前景
很多零基础朋友开始将网络安全作为发展的大方向,的确,现如今网络安全已经成为了一个新的就业风口,不仅大学里开设相关学科,连市场上也开始大量招人。
那么网络安全到底前景如何?大致从市场规模、政策扶持、就业方向、薪资待遇等方面来判断。
市场规模
在工信部《网络安全产业高质量发展三年行动计划》中,明确要求:到2023年我国网络安全产业规模超过2500亿元,同时未来10年网络安全行业将保持25%以上的增速,10年后我国网络安全市场规模将超过1.4万亿元。
但我国网络安全产业相关人才远远跟不上规模的发展,据报道,我国网络安全专业人才缺口超过140万。
政策扶持
近年来,我国出台了一系列网络安全人才培养的政策,增设网络安全一级学科,培养网络安全人才:
2019年5月,《网络安全等级保护要求》、《网络安全等级保护测评要求》和《网络安全登记保护安全设计要求三大标准颁布,标志我国等保2.0时代的开启。
2020年6月1日,《网络安全审查办法》正式实施,这一事件被评选为2020年中国网络安全大事件。
2020年9月1日,《中华人民共和国数据安全法》正式实施,这标志着国家鼓励数据依法合理有效利用。
除了法律层面,网络安全人才培养也涵盖大学培养、企业培养、培训机构培养等路径,且这些均通过国家层面的大力支持,国家甚至主动提供相应政策和福利鼓励网络安全人才培养。
短短几年间,网络安全工程师就成为了"正规军",还直接跃升为国家战略性资源,成为众多企业"一将难求"的稀缺资源。
就业方向
Excluding some large enterprises and government agencies, the demand for security talents in small and medium-sized enterprises and private enterprises in some non-first-tier cities is gradually increasing , and the number of related positions available to job seekers is also increasing simultaneously. This means that the market demand for the network security industry is very strong, and there are plenty of opportunities and space for development, which is conducive to the influx of network security talents.
Salary
As for the salary issue that job seekers are most concerned about, it can be seen from the "White Paper on China's Network Security and Functional Security Talents in 2019" that the average annual salary of China's network security talents in 2019 was 242,900 yuan .
With the expansion of the network security market and the increase in market demand, the salary of network security talents will further increase.
What to learn?
To become a network security engineer, you need to go through 3 stages: junior security engineer→intermediate security engineer→senior security engineer. The technical points you need to master at each stage are also different. Therefore, if you want to become a "top student" in the industry, you must To master more knowledge and become a compound talent.
Want to know what to learn about network security and how to learn it. First of all, you need to know that network security is a very comprehensive position and discipline , so it covers a wide range of content, roughly including the following core skills:
Penetration testing, code auditing, security solutions, security development, emergency response, full-link offensive and defensive penetration, active deployment, situational awareness, information collection, and use of automated tools
Secondly, you need to understand that network security is not a position or subject that can be stopped , so you need to enrich your capabilities based on the skills that are added to the market every year. In recent years, the following skills have been added to the market:
Docker container security, CSRF attack and defense, full-link attack and defense penetration, WAF bypass, code audit, emergency response, database security, vulnerability scanning, early warning protection, active defense, etc.
Finally, let's talk about what network security needs to learn?
1. Basic prerequisite knowledge
network foundation
TCP/IP network foundation, network equipment concept MAC, bridge, switch working principle, VLAN and its working mechanism
Linux basics
Von Neumann system, Linux virtualization platform, Shell, Linux commands, VIM editor, necessary skills for operation and maintenance, etc.
2. Core knowledge of network security introduction
Overview of Security Trends
Trends, environment, laws and regulations, employment environment, development prospects, etc.
Basics of Cyber Security
Introduction to Html and Javascript
Getting started with PHP
Environment construction, code tools, basic syntax, functions, etc.
MySQL
Basic database operations, data field operations, database table operations, data types, etc.
Docker security
Docker introduction, Docker basic commands, using Docker to build an experimental environment
3. Basic information security
penetration testing
Web application security and risk, offensive and defensive environment construction, web application technology, information collection for penetration testing
4. Use of information security tools
Essential Tools for Penetration Testing
Vulnerability scanning principle and X-Scan usage, Web vulnerability scanning, system vulnerability scanning, Burp installation and configuration
Kail's MSF Penetration Testing
MSF service vulnerability attack and defense, basic commands, follow-up permission penetration, etc.
5. Penetration testing
SQL injection vulnerability attack and defense
SQL injection attack principle, submission method, union, Access manual injection, Cookie, public, sqlmap
Xxx vulnerability attack and defense
Introduction to basic concepts and principles of Xss, blind typing, defense bypass, security defense, phishing test, platform construction, etc.
CSRF offense and defense
In addition, there are code audits, guarantees, risk assessments, security inspections, emergency response, and security development.
Another key point is K8S security: K8S introduction, component introduction, security mechanism, security reinforcement, cloud native security, cloud security architecture and other content also need to be mastered.
1. Growth roadmap
It can be divided into:
1. Basic stage
2. Penetration stage
3. Security Management
Fourth, the promotion stage