foreword
Some time ago, the well-known organization Mycos Research Institute released the "2022 China Undergraduate Employment Report" , which listed in detail the undergraduate green card majors in the past five years, among which information security ranked first.
Cybersecurity Outlook
Regarding the development and employment prospects of network security, I don’t need to say much. As one of the majors with higher income for fresh graduates, network security also occupies a popular position in the field of career change. It mainly has the following advantages for career change:
- There is a large talent gap in the industry. By 2027, my country's network security talent gap will reach 3.27 million
- The knowledge system is friendly, and students with relatively weak computer and English skills can also learn to get started
- The entry threshold is low, and you can study and work with a college degree
- High salary starting point
- A wide range of employment options, a major contains more than ten kinds of jobs
There are abundant positions and a large space for choices, which determine the height of career development, which is one of the reasons why network security is so popular. In this article, I will plan for you how to systematically study the major of network security. Friends who want to find a job or change careers, remember to like and bookmark~
study plan
Next, I will arrange a one-month primary plan for network security for you. After you finish the study, you can basically work in a network security-related job, such as penetration testing, web penetration, security services, security analysis, etc. ; If you learn the class insurance module well, you can also work as class insurance engineer. Salary range 8k - 15k
【Help safe learning one by one, where all resources can be obtained one by one】
primary
1. Theoretical knowledge of network security (2 days)
① Understand the relevant background and prospects of the industry, and determine the development direction.
②Learn laws and regulations related to network security.
③The concept of network security operation.
④Multiple guarantee introduction, guarantee regulations, procedures and norms. (Very important)
2. Penetration testing basics (1 week)
①Penetration testing process, classification, standard
②Information collection technology: active/passive information collection, Nmap tool, Google Hacking
③Vulnerability scanning, vulnerability utilization, principle, utilization method, tool (MSF), bypassing IDS and anti-virus
reconnaissance④ Host attack and defense drills: MS17-010, MS08-067, MS10-046, MS12-20, etc.
3. Basic operating system (1 week)
① Common functions and commands of Windows system
② Common functions and commands of Kali Linux system
③ Operating system security (system intrusion troubleshooting/system reinforcement basis)
4. Basics of computer network (1 week)
①Computer network foundation, protocol and architecture
②Network communication principle, OSI model, data forwarding process
③Common protocol analysis (HTTP, TCP/IP, ARP, etc.)
④Network attack technology and network security defense technology
⑤Web vulnerability principle and defense: active/ Passive attack, DDOS attack, CVE vulnerability recurrence
5. Basic database operations (2 days)
①Database foundation
②SQL language foundation
③Database security reinforcement
6. Web penetration (1 week)
①Introduction to HTML, CSS and JavaScript
②OWASP Top10
③Web vulnerability scanning tools
④Web penetration tools: Nmap, BurpSuite, SQLMap, others (chopper, missed scan, etc.)
So, so far, it has taken about 1 month. You've successfully become a "script kiddie". So do you want to continue exploring?
Intermediate, Advanced
7. Script programming learning (4 weeks)
In the field of network security. Having programming ability is the essential difference between "script kiddies" and real network security engineers. In the actual penetration testing process, in the face of a complex and changeable network environment, when the common tools cannot meet the actual needs, it is often necessary to expand the existing tools, or write tools and automated scripts that meet our requirements. Some programming ability is required. In the CTF competition where every second counts, if you want to efficiently use self-made scripting tools to achieve various purposes, you need to have programming skills.
For students with zero foundation, I suggest choosing one of the scripting languages Python/PHP/Go/Java to learn programming of common libraries
Build a development environment and choose an IDE. The PHP environment recommends Wamp and XAMPP, and the IDE strongly recommends Sublime;
Python programming learning, learning content includes: grammar, regularization, files, network, multi-threading and other common libraries, recommend "Python Core Programming", there is no need to read it
Write the exploit of the vulnerability in Python, and then write a simple web crawler
Learn PHP basic grammar and write a simple blog system
Familiar with MVC architecture, and try to learn a PHP framework or Python framework (optional)
Learn about Bootstrap's layout or CSS.
Top Cyber Security Engineer
This part of the content is too far away for students with zero foundation, so I won’t go into details. Here I will post a rough route. Interested children's shoes can be researched by themselves
other
Finally, there are more installation packages and source codes that Xiaobai needs most, so I won’t show them here one by one. If you need them, click
[Help one by one to learn about security, where to get all the resources one by one]
① Network security learning route
② 20 penetration testing e-books
③ Security attack and defense 357-page notes
④ 50 security attack and defense interview guides
⑤ Security red team penetration toolkit
⑥ Network security essential books
⑦100 actual combat cases of vulnerabilities
⑧Internal video resources of major security companies
⑨Analysis of past CTF capture-the-flag competition questions
learning path
Of course, many friends want to have a glimpse of the entire system of network security. After four years of polishing, it has been successfully revised to version 4.0 "Learning Roadmap for Network Security Engineers with an Average Salary of 40w"
1. Video Tutorial
This part is a video tutorial supporting the above learning route, which is easy to understand and more conducive to the learning and digestion of zero-based friends.
2. Domestic and foreign network security/hacking technology e-book PDF
Due to sensitivity, I can't show it directly, sorry.
3. SRC vulnerability mining/HW network protection action
After watching the video and reading the book, then it is necessary to practice the project. The best way to do it is to dig loopholes and play the game. Here I will share with you the golden finger of the game.
4. Interview questions
When you finish the entire tutorial, the ultimate goal is to get a job, so you must have no reason to miss this set of internal interview questions from various major factories, right?
Epilogue
To be honest, there is no threshold for obtaining the zl package mentioned above. However, I think many people get it but don't learn it. Most people's question seems to be "how to act", but in fact it is "can't start". This is true in almost any field. The so-called "everything is difficult at the beginning", the vast majority of people are stuck at the first step, and they have eliminated themselves before they even started. If you really believe you like cybersecurity/hacking, do it now, more than anything else .
The field of network security is like a towering tree full of fruit. There are countless onlookers standing under it. They all claim that they like network security and want to pick the fruit from the tree, but they are hesitant when faced with the vine branches that hang down from time to time. indecision.
In fact, you can climb this tree by just grabbing any vine branch. What most people lack is such a beginning.