I graduated in 2019, majoring in Internet of Things Engineering. I believe that many people are very confused in the ivory tower. Only when I was in the third or fourth year of junior high school did I start to worry about what job I should do to cultivate my skills, or follow the big team to take the postgraduate entrance examination and continue to escape. Society, I chose the latter. Since I got my graduation certificate in July 2019, my job has not been smooth because I don't have any skills. Cities change and change, jobs change all the time. He never stabilized, and was beaten by the society in a daze.
Because I am a computer-related major, there are quite a lot of students around me who are doing network security.
In March last year, I chatted with my university roommate and learned that he had already received a 12k offer for a security post in Hangzhou, with weekends and weekends off.
There are also two girls in the same class in Shenzhen, one got 13k and the other got 12k. (Updated here, they changed jobs at the end of April, the salary... Always remind me that it is fw) At that time, it really caused a huge shock to my heart, and I fell into a moment of confusion. I was thinking about whether I still have to dawdle like this ? Are you willing? Definitely not reconciled~
So the idea of self-learning Internet security sprouted at this time. However, the germination is the germination, and the days will continue to be muddled. After all, most of us usually wait a long time before starting to do something, and we also need to work in our daily life. Sometimes we feel tired and don’t want to learn, and sometimes we feel like playing.
So, it was like this until November 20. What really made me make up my mind was a few of my friends, who gave me a lot of advice:
1. I am a computer major, and it is relatively easy to learn IT knowledge;
Second, they are doing this kind of work and can help me avoid detours in my studies;
Third, the work at that time really made me see no hope, so I resigned resolutely and started network security.
self-study path
At the same time, I also consulted a lot of training, and gave me some suggestions that I must learn about network security. In addition to my own reasons, I also gave me a lot of suggestions.
This can be regarded as a booster, coupled with some special reasons, I decided to learn Internet security!
The tutorials I use are all videos I found at Station B. . .
I didn’t resign when I first started studying. Before I resigned, I learned a little bit of HTML and CSS, and I also learned some code programming.
It was November when I officially started learning, and I resigned directly and started a group at that time, but it’s okay. . .
My original intention of building the group was to exchange learning experience and solve learning problems, but the performance in the group is really the same as the expression pack:
My process and learning experience
All the tutorials I found are from Bilibili. They are more basic and suitable for novices. This part must be practiced more. If you have more knowledge, you should practice and look back. I dare say you have studied this part for a week, etc. Looking back on Saturday and Sunday, you find that some things are not easy to write, so you have to look back on Saturday and Sunday, and make a summary on the basis of what you have practiced.
But it's just that there are too few of these, and we still need to learn more
It was already the end of February after I finished my studies, because I didn't want to miss the gold medals, three silver medals and four silver medals, so I went directly south to Shenzhen to bite the bullet and interview.
However, I have no experience and just came to Shenzhen to seek stability, so I chose an IoT company, 6.5K~, there are also high-paying ones, but they are not on weekends, and the benefits are not very good. I still seek stability and learn more in the early stage, so I chose It's a weekend.
The above is my experience, but I hope everyone will not misunderstand, and don’t think that you can just come out to find a job after four months of self-study. If you think so and do it like this, you will die miserably! Very miserable! I just happened to be lucky
A more complete learning route:
This route was planned and sorted out by me and some veterans who have already joined the company, and I also added some tips. I also hope that you can read my experience above, and it will be helpful.
Let’s divide the level of popular science first (all according to the basics of Xiaobai, just write a table and word will do)
Level 1: Script Kiddie; Difficulty: None, reaching the level of "Hacker News" (buying an iPhone for a penny, hacking the alma mater's official website to hang pictures of goddesses, etc.)
Level 2: Network Security Engineer; Difficulty: Low, can rely on technology to get a job, and be a white-collar worker with a good salary, but the threshold will become higher and higher.
Level 3; Laboratory Researcher; Difficulty: Medium, proficient in at least one field, excellent audit experience, familiar with scripts, POC, and binary related.
Level 4; security expert level; Difficulty: high, penetrate the knowledge points in a certain field and have your own understanding. One person can support all the requirement trees of a certain function of APT. (In fact, this point is related to experience #time, and the difficulty has nothing to do with talent)
So, if you just want to get started and want to learn some skills, no matter how poor your foundation is, you can do it like a gourd.
For those who find it difficult to get started, I am afraid that most of them will become popular in three minutes.
So how do you get started?
Phase 1: Getting Started with Basic Operations
The first step to getting started is to learn some current mainstream security tool courses and supporting books on basic principles. Generally speaking, this process takes about 1 month.
Phase Two: Learning the Basics
At this stage, you already have a basic understanding of cybersecurity. If you have finished the first step, I believe you have theoretically understood the above is sql injection, what is xss attack, and you have also mastered the basic operations of security tools such as burp, msf, and cs. The most important thing at this time is to start laying the foundation!
The so-called "foundation" is actually a systematic study of basic computer knowledge. If you want to learn network security well, you must first have 5 basic knowledge modules:
1. Operating System
2. Protocol/Network
3. Database
4. Development language
5. Principles of Common Vulnerabilities
What is the use of learning these basics?
The level of knowledge in various fields of computer determines the upper limit of your penetration level.
[1] For example: if you have a high level of programming, you will be better than others in code auditing, and the exploit tools you write will be easier to use than others;
[2] For example: if you have a high level of database knowledge, then when you are conducting SQL injection attacks, you can write more and better SQL injection statements, which can bypass WAF that others cannot bypass;
[3] For example: if your network level is high, then you can understand the network structure of the target more easily than others when you infiltrate the internal network. You can get a network topology to know where you are, and get the configuration of a router. file, you will know what routes they have made;
【4】For example, if you play well in the operating system, your privilege escalation will be stronger, your information collection efficiency will be higher, and you can efficiently filter out the information you want.
The third stage: actual combat operation
- 1. Mining SRC
The purpose of digging SRC is mainly to put the skills into practice. The biggest illusion of learning network security is to feel that you know everything, but when it comes to digging holes, you can’t do anything. SRC is a very good opportunity to apply skills.
- 2. Learn from technical sharing posts (vulnerability mining type)
Watch and learn all the 0day mining posts in the past ten years, and then build an environment to reproduce the loopholes, think and learn the author's digging thinking, and cultivate your own penetrating thinking
- 3. Shooting range practice
Build a shooting range by yourself or go to a free shooting range website to practice. If you have the conditions, you can buy it or apply to a reliable training institution. Generally, there is a supporting shooting range. The fourth stage of practice: participate in CTF competitions or HVV operations
Stage 4: Participate in CTF competitions or HVV operations
Recommendation: CTFCTF has two points:
【1】A chance close to actual combat. Now the network security law is very strict, unlike before, everyone can mess around
[2] Topics keep up with the frontiers of technology, but many books lag behind
[3] If you are a college student, it will also be very helpful for finding a job in the future. If you want to play CTF competitions, go directly to the competition questions. If you don’t understand the competition questions, go to the information based on what you don’t understand
Recommendation: HVV (network protection) HVV has three points:
[1] It can also greatly exercise you and improve your own skills. It is best to participate in the HVV action held every year
【2】Be able to meet many bigwigs in the circle and expand your network
【3】The salary of HVV is also very high, so you can earn a lot of money if you participate
[4] Like the CTF competition, if you are a college student, it will also be very helpful for finding a job in the future
Why would self-study fail?
Remember the exchange group I mentioned earlier? Among the more than 100 people who have achieved results in self-study, they can be counted on one hand, and a large part of the rest are talking about bragging, and it is more difficult to persevere.
Reasons for failure: We analyzed that there are two major reasons:
1. There is no mature route. People in this major don't know where to find the route, let alone those who change careers?
Second, there is no one to guide and wrong learning methods. To put it bluntly, it is hard training.
3. Poor self-control + too many temptations, unable to calm down and study, and the learning progress has been stagnant for several months;
Antidote to defeat:
1. The correct and appropriate route .
2. The courage to win . In historical marches and wars, morale is very important. You must have confidence, otherwise you will continue to fall into self-doubt and then embark on the road of giving up.
3. Small goals and continuity . Learning Internet security requires continuous learning. Continuous learning is very important. You must also have your own small goals, such as how much to learn in 15 days/month, what kind of results you want to make, This kind of continuous confirmation and feedback to strengthen confidence and achievements will naturally have continuous motivation. Or let a cruel person supervise you and beat you often. And the way to try to punch in. But I don't recommend joining groups. Groups either become purposeful and profitable, or they are suitable for work plus fishing.
Fourth, practice more and review more .
5. Don't rush for success . Generally speaking, the self-study time is 6 to 10 months, so don't worry, and don't go for an interview when your skills are not solid, it will only make us feel frustrated.
Persistence in self-study is really important, keep the clouds open and see the moonlight.
After the self-study is over, our pain points will still exist:
The end of self-study does not mean that we can smoothly transition to employment, and we still have several pain points.
The following pain points will appear in most self-learners, and even cause many self-learners to give up. I feel very, very, very sorry. I have already learned this by myself. Are you willing to give up?
1. The mastery of skills is not solid. To solve this problem, we need to practice more and review more, and second, we need to do a complete project to exercise our skills.
2. Writing resume for interview. Regarding whether to pack your resume or not, I can give an answer. If you have graduated for a few years, please pack your resume. Fresh graduates do not need to pack their resumes.
3. Questions that will be encountered in the interview. As long as our technology is solid and we have reached this point, we are very close to success. One of the questions encountered in the interview is about technology, one is about the project, and the other is about you. Personal development questions, generally speaking, large companies focus more on the underlying technology, and small and medium-sized companies focus more on projects, and this mostly goes to major platforms, such as Zhihu and Nuggets
Find some interview experience and interview questions to see.
The final suggestion: Internet security is an exploration along the way. No matter which way you choose to enter the industry, there are still too many knowledge and fields in your work that we cannot touch in our studies (whether you are training or self-study). I have listed or institutions The depth of the knowledge points listed is just to make you barely competent for the job, and there are large gaps in the work, regardless of the breadth and depth, we need to experience it.
Start learning about network security, either you get involved with others or you don't get involved with you. Have you considered?
Life is endless learning.
Zero-Basic Introduction to Network Security
For students who have never been exposed to network security, I have prepared a detailed learning and growth roadmap. It can be said that it is the most scientific and systematic learning route, and it is no problem for everyone to follow this general direction.
At the same time, there are supporting videos for each section corresponding to the growth route:
Due to limited space, only part of the information is shown, you need to click the link below to get it
CSDN spree: "Hacker & Network Security Introduction & Advanced Learning Resource Pack" free sharing
Video supporting materials & domestic and foreign network security books, documents & tools
Of course, in addition to the supporting videos, various documents, books, materials & tools have also been sorted out for you, and they have been classified for you.
Due to limited space, only part of the information is shown, you need to click the link below to get it
CSDN spree: "Hacker & Network Security Introduction & Advanced Learning Resource Pack" free sharing
