Information security refers to the protection of the hardware, software, data in the system and the business carried out based on it, so that they will not be accessed, leaked, destroyed, or modified due to accidental or malicious reasons. , Review, check, record or destroy to ensure the continuous and reliable normal operation of the information system. Information security has seven main attributes: authenticity, confidentiality, integrity, non-repudiation, availability, verifiability, and controllability.
This major is an interdisciplinary subject of computer, communication, mathematics, physics, law, management and other disciplines. It mainly studies the science and technology to ensure information security. Cultivate senior professionals in information security who can engage in computer, communication, e-commerce, e-government, e-finance and other fields. The concept of information security has gone through a long historical stage in this century and has been deepened since the 1990s. In the 21st century, with the continuous development of information technology, the issue of information security has become increasingly prominent. How to ensure the security of information systems has become a concern of the whole society. Internationally, the research on information security started earlier, with great investment, and many achievements have been made, which have been popularized and applied. At present, there are a number of research institutions and high-tech enterprises in China that specialize in information security basic research, technology development and technical services, forming the embryonic form of my country's information security industry. There is a shortage of domestic technical personnel specializing in information security. It can be said that information security The profession is a very promising professional network security recruitment company, and the recruitment of security engineers with salary standards has become a must for corporate work, so it is impossible to list all the companies that are recruiting here. Here are some graduates of Pinke Academy who have joined The company as an example =>
Network security companies: Huawei, Qihoo 360, Qi Anxin, NSFOCUS, Sangfor, Tianrongxin, Venustech, Freebuf...
Internet companies: Tencent, Ali, Baidu, Netease, YY, Huya, 4399, Vipshop...
Operators/state-owned enterprises: China Mobile, China Telecom, China Unicom,….
System Integrators: Digital China, ECCOM, AsiaInfo, China Communications Technology.......
Regarding salary, according to the entry salary of the position, it generally follows: [Security R&D > Security Service/Penetration Testing/Web Penetration > Security After-Sales/Security Technical Support]. Of course, different types of companies will have different salaries during the development process. In the Guangzhou-Shenzhen region, according to the overall situation of students entering security positions, [Internet companies>network/security companies≈operators/state-owned enterprises > System/Security Integrator], entry salary also has different grades (annual salary): 8 to 12w, 12 to 15w, 15 to 20w, 20 to 30w.
Judging from the trend of security salaries in recent years, the starting salary of fresh graduates in this industry is getting higher and higher. I think of the students here in Guangzhou who just joined a well-known security company in 2013, and their monthly salary was only 5k at that time...
In addition to the entry salary, if you want to look at the development momentum and future growth, it is recommended to go directly to recruitment websites such as Lagou.com, Zhilian, 51Job, or go to the recruitment page of the company's official website to search for the job titles mentioned above or Companies, look at their recruitment needs, such as the salary difference between different engineer levels in 1 to 3 years and 3 to 5 years.
- Network Security Learning and Navigation 3.1 Laws, Regulations and Policies Know what framework to act in "Criminal Law of the People's Republic of China"
"Network Security Law of the People's Republic of China"
"Network Security Level Protection System 2.0"
3.2 National government agencies know who is in charge of the Central Network Information Security Leading Group: http://www.cac.gov.cn/
National Internet Emergency Response Center: http://www.cert.org.cn/
China National Information Security Vulnerability Database: http://www.cnnvd.org.cn/
National Information Security Vulnerability Sharing Center: http://www.cnvd.org.cn/
China Information Security Evaluation Center: http://www.itsec.gov.cn/
China Information Security Level Protection Network: http://www.djbh.net/
China Anti-Network Virus Alliance: https://www.anva.org.cn/
China Internet Network Information Center: http://www.cnnic.net.cn/
3.3 Security enterprise sites know who are the main players in the security circle Foreign security companies:
Fireeye:https://www.fireeye.com/
Checkpoint:https://www.checkpoint.com/
Fortinet (Fly Tower): http://www.fortinet.com.cn/
Palo Alto:https://www.paloaltonetworks.cn/
Cisco (Security): http://www.cisco.com/c/zh_cn/products/security/index.html
Juniper (Juniper Networks): http://www.juniper.net/cn/zh/
Domestic Security Company:
NSFOCUS: https://www.nsfocus.com/
Venustech: https://www.venustech.com.cn/
Sangfor: http://www.sangfor.com.cn/
Qihoo 360: https://360.cn/
Qianxin: https://www.qianxin.com/
Topsec: https://www.topsec.com.cn/
Hillstone Network: https://www.hillstonenet.com.cn/
Know Chuangyu: https://www.yunaq.com/
Anheng information: https://www.dbappsecurity.com.cn/
Huorong Security: https://www.huorong.cn/
Blue Shield Technology: http://www.bluedon.com/
Colasoft: http://www.colasoft.com.cn/
3.4 Anquanke: https://www.anquanke.com/
FreeBuf:https://www.freebuf.com/
E Security: https://www.easyaq.com/
3.5 Security tool sectool: http://sectools.org/
kali:https://www.kali.org/
nmap:https://nmap.org/
wireshark:https://www.wireshark.org/
metaspolit:https://www.metasploit.com/
nessus:http://www.tenable.com/
openvas:http://www.openvas.org/
sqlmap:http://sqlmap.org/
w3af:http://w3af.org/
burpsuite:https://portswigger.net/burp/
awvs:https://www.acunetix.com/
appscan:https://www.ibm.com/developerworks/cn/downloads/r/appscan/
shodan:https://www.shodan.io/
cobaltstrike:https://www.cobaltstrike.com/
masscan:https://github.com/robertdavidgraham/masscan
hydra:https://www.thc.org/thc-hydra/
John the Ripper:http://www.openwall.com/john
modsecurity:http://www.modsecurity.org/
3.6 Security Standard/Framework OWASP TOP10
PTES Penetration Testing Standard
ISO 27001
Information Security Level Protection
3.7 Recommended book list for books and textbooks on network security:
"CCNA Study Guide"
"TCP/IP Detailed Explanation Volume 1"
"LAN Switch Security"
"Cisco Firewall"
"Network Security Principles and Practice"
"Network Security Technology and Solutions"
"Huawei Firewall Technology Talk"
"Cisco Network Hacker Exposure"
"Wireshark Network Analysis Actual Combat"
"Wireshark Packet Analysis Actual Combat"
"DDoS Attack and Defense Depth Analysis"
"Cisco VPN Complete Configuration Guide"
"Cisco Security Intrusion Detection System"
Web security/penetration testing recommended book list:
"White Hats Talk about Web Security"
"Deep Analysis of Web Security"
"Metaspolit Penetration Testing Demon Training Camp"
"Web front-end security secret"
"Web penetration testing using Kali Linux"
"Hacking Attack and Defense Technology Collection Web Actual Combat"
"BurpSuite Practical Guide"
"SQL Injection Attack and Defense"
"XSS cross-site scripting attack analysis and defense"
"Advanced Guide to Internet Enterprise Security"
Cloud Computing Security Recommended Book List:
"Cloud Security Principles and Practices"
"In-depth Analysis of Cloud Security"
"Software Defined Security"
"Software Defined Data Center"
"Cloud Data Center Construction Actual Combat"
"Tengyun: Secrets of Network Technology in the Era of Cloud Computing and Big Data"
"Cloud Security in the Big Data Era"
"Cloud Security Infrastructure Construction"
is only listed here. For more positions, you can search for related positions on various recruitment websites such as [lagou.com], and you can also learn about the requirements of different types of companies for security positions; you can also go to well-known security Learn about their school recruitment and social recruitment information on the company's official website and WeChat official account; the following are the positions that are usually recruited/recommended at Pinke Academy, and directly post their recruitment needs =>
[Security engineer] (product and after-sales direction) Job description Responsible for product debugging and delivery in network security projects Responsible for writing technical solutions in network security projects Responsible for customer security emergency and after-sales on-site
The position requires solid computer and network principles, familiarity with various network and security devices (routing, switching, firewall, VPN, vulnerability scanning), practical ability to analyze network data packets, and proficiency in using data packet analysis tools; familiarity with common network communication protocols (TCP/IP, switching routing protocol, VPN protocol, etc.) Familiar with firewall principles and proficient in configuring firewall policies; Familiar with mainstream network and security vendor products (Cisco/Huawei/H3C/Juniper...) Good document writing ability and language expression and communication skills.
[Security Service Engineer] Job Description Responsible for the implementation part of the security service project, including: vulnerability scanning, penetration testing, security baseline inspection, code audit, emergency response, etc.; analysis and emergency response of current vulnerabilities after the outbreak of high-risk vulnerabilities; back-end support; master professional document writing skills; pay attention to industry trends and hot spots.
The position requires mastering one or more programming languages; Familiar with common security attack and defense technologies; Strong learning ability, able to quickly learn new technologies; Familiar with security services such as risk assessment, emergency response, penetration testing, security hardening; Good language expression Ability, document organization ability.