed.
Knowing the career profile of network security, what everyone is generally concerned about is what is the prospect of the network security industry? Is it an industry worth entering in the future? Let's talk about the big environment of network security now.
Cyber attacks are now considered to be the third largest threat in the world after extreme weather and natural disasters. Cyber crimes currently cause economic losses of more than 600 billion U.S. dollars per year, which is equivalent to the 22nd place in the world's GDP in Sweden. GDP!
Since the former US National Security Agency employee Snowden broke the news of the US Prism monitoring program in 2013, the whole world has realized the importance of network security. Cyber security incidents have occurred frequently in recent years. In 2020, Foxconn in Mexico suffered a ransomware attack and sold stolen files on its website. On December 9 last year, details of the exploitation of a remote code execution vulnerability in the open source project Apache Log4j 2 were made public. The attack method is extremely simple. Send a message with a vulnerability trigger command in the online chat of the game, and you can launch an attack on the user who received the message. Minecraft (My World) players have been attacked on a large scale.
It can be seen that network security has become a part of the country and people's privacy and property security, and it is becoming increasingly severe.
Therefore, my country has strengthened legislation in recent years. Following the "Network Security Law", a series of laws on big data security and personal information protection have been promulgated successively, which has greatly stimulated domestic network security employment demand.
The data shows that in 2020, the shortage of network security talents in my country has reached 1.4 million, a gap as high as 97%. At this stage, the average number of students majoring in information security graduated from colleges and universities in my country is 15,000, which cannot meet the market demand at all. In the first half of 2021 alone, the total demand for talents has increased by 39.87% compared with last year. Currently technicians can only fill 1% of the gap!
At present, my country's network security industry is in an emerging stage, not only has a huge demand, but also has a much higher salary level than other industries.
As an emerging industry in the IT Internet industry, network security does not have as many "relationship households" as traditional industries. Because of the characteristics of the network security industry, the requirements for academic qualifications are not rigid. As long as you have solid technology and certain practical ability, you can get a high salary!
According to the "2020 Employment Report of Chinese College Students", among the "top 10 majors with monthly income of 2020 undergraduates after half a year", the information security major ranks first. In the Beijing area, the average monthly salary of a security service engineer is 15,320 yuan, ranking high overall in the employment options of college students.
finally
In order to help you better learn about network security, the editor has prepared a set of introductory/advanced learning materials for network security for you. The content in it is all notes and materials suitable for zero-based beginners. I understand, all the information is 282G in total. If you need a full set of network security introduction + advanced learning resource package, you can click to get it for free (if you encounter problems with scanning codes, you can leave a message in the comment area to get it)~
CSDN spree: "Introduction to Network Security & Advanced Learning Resource Pack" for free sharing
Network security source code collection + toolkit
Network
security interview questions
Finally, there is the network security interview questions section that everyone is most concerned about.
The total data is 282G. If you need a full set of network security introduction + advanced learning resource package, you can click to get it for free ( If you encounter problems with scanning the code, you can leave a message in the comment area to get it)~
Video supporting materials & domestic and foreign network security books and documents
