foreword
I have been engaged in network security work for 12 years. I have worked in two large factories, including security services, after-sales services, pre-sales, offensive and defensive competitions, security lecturers, and sales managers. I have a comprehensive understanding of this industry. Let's start to get to the point, how to enter the network security industry step by step from a newcomer.
topic
First of all, before we are ready to enter this industry, we have to ask our hearts, why do we want to enter this industry if we have thousands of jobs?
I believe that everyone's answer is different. Some people will say that this industry as a whole makes more money than other industries, and some people will say that they like technology and want to study it. Some people will say that this industry is at the forefront, and they will accumulate contacts and start businesses in the future. No matter what your answer is, whether you are for money or technology, we must have an accurate positioning for ourselves, and we must be clear about what results you want to achieve in the next few years. With this goal, we will continue to fight. If you want to make money in this industry without any savings, no industry allows this, let alone the network security industry is still a new industry.
Only when you have a goal can you have the motivation to learn. Next, let's find out what jobs are available in the cyber security industry? Which positions are you suitable for
We do not list emerging technologies, even traditional security positions: security product engineer (or after-sales engineer), security consultant (pre-sales engineer), penetration test engineer, sales, security development engineer, security operation and maintenance engineer, emergency response engineer, Level protection assessor, security service engineer. In general, there are so many positions, and other niche positions will not be listed one by one.
General job content or responsibilities of security positions
After-sales engineer: after-sales service of safety products, including delivery and implementation of safety products, after-sales support, product debugging and putting on shelves. For example, if a customer buys our firewall, we need to send someone to install and debug it. We can't let the customer install it by himself. This is the main job content of product engineers or after-sales engineers.
Pre-sales engineer: Mainly to assist the sales to complete the documentary. To put it plainly, it is to cooperate with the sales. One will do business relations (eat, drink, give gifts and treat guests) and the other will do technical solutions (solve customers’ pain points). Two people cooperate to win the project .
Penetration test engineer: This position is the dream of most people, and it's time to show your personal skills. It is mainly to simulate hackers to attack the target business system, so stop.
Sales: No more details, I guess you young people don’t care too much, but when you grow up, you will find out how nonsense your previous understanding of sales is.
Security development engineer: Well, if you are engaged in development, you must also understand security. For example, if you develop a web application firewall, you don’t even understand web attacks, so why do you develop it behind closed doors? Can it prevent it?
Security operation and maintenance engineer: An organization has purchased so many security products, and someone must do operation and maintenance, analyze the logs, and update the strategy. Regularly check the security of the business system and check whether there are any threats in the intranet. This is what the security operation and maintenance engineer should do.
Emergency Response Engineer: When a customer's business system is attacked, it is necessary to quickly locate the security problem, quickly restore the business system, and some even need to collect evidence and report to the police. (If the value of something stolen at home is too high, why don’t you call the police? Why are you so worried)
Graded protection assessor: According to the national requirements, important business systems need to be protected according to the security level. At present, the country has released the graded protection 2.0 standard, and the construction should be carried out according to this standard. The job of the graded protection assessor is to assist customers to check whether the business system meets the requirements of graded protection, and rectify immediately if they do not meet the requirements.
Security service engineer: Many companies include penetration test engineers as security service engineers, which is harmless. Waiters who don’t know security services and don’t know how to eat are to help customers do security work. The specific content includes common vulnerability scanning, baseline detection, penetration testing, network architecture sorting, risk assessment and other work content. The scope of security services is very large, covering almost all the above-mentioned positions.
Having said so many positions, kick out sales and development (most teenagers don't care about these two positions), let's divide other positions, in fact, there are three directions: safety product direction, safety operation and data analysis direction, safety Offensive and defensive and emergency direction . In addition to this direction, there is another direction that is not listed - the direction of safety management . Don't worry, young man, you won't be able to use this direction for a while. Which company foolishly asks a newbie to do safety management?
Throughout all industries, there has never been a manager recruited directly from graduates. If so, please remember to contact me, I have several cousins who will graduate from college soon, let them apply for the job.
After the three major technical directions have been mentioned above, the question arises again. As a newcomer, what should I learn first and what am I learning?
Since you have asked so straightforwardly, let me tell you, where do you start with zero foundation?
The first thing to learn is network foundation + operating system + middleware + database. I believe that everyone in the university has basically learned it. If you have not learned it, you can find something online to learn it.
Then add a little bit of basic language skills, and suggest php, which is currently more popular.
The next step is to learn the basics of attack and defense. First, learn about stepping, enumeration, and vulnerability scanning, then learn about exploits, web site penetration, Trojan horses, privilege escalation, and lateral penetration, and finally understand clear logs and authority maintenance.
The above is a standard hacking process
You will understand when you see this outline
Finally, the problem came again: just tell me what book to read, there are a lot of names on it, and I don’t know what to look for. Don't write with me, I just want to start looking for a job in a few months.
Maybe you will say, reading is so boring, so what can you do? Of course I let you watch the video
In addition, the source code and so on are all ready, just waiting for you to get started!
Thank you for reading and following likes! I hope this article can help you get started with network security as soon as possible!
