When you start to search for online learning materials about network security, you often fall into self-doubt: After trying to learn by yourself, you can use tools to scan and dig holes , but you always feel that it is difficult to make breakthroughs in later learning , and you don’t know where the problem is... So had to start over again.
To understand network security, you must first understand the following prerequisites
- What technologies does network security consist of? Is programming required?
- What are the career paths in the cyber security industry? How should "I" choose?
- What is the career development and growth path for cybersecurity?
These questions will run through your entire study of network security. It is recommended to plan well from the beginning of the entry study.
1. Why is there such a big gap in network security talents?
Rapid changes in the international and domestic network environment have led to a series of security policies, making the network security industry gradually develop from a niche industry to a national strategic emerging industry, keeping pace with artificial intelligence, big data, cloud computing and other fields.
For most government and enterprise units , network security has changed from [optional] to [required] or even [mandatory] . The security team is no longer exclusive to big factories or Internet companies. As long as it is an "internet-connected" enterprise, it needs security talents to join.
In the past, when many government and enterprise units divided IT departments and positions, they only had R&D and operation and maintenance departments, and security personnel directly belonged to the basic operation and maintenance department ; It is necessary to set up an independent network security department , attract security talents from all parties, and form an SRC (Security Response Center) to protect and escort its own products, applications, and data.
According to the "Internet Security Report" released by Tencent Security, the supply of cybersecurity talents in China is currently severely lacking. Every year, only more than 30,000 talents are trained in security majors in colleges and universities, and the gap in cybersecurity positions has reached 700,000, which is as high as 95%.
Moreover, we go to the recruitment website and search for job titles such as [Network Security], [Web Security Engineer], [Penetration Testing], and we can see that security positions have good salaries. Condition.
2. How to correctly understand the network security industry?
To understand the network security industry, we must first understand the overall framework of network security technology.
Jobs and demands in the security industry emerge in endlessly. They can be classified on both sides, on both offensive and defensive ends, on the technology chain, or on the basis of specific business of the job.
According to application scenarios and technology stacks, the security industry can generally be subdivided into the following directions
- Network Security
- Web Application Security
- Mobile Security
- Cloud Security
- Desktop Security
- Data Security
- Wireless Security
- AI Security
Network security can also be classified based on the perspective of attack and defense. The "red team" and "penetration testing" we often hear are research on attack technology, while the "blue team", "security operation" and "security operation and maintenance" are research on defensive technology.
Regardless of the field of network, web, mobile, desktop, cloud, etc., there are two sides of attack and defense. For example, web security technology includes both web penetration and web defense technology (WAF). As a qualified network security engineer, you should be both offensive and defensive. After all, you can win every battle if you know yourself and the enemy.
3. How to plan a network security career path?
If you are a newcomer to the security industry, I recommend that you start with network security or web security/penetration testing for the following reasons:
- First, it is easier to get started with relatively mature development . These two directions currently have relatively mature subject knowledge systems, which are friendly to novices and easy to learn at the beginning;
- Second, the market demand is high . These two directions are widely used in enterprise recruitment and project work. For example, major companies often recruit positions such as security service engineers, web security engineers, penetration test engineers, and security operation and maintenance engineers. The main skill stacks are network security and web security.
- Third, the salary is good . The salaries of positions in these two directions are also very impressive in the security industry.
It is worth mentioning that, to learn network security, it is the network first and then the security; to learn web security, it is also the web first and then the security . Security does not exist independently, but is an upper-layer application technology based on other technologies. Breaking away from this foundation, it is easy to become a theory on paper, and become "knowing what it is, not knowing why it is", and it is difficult to go far on a safe career path.
I have also compiled some network security information for you below. If you don’t want to find them one by one, you can refer to these information.
video tutorial
SRC&Hacking Technical Documentation
Hacking Tools Collection
The comment area where you need information is waiting for you