I often see friends asking on various website forums, "Is it suitable to learn network security at the age of xx?" "Can I learn it with zero foundation?" Usually they say yes in the same way, and then recommend training institutions, recommended learning materials and learning websites, and so on.
There will also be many people who contact us asking these questions, so I will answer them here today. Give some advice to those who want to change careers in network security. I hope everyone can learn more about the network security industry and avoid wasting time and energy.
The cookie-cutter responses to these questions are misleading for the questioner, really. Not everyone is suitable for learning network security, and not everyone is suitable for working in network security, especially those who want to get a high salary through learning. In fact, it is not an easy task.
Read more industry-related information before switching careers
Including policies, laws and regulations, employment data, recruitment needs, etc. You need to know the thresholds of the industry you choose to change careers. For example, the minimum education required for network security is a college degree or above, and the age must be under 33 years old .
Can I change careers if I do not meet the age requirements?
In fact, the older you get, the more difficult it is to change careers. Although there is a shortage of people in cyber security and there is no mid-life crisis, the older you get, the lower your learning ability, the weaker your body's functions, and the more difficult it is to learn. More difficult and probably more time-consuming than it would be for a young person. If you are simply interested in penetration testing and want to learn a technology, then any age is fine. But if you want to get a high salary with this technology, you will definitely take risks, such as not being able to find a suitable job. In this case, you need to conduct a comprehensive evaluation of yourself and choose carefully!
If you do not meet the academic qualifications, you can consider upgrading your qualifications! It’s not just because the work of network security requires a college degree or above, many jobs now require education, so it is necessary to improve education in any industry, so that the principles of career development will be broader and the prospects will be better!
I believe that all those who have changed careers have heard the saying " Three years after changing careers ". After many people change careers, their income may not be as high as the original salary. time and energy. There is actually a lot of pressure to bear when changing careers. Don’t change careers blindly because you are overheated or because you see others learning and working well. Be sure to conduct an analysis to see if your situation is suitable for this industry, and to see if you have the confidence to continue to develop.
**While the salary of network security is high, not everyone can get a high salary. **If you want to get a high salary, then you have to consider whether you have the spirit of continuous learning and enterprising. Many people have found a job with a really high salary after the training, but without learning on the job and taking the initiative to improve themselves, the knowledge learned in the training class alone is not enough to support your long-term development in the penetration testing industry of!
The job of network security is indeed that the longer the working hours, the higher the salary, but there is an additional condition. Long working hours should also be rich experience, stronger knowledge and skills, and stronger professional ability. If you want to do this, you must always maintain a sense of learning, learn new technologies, constantly improve yourself, and recharge yourself. Otherwise, if you have been engaged in network security for three to five years, your salary will not be particularly high. The reason is very simple, some people can go to Qingbei, and some people can only go to junior college, and you will get as much return as you pay. Some people will ask the teacher if they don’t understand in class, and they are willing to delve deeper and study by themselves when they have time, while some people just listen to the content of the class.
There are also many factors that affect salary, such as city, position, education, company size, ability, technology, experience and so on.
People who are too impetuous and restless are not suitable for penetration testing, or even for IT-related work. Because the IT industry relies on technology for a living, if you can't calm down and study, you will definitely be eliminated by the market! Once you start to be impetuous, dissatisfied with your new job or salary, but unwilling to settle down to study, then persuade you to quit as soon as possible.
How do network security engineers learn?
So how do network security engineers learn? Before learning, we need to have an efficient network security learning plan, which can help us avoid many detours, get started and get employed quickly!
The following summarizes a set of learning routes suitable for zero-basic cybersecurity. It is suitable for both fresh graduates and career changers. After completing the study, the minimum guarantee is 6k! Even if you have a poor background, if you can take advantage of the good development momentum of Internet security and continue to learn, it is not impossible to switch to a big company in the future and get a million annual salary!
【Click here to get the information first and then watch~】
Junior Network Worker
1. Theoretical knowledge of network security (2 days)
① Understand the relevant background and prospects of the industry, and determine the development direction.
②Learn laws and regulations related to network security.
③The concept of network security operation.
④Multiple guarantee introduction, guarantee regulations, procedures and norms. (Very important)
2. Penetration testing basics (one week)
①Penetration testing process, classification, standard
②Information collection technology: active/passive information collection, Nmap tool, Google Hacking
③Vulnerability scanning, vulnerability utilization, principle, utilization method, tool (MSF), bypassing IDS and anti-virus
reconnaissance④ Host attack and defense drills: MS17-010, MS08-067, MS10-046, MS12-20, etc.
3. Basic operating system (one week)
① Common functions and commands of Windows system
② Common functions and commands of Kali Linux system
③ Operating system security (system intrusion troubleshooting/system reinforcement basis)
4. Basics of computer network (one week)
①Computer network foundation, protocol and architecture
②Network communication principle, OSI model, data forwarding process
③Common protocol analysis (HTTP, TCP/IP, ARP, etc.)
④Network attack technology and network security defense technology
⑤Web vulnerability principle and defense: active/ Passive attack, DDOS attack, CVE vulnerability recurrence
5. Basic database operations (2 days)
①Database foundation
②SQL language foundation
③Database security reinforcement
6. Web penetration (1 week)
①Introduction to HTML, CSS and JavaScript
②OWASP Top10
③Web vulnerability scanning tools
④Web penetration tools: Nmap, BurpSuite, SQLMap, others (chopper, missed scan, etc.)
Congratulations, if you learn this, you can basically work in a network security-related job, such as penetration testing, web penetration, security services, security analysis and other positions; if you learn the security module well, you can also work as a security engineer. Salary range 6k-15k
So far, about a month. You've become a "script kiddie". So do you still want to explore further?
[ "Script Kiddie" growth and advanced resource collection ]
7. Script programming (beginner/intermediate/advanced)
In the field of network security. Programming ability is the essential difference between "script kiddies" and real hackers . In the actual penetration testing process, in the face of a complex and changeable network environment, when the common tools cannot meet the actual needs, it is often necessary to expand the existing tools, or write tools and automated scripts that meet our requirements. Some programming ability is required. In the CTF competition where every second counts, if you want to efficiently use self-made scripting tools to achieve various purposes, you need to have programming skills.
For a zero-based entry, it is recommended to choose one of the scripting languages Python/PHP/Go/Java, and learn programming for common libraries; build a development environment and choose an IDE, Wamp and XAMPP are recommended for the PHP environment, and Sublime is strongly recommended for the IDE; Python programming learning , the learning content includes: common libraries such as grammar, regularization, files, network, multi-threading, etc., "Python Core Programming" is recommended, do not read it; ·Use Python to write vulnerability exploits, and then write a simple web crawler; ·PHP basic syntax Learn and write a simple blog system; Familiar with MVC architecture, and try to learn a PHP framework or Python framework (optional); Understand Bootstrap layout or CSS.
8. Super Network Worker
This part of the content is still relatively far away for students with zero foundation, so I won’t go into details, and post a general route. Interested children's shoes can be studied, and if you don't know where to go, you can [click here] add me to fuel consumption, and learn and communicate with me.
Network security engineer enterprise-level learning route
If the picture is too large and cannot be seen clearly due to the compression of the platform, you can [click here] add me to send it to you, and everyone can learn and communicate together.
Some video tutorials that I bought myself, and other platforms can’t get free prostitutes:
If you need it, you can scan the card below and add me to send it to you (all are shared for free), and everyone can learn and communicate together.
epilogue
The network security industry is like a river and lake, where people of all colors gather. Compared with many decent families with solid foundations in European and American countries (understand encryption, know how to protect, can dig holes, and are good at engineering), our talents are more heretics (many white hats may not be convinced), so in the future Talent training and In terms of construction, it is necessary to adjust the structure and encourage more people to do "positive" "system and construction" that combines "business" and "data" and "automation" in order to quench the thirst for talents and truly serve the society in an all-round way. Internet provides security.
Special statement:
This tutorial is purely technical sharing! The purpose of this book is by no means to provide and technical support for those with bad motives! Nor does it assume joint and several liability arising from the misuse of technology! The purpose of this book is to maximize everyone's attention to network security and take corresponding security measures to reduce economic losses caused by network security! ! !