Recently, I saw a lot of people on the Internet asking related questions such as: "How to become a network information security engineer", which may be related to the frequent occurrence of network security incidents in recent years, and the country's increasing emphasis on Internet information security and Internet public opinion. Network information security engineers have subsequently become a hot profession.
First, let’s take a look at the definition of a network security engineer: it refers to working in accordance with the information security management system and standards, preventing hacker intrusions, analyzing and preventing them, and setting up firewalls, anti-viruses, IDS, PKI, Offensive and defensive techniques, etc. At the same time, personnel who carry out security system construction and security technology planning, daily maintenance management, information security inspection and audit system account management and system log inspection.
Network security talents will be hard to find, with a gap as high as 95%
In the past, when many government and enterprise units divided IT departments and positions, they only had R&D and operation and maintenance departments, and security personnel directly belonged to the basic operation and maintenance department; It is necessary to set up an independent network security department, attract security talents from all parties, and form an SRC (Security Response Center) to protect and escort its own products, applications, and data.
In just a few years, network security engineers have not only become a regular army, but also directly become a national strategic resource, becoming a scarce resource that many companies "hard to find".
According to the "Internet Security Report" released by Tencent Security, the supply of cybersecurity talents in China is currently severely lacking. Every year, only more than 30,000 talents are trained in security majors in colleges and universities, and the gap in cybersecurity positions has reached 700,000, which is as high as 95%.
There are many security job options, high salary and benefits, and good development prospects
Network security talents are engaged in a variety of positions. In terms of job setting, there is a big difference between government and enterprise organizations and security enterprises: the needs of government and enterprise organizations mainly focus on security management, security operation and maintenance, R&D and testing, penetration testing and vulnerability mining. , emergency response, CSO and other positions.
Security companies are mainly engaged in R&D and testing, security services, sales, pre-sales, after-sales, security management, product managers, security analysis, marketing, CIO/CSO and other positions.
According to different security technology directions, application scenarios, technical implementations, etc., network security can be classified in many ways. Here we simply divide it into network security, web security, cloud security, mobile security (mobile phone), desktop security (computer), host Security (server), industrial control security, wireless security, data security and other fields.
We go to the recruitment website and search for job titles such as [Network Security], [Web Security Engineer], [Penetration Testing], etc., and we can see that security positions have good salary and benefits .
Entering the topic, next, let's share how to get network security skills step by step from the shallower to the deeper.
skills required
Web and application-related content: HTTP, front-end, back-end, PHP
The network security route is different from the front-end and back-end, giving priority to learning network-related content, network security is network technology + security technology
Network technology: search for HCNA, CCNA, HCIA keyword tutorials, the syllabus (including at least) is as follows:
After the above study, you will have a network architecture awareness. The following figure is a suggested learning framework.
Cyber Security Learning Path
The first stage: getting started with basic operations and learning basic knowledge
The first step to getting started is to learn some current mainstream security tool courses and supporting books on basic principles. Generally speaking, this process takes about 1 month.
At this stage, you already have a basic understanding of cybersecurity. If you have finished the first step, I believe you have theoretically understood the above is sql injection, what is xss attack, and you have also mastered the basic operations of security tools such as burp, msf, and cs. The most important thing at this time is to start laying the foundation!
The so-called "foundation" is actually a systematic study of basic computer knowledge. If you want to learn network security well, you must first have 5 basic knowledge modules:
1. Operating system
2. Protocol/Network
3. Database
4. Development language
5. Principles of Common Vulnerabilities
What is the use of learning these basics?
The level of knowledge in various fields of computer determines the upper limit of your penetration level.
[1] For example: if you have a high level of programming, you will be better than others in code auditing, and the exploit tools you write will be easier to use than others;
[2] For example: if you have a high level of database knowledge, then when you are conducting SQL injection attacks, you can write more and better SQL injection statements, which can bypass WAF that others cannot bypass;
【3】For example: if your network level is high, then you can understand the network structure of the target more easily than others when you infiltrate the internal network. You can get a network topology to know where you are, and get the configuration of a router. file, you will know what routes they have made;
【4】For another example, if your operating system is good, your privilege will be enhanced, your information collection efficiency will be higher, and you can efficiently filter out the information you want.
The second stage: practical operation
1. Mining SRC
The purpose of digging SRC is mainly to put the skills into practice. The biggest illusion of learning network security is to feel that you know everything, but when it comes to digging holes, you can’t do anything. SRC is a very good opportunity to apply skills.
2. Learn from technical sharing posts (vulnerability mining type)
Watch and learn all the 0day mining posts in the past ten years, and then build an environment to reproduce the loopholes, think and learn the author's digging thinking, and cultivate your own penetrating thinking
3. Range practice
Build a shooting range by yourself or go to a free shooting range website to practice. If you have the conditions, you can buy it or apply to a reliable training institution. Generally, there are supporting shooting range exercises.
Phase 3: Participate in CTF competitions or HVV operations
Recommended: CTF Competition
CTF has three points:
【1】A chance close to actual combat. Now the network security law is very strict, unlike before, everyone can mess around
[2] Topics keep up with the frontiers of technology, but many books lag behind
【3】If you are a college student, it will be very helpful for finding a job in the future
If you want to play a CTF competition, go directly to the competition questions, if you don’t understand the competition questions, go to the information according to what you don’t understand
Recommended: HVV (network protection)
HVV has four points:
[1] It can also greatly exercise you and improve your own skills. It is best to participate in the HVV action held every year
【2】Be able to meet many bigwigs in the circle and expand your network
【3】The salary of HVV is also very high, so you can earn a lot of money if you participate
[4] Like the CTF competition, if you are a college student, it will also be very helpful for finding a job in the future
Fourth, the recommendation of learning materials
Book list recommendation:
Computer operating system:
[1] Coding: the language hidden behind computer software and hardware
【2】In-depth understanding of the operating system
【3】In-depth understanding of windows operating system
【4】Linux kernel and implementation
Programming development class:
【1】windows programming
【2】windwos core becomes
【3】Linux programming
【4】Unix environment advanced into
【5】IOS becomes
[6] The first line of code Android
【7】C programming language design
【8】C primer plus
[9] C and pointers
[10] C expert programming
I have also compiled some network security information for you below. If you don’t want to find them one by one, you can refer to these information.
This full version of online security learning materials has been uploaded. If you need it, you can scan the QR code of the CSDN official certification below on WeChat or click the link to get it for free [guaranteed 100% free]
CSDN spree: "Hacker & Network Security Introduction & Advanced Learning Resource Pack" for free
