Every day there are news reports describing the massive, if not overwhelming, impact new technologies are having on the way people live and work. At the same time, headlines about cyberattacks and data breaches are becoming more frequent.
Attackers are everywhere: Outside the enterprise are hackers, organized crime groups, and nation-state cyberspies who are growing in capability and brutality; inside are employees and contractors, who, knowingly or not, can Is the culprit of malicious or accidental events.
As a novice with zero foundation, is it suitable to enter the network security industry at this time, what is its employment prospect, and how should I choose a position that suits me?
Detailed distribution of network security positions
This article will answer these questions one by one, hoping to be helpful to everyone.
(Friendly reminder, the full text is more than 5,000 words and has a lot of content. It is recommended to bookmark it before watching it, so as not to find it later)
1. What is the employment prospect of network security posts?
Let me talk about the conclusion first: network security talents will be hard to find, and the gap is as high as 95%
With the implementation of the national new infrastructure strategy and the rapid development of emerging technologies such as artificial intelligence, big data, cloud computing, Internet of Things, and 5G, an endless stream of new hacker attack methods has also followed, and numerous government units have been targeted. Stolen or leaked personal sensitive information. The construction of cyberspace security is urgent and has become the top priority of national security construction.
In the past, when many government and enterprise units divided IT departments and positions, they only had R&D and operation and maintenance departments, and security personnel directly belonged to the basic operation and maintenance department; It is necessary to set up an independent network security department, attract security talents from all parties, and form an SRC (Security Response Center) to protect and escort its own products, applications, and data.
Cyber Security Jobs
In just a few years, network security engineers have not only become a regular army, but also directly become a national strategic resource, becoming a scarce resource that many companies "hard to find".
2. How to choose a position that suits you?
To answer this question, we will answer it step by step.
1. Classification of security positions
First of all, let's take a look at what jobs are available in the cyber security industry? What positions are you suitable for.
We do not list emerging technologies, even traditional security positions: security product engineer (or after-sales engineer), security consultant (pre-sales engineer), penetration test engineer, sales, security development engineer, security operation and maintenance engineer, emergency response engineer, Level protection assessor, security service engineer. In general, there are so many positions, and other niche positions will not be listed one by one.
General job content or responsibilities of security positions
After-sales engineer : after-sales service of safety products, including delivery and implementation of safety products, after-sales support, product debugging and putting on shelves. For example, if a customer buys our firewall, we need to send someone to install and debug it. We can't let the customer install it by himself. This is the main job content of product engineers or after-sales engineers.
Pre-sales engineer : Mainly to assist the sales to complete the documentary. To put it plainly, it is to cooperate with the sales. One will do business relations (eat, drink, give gifts and treat guests) and the other will do technical solutions (solve customers’ pain points). Two people cooperate to win the project .
Penetration test engineer : This position is the dream of most people, and it's time to show your personal skills. It is mainly to simulate hackers to attack the target business system, so stop.
Sales : No more details, I guess you young people don’t care too much, but when you grow up, you will find out how nonsense your previous understanding of sales is.
Security development engineer : Well, if you are engaged in development, you must also understand security. For example, if you develop a web application firewall, you don’t even understand web attacks, so why do you develop it behind closed doors? Can it prevent it?
Security operation and maintenance engineer : An organization has purchased so many security products, and someone must do operation and maintenance, analyze the logs, and update the strategy. Regularly check the security of the business system and check whether there are any threats in the intranet. This is what the security operation and maintenance engineer should do.
Emergency Response Engineer : When a customer's business system is attacked, it is necessary to quickly locate the security problem, quickly restore the business system, and some even need to collect evidence and report to the police. (If the value of something stolen at home is too high, why don’t you call the police? Why are you so worried)
Graded protection assessor : According to the national requirements, important business systems need to be protected according to the security level. At present, the country has released the graded protection 2.0 standard, and the construction should be carried out according to this standard. The job of the graded protection assessor is to assist customers to check whether the business system meets the requirements of graded protection, and rectify immediately if they do not meet the requirements.
Security service engineer : Many companies include penetration test engineers as security service engineers, which is harmless. Waiters who don’t know security services and don’t know how to eat are to help customers do security work. The specific content includes common vulnerability scanning, baseline detection, penetration testing, network architecture sorting, risk assessment and other work content. The scope of security services is very large, covering almost all the above-mentioned positions.
Having said so many positions, kick out sales and development (most teenagers don't care about these two positions), let's divide other positions, in fact, there are three directions: safety product direction, safety operation and data analysis direction, safety Offensive and defensive and emergency direction. In addition to this direction, there is another direction that is not listed - the direction of safety management. Don't worry, young man, you won't be able to use this direction for a while. Which company foolishly asks a newbie to do safety management?
2. Company recruitment needs
So here comes the question? Is the learning content of these three directions the same?
It's obviously different, otherwise, what direction should I divide, and I'm full. This is the same as the division of Chinese and science in high school back then. Ask what to divide, because there are too many contents, and different people are good at different points. There are so many learning contents and so little time. Either compress the content or lengthen the time.
Closer to home, what skills are needed for these three directions in actual work?
Security product direction : understand products, such as firewall, online behavior management, intrusion detection/protection, gatekeeper, vpn, database audit, bastion machine, anti-denial of service, cloud protection products, antivirus, access, web application firewall, virtualization security products and more.
Security operation and data analysis direction: security service, security evaluation, risk assessment, level protection, ISO 27000, log analysis, threat analysis, SOC operation, etc.
Security attack and defense and emergency direction: web attack and defense, system attack and defense, intranet penetration, emergency response, code audit, mobile apk monitoring, industrial control system security detection, etc.
Taking the technical direction as an example, let's take a look at the detailed recruitment needs of various companies for security personnel from the recruitment website:
2.1. Penetration test engineer:
Summary of job requirements:
Proficient in various penetration testing tools and have a deep understanding of their principles (not limited to Burpsuite, sqlmap, appscan, AWVS, nmap, MSF, cobalt strike, etc.);
Master at least one development language, the operating language is not limited to C/C++, Golang, Python, Java, at least able to write code is required;
Proficiency in common offensive and defensive technologies and a deep understanding of the principles of related vulnerabilities (web or binary);
Have rich practical experience and can independently complete the penetration testing work;
Can think about offensive and defensive issues from the perspective of defenders or operation and maintenance personnel, and those who have a deep understanding of post-infiltration are better;
Familiar with at least one of Reverse, Pwn, Web, Crypto, Misc, Mobile;
Have a strong interest in safety and strong independent research ability, and have a good team spirit.
2.2. Web security engineer
Summary of job requirements:
Solid computer foundation, familiar with commonly used data structures and algorithms;
Familiar with at least one programming language and have solid coding skills;
Familiar with various security features of browsers, and have a deep understanding of the attack and defense principles of common web vulnerabilities;
Familiar with various attack methods of common Windows&Linux, Web applications and databases;
Familiar with network security testing methods, test cases, and vulnerability judgment criteria;
Familiar with the penetration testing process, understand the usage and principles of common penetration testing tools;
Have practical experience in penetration testing, familiar with various methods of privilege escalation in penetration testing;
Familiar with common scripting languages, capable of WEB penetration testing, malicious code detection and behavior analysis;
Know the principles and practices of common high-risk web vulnerabilities (SQL injection, XSS, CSRF, WebShell, etc.), and submit high-risk vulnerabilities on each vulnerability submission platform.
Proficient in using various security scanning and penetration tools, rich experience in security penetration and able to independently complete penetration testing;
Master the structure and particularity of one or more mainstream databases such as MySQL, MSSQL, Oracle, PostgreSQL;
3. How to learn and improve for the target position?
After reading these, are you almost dismissed?
I think this is a good thing. If you have not considered clearly whether you want to engage in this industry, I advise you to choose carefully.
Although the network security industry has a large market demand, the demand is for talents, not for people. If you still want to learn network security, you can read on and I will give you a detailed self-study roadmap.
It looks like a lot of densely packed, but in fact, after dismantling, you will find that it is not difficult to learn. Let me show you the Web security learning route I made for my team members. The overall course is about half a year, depending on each person's situation:
(Friendly reminder: If you find it helpful, you can bookmark this article, so as not to find it later)
Cyber Security Self-Study Roadmap
3.1. Concepts related to web security (2 weeks)
Familiar with basic concepts (SQL injection, upload, XSS, CSRF, one-sentence Trojan horse, etc.).
Google/SecWiki through keywords (SQL injection, upload, XSS, CSRF, one-word Trojan horse, etc.);
Read "Mastering Script Hackers", although it is very old and has errors, it is still possible to get started;
Watch some infiltration notes/videos to understand the whole process of actual infiltration, you can Google (infiltration notes, infiltration process, intrusion process, etc.);
3.2. Familiar with penetration related tools (3 weeks)
Familiar with the use of AWVS, sqlmap, Burp, nessus, chopper, nmap, Appscan and other related tools.
To understand the purpose and usage scenarios of such tools, first use the software name Google/SecWiki;
Download the backdoor-free versions of these software for installation;
Learn and use, specific teaching materials can be searched on SecWiki, for example: Brup's tutorial, sqlmap;
Once you have learned these commonly used software, you can install Sonic Start to make a penetration toolbox;
3.3. Infiltration combat operation (5 weeks)
Master the entire stages of penetration and be able to independently penetrate small sites.
Look for infiltration videos on the Internet to watch and think about the ideas and principles, keywords (infiltration, SQL injection videos, file upload intrusion, database backup, dedecms exploits, etc.);
Find a site/build a test environment for testing by yourself, remember to hide yourself;
Thinking penetration is mainly divided into several stages, and what work needs to be done in each stage;
Study the types of SQL injection, injection principles, and manual injection techniques;
Research the principle of file upload, how to truncate, double suffix spoofing (IIS, PHP), parsing exploits (IIS, Nignix, Apache), etc.;
Study the principles and types of XSS formation, the specific learning method can be Google/SecWiki;
Study the method and specific use of Windows/Linux privilege escalation;
3.4. Pay attention to the dynamics of the security circle (1 week)
Pay attention to the latest vulnerabilities, security incidents and technical articles in the security circle.
Browse daily security technology articles/events through SecWiki;
Pay attention to practitioners in the security circle through Weibo/twitter (if you encounter a big cow’s attention or a friend’s decisive attention), take time to check it every day;
Subscribe to domestic and foreign security technology blogs through feedly/fresh fruit (not limited to domestic, usually pay more attention to accumulation), if you don't have a feed, you can look at the aggregation column of SecWiki;
Cultivate the habit of actively submitting security technical articles to link to SecWiki every day for accumulation;
Pay more attention to the latest list of vulnerabilities, and recommend a few: exploit-db, CVE Chinese library, Wooyun, etc., and practice when encountering public vulnerabilities.
Follow the topics or videos of domestic and international security conferences, and recommend SecWiki-Conference.
3.5. Familiar with Windows/Kali Linux (3 weeks)
Learn Windows/Kali Linux basic commands and common tools;
Familiar with common cmd commands under Windows, such as: ipconfig, nslookup, tracert, net, tasklist, taskkill, etc.;
Familiar with common commands under Linux, such as: ifconfig, ls, cp, mv, vi, wget, service, sudo, etc.;
Familiar with common tools under Kali Linux system, you can refer to SecWiki, "Web Penetration Testing with Kali Linux", "Hacking with Kali", etc.;
If you are familiar with the metasploit tool, you can refer to SecWiki, "Metasploit Penetration Testing Guide".
3.6. Server security configuration (3 weeks)
Learn server environment configuration, and be able to discover security problems in the configuration through thinking.
IIS configuration under Windows2003/2008 environment, pay special attention to configuration security and operation permissions;
The security configuration of LAMP in the Linux environment mainly considers running permissions, cross-directory, folder permissions, etc.;
Remote system reinforcement, restrict user name and password login, and restrict ports through iptables;
Configure software Waf to strengthen system security, and configure mod_security and other systems on the server;
The Nessus software is used to perform security detection on the configuration environment and discover unknown security threats.
3.7, script programming learning (4 weeks)
Choose one of the scripting languages Perl/Python/PHP/Go/Java to learn programming of commonly used libraries.
Build a development environment and choose an IDE. The PHP environment recommends Wamp and XAMPP, and the IDE strongly recommends Sublime;
Python programming learning, learning content includes: grammar, regularization, files, network, multi-threading and other common libraries, recommend "Python Core Programming", don't read it;
Write the exploit of the vulnerability in Python, and then write a simple web crawler;
Learn PHP basic grammar and write a simple blog system, see "PHP and MySQL Programming (4th Edition)", video;
Familiar with the MVC architecture, and try to learn a PHP framework or Python framework (optional);
Understand Bootstrap's layout or CSS;
3.8. Source code audit and vulnerability analysis (3 weeks)
It can independently analyze script source code programs and find security problems.
Familiar with the dynamic and static methods of source code audit, and know how to analyze the program;
Find and analyze the vulnerabilities of open source programs from Wooyun and try to analyze them yourself;
Understand the causes of web vulnerabilities, and then search and analyze them through keywords;
Study the formation principles of web vulnerabilities and how to avoid such vulnerabilities from the source code level, and organize them into a checklist.
3.9. Safety system design and development (5 weeks)
Be able to build your own security system and put forward some security suggestions or system architecture.
Develop some practical security gadgets and open source to reflect personal strength;
Establish your own security system and have your own understanding and opinions on company security;
Propose or join the architecture or development of large security systems;
This roadmap has been detailed to what content to learn every week and to what extent. It can be said that the web security roadmap I compiled is very friendly to newcomers. In addition, I also compiled corresponding I can share some of the learning materials if you need them (the confidential part cannot be shared).
You can get it by replying to the network security in the background private message
If you need to know, you can 
reply by private message in the background [Network Security]
