Today's topic is to help some students who want to get started in network security, but are still confused and overwhelmed. If you want to get started with zero-based network security in 30 days, you must figure it out.
1. Misunderstandings easily caused by learning network security
1. Taking programming as a purpose, ignoring its tool function
Don't hold the mentality of "programming for the purpose, and then start learning network security".
Due to the particularity of the network security industry, it takes too long to learn programming with zero foundation, which will lead to not many key things available after the transition to security. A programmer is a programmer, and a network security engineer is a network security engineer, and they cannot be confused. If you pay too much attention to language in learning network security, then you are putting the cart before the horse. In the network security industry, the importance of understanding and analyzing the principles of security issues is far greater than learning language. In the process of learning network security, you must learn with a purpose, and make up for what you don't know, so as to achieve a more precise learning purpose.
2. Too much study, no plan
Of course, learning network security requires steady and steady progress. Many people know this, but when they really start learning, they try too hard and want to learn everything, which leads to gulping. When self-studying, Uncle Dun doesn’t recommend extensive extensive learning, but to find a positioning and precise learning direction, otherwise it is easy to give up halfway.
2. Basic preparation and conditions for learning network security
1. Language knowledge
The scope of network security is very wide, and the specific language to learn depends on your own direction. If you choose the direction of web security, you need to learn php, jsp, javascipt, etc. If you choose the direction of binary, you need to learn assembly, C, C++, etc., but there is one language that is common in the security field, that is Python, because many times you need to use Python for rapid prototyping.
2. Basic English and professional terms
The inventor of the computer is John von Neumann, which originated in the West, so the computer language
It is basically in English, and some related tutorials are originally in English, and some related professional terms will be used, so learning network security requires a certain amount of English and hacker professional terms, so that when communicating technology with other peers, it will not be difficult. There is a "communication barrier".
Some beginners still don't know what "broiler" means. Can this understand the technical exchange post?
3. Main learning route
1. The use of operating system, network protocol, front-end basics, database introduction
2. Web advanced, PHP programming, computer network advanced, encryption and decryption technology
3. Introduction to Web security, network scanning and injection, information collection & social engineering , Brute force cracking
4, WAF technology, network protocol attack & intrusion detection, log technology, Python programming, browser security
5, third-party component vulnerabilities, intranet penetration, operating system security technology, privilege escalation technology, virtualization technology
4. Clarify the goal and position the future direction
It is extremely important to clarify the goal of learning network security, because there are many positions and different directions. Some people just want to play CTF competitions, while others want to find good jobs. Traditional security positions in network security include: security product engineer, security consultant, penetration test engineer, security development engineer, security operation and maintenance engineer, emergency response
Engineers, level protection assessors, and this does not include other niche positions. The goals are different, and the routes and plans are naturally different.
Talk about the disadvantages of self-study network security
Many noobs who are interested in network security, or IT practitioners with certain experience, choose to study by themselves for a period of time at the beginning, but without exception, they all give up self-study in the end and choose network security training institutions .
So why? The reason is that there are too many shortcomings in network security self-study, which is not as effective as network security training institutions. There are three major characteristics of the Internet industry: many professional subdivisions, strong technical skills, and strong practicality. Network security is not suitable for talking on paper, self-study is futile. Of course, strong self-discipline and high talent are another matter.
Disadvantages of self-study on network security:
1. It is difficult to get in touch with the real network confrontation environment for practical operation, let alone telecom-grade products and equipment
; Still confused.
3. There is no guidance in places that I don’t understand, and too many details are missed.
4. There is no good atmosphere to grow together.
Therefore, it is suggested that if you want to learn network security, you must not blindly study by yourself. If you just want to get a simple introduction to network security, self-study is no problem. If you want to learn in depth, it is recommended to choose a good network security training institution.
This roadmap has been detailed to what content to learn every week and to what extent. It can be said that the web security roadmap I compiled is very friendly to newcomers. In addition, I also compiled corresponding I can also share some of the learning materials if you need them (the confidential part cannot be shared), and you can tell me in the comment area if you need it!
