Of course, it is easy to find a job. Now in the information age of the 21st century, our lives are increasingly inseparable from the Internet. But at the same time, information security incidents also occur from time to time, and network security is getting more and more attention. For example, the 360 Group recently announced that The Matrix has launched a 10-year network attack on my country; Beijing Healthbao was attacked by overseas networks during the peak period of use; multiple agencies under the Costa Rican government were hacked by Conti ransomware attack and so on. Cyber warfare like this is actually happening almost every day.
In addition, in today's network information age, mobile payment and electronic platforms are prevalent, and network security technology is needed to ensure network privacy and electronic payment security. Its importance is self-evident, and various industries, especially the information technology industry, have a great demand for network security professionals.
Due to the extreme shortage of network security talents, the employment threshold is relatively low, and the salary is extremely considerable.
Many companies only need a college degree for recruitment, and some small factories can relax the requirements as long as they have excellent skills. And high-profile large factories can join the job with a bachelor's degree + high skills in network security; as the length of service increases, there will be a situation where the older you are, the more popular you are.
According to the "Report on the Development of Talents in the Network Information Security Industry", the current shortage of network security professionals in China exceeds 1.4 million. In the first half of 2022, the total demand for talents in the network security industry will increase by 39.87% compared with last year.
Today, the annual salary of network security-related grassroots staff fluctuates between 300,000 and 800,000 yuan (RMB).
It can be seen from the above that the employment prospects of network security can be described as a blue ocean, so there is no need to worry about the employment prospects of this industry.
So, how to learn network security with zero foundation?
First of all, you must determine whether you are interested in the network security industry, whether you have a certain memory ability and flexibility. Although this industry does not necessarily require strong talent, basic logical thinking ability is still required.
If there are no problems with these, you can follow the steps organized below for in-depth study.
The first step is to lay a solid theoretical foundation and understand the basic principles of computers:
These include: principles of computer organization, computer networks, computer architecture
, computer operating system, cryptography, multimedia technology and so on.
The second step is to master the basics of programming and use it proficiently
For example: HTML, css, JavaScript, PHP, Java, Pythonsql, C, C++
, shell, assembly, nosgl, powershell and other common language foundations need to be mastered, at least proficient in using Python and mysql.
Step 3: Understand the formation principle of the vulnerability
The most common website vulnerabilities include: SQL injection, XSS, CSRF, RSRF, LFI, inclusion, File Upload, business vulnerabilities, etc.
Common binary vulnerabilities include: buffer overflow (pwn), heap overflow, integer overflow, format string and so on.
Step 4: Familiar with various tools
These include: nmap, burpsuite, sqlmap, msf, IDA, ollydbg, hydra, rainbow tables
hashid, various scanners openvasawvs and so on.
Here I can only provide you with some learning ideas. If you want to get systematic and effective learning suggestions, it is recommended to go to a professional training institution.
. Because the network security industry itself is a very deep subject, with a series of specialties such as many professional subdivisions, strong technicality, and strong practicality.
If you choose to self-study, there will be many disadvantages. For example: It is difficult to get in touch with the real network confrontation environment for practical operations; the knowledge learned is particularly fragmented, and there is no professional tutorial to support the enterprise, which will cause many details to be missed, and it is quite difficult to meet the employment standards of the enterprise. Big ones, you will be even more confused about employment in the future.