I really feel like, is this world really leaving a way for computer graduates?
Looking at the students around me, who plan to engage in front-end, JAVA, C, C++, one or two went to apply for the job. Do you think it is after 00 to rectify the workplace?
The truth is that the main focus is a humble: at this stage, learning is the main focus (as long as the salary can survive ); strong learning ability ( let me do anything ); able to withstand pressure ( you can come to work overtime, live in the company )... Highlight a word, Just pay the company to go to work.
It's not that I don't want to roll it, it's that I'm too picky to roll it. I had to find another way to overtake from the network security corner.
Frankly, cybersecurity is so much more comfortable. There is too much talent gap in the entire industry . A rookie like me can receive an interview invitation every time I submit a resume.
In the process of self-learning Internet security, the knowledge of each module is not difficult, but the knowledge involved is too wide. If there is no direction, it is too easy to take detours and the efficiency is particularly low. I just suffered from this and wasted too much time.
Fortunately, I have landed now. During the job hunting process, according to the needs of each position, I summarized the learning route for quick entry. Interested friends can refer to the following:
The first stage: getting started with basic operations and learning basic knowledge
The first step to getting started is to learn some current mainstream security tool courses and supporting books on basic principles. Generally speaking, this process takes about 1 month.
At this stage, you already have a basic understanding of cybersecurity. If you have finished the first step, I believe you have theoretically understood the above is sql injection, what is xss attack, and you have also mastered the basic operations of security tools such as burp, msf, and cs. The most important thing at this time is to start laying the foundation!
The so-called "foundation" is actually a systematic study of basic computer knowledge. If you want to learn network security well, you must first have 5 basic knowledge modules:
1. Operating system
2. Protocol/Network
3. Database
4. Development language
5. Principles of Common Vulnerabilities
What is the use of learning these basics?
The level of knowledge in various fields of computer determines the upper limit of your penetration level.
[1] For example: if you have a high level of programming, you will be better than others in code auditing, and the exploit tools you write will be easier to use than others;
[2] For example: if you have a high level of database knowledge, then when you are conducting SQL injection attacks, you can write more and better SQL injection statements, which can bypass WAF that others cannot bypass;
【3】For example: if your network level is high, then you can understand the network structure of the target more easily than others when you infiltrate the internal network. You can get a network topology to know where you are, and get the configuration of a router. file, you will know what routes they have made;
【4】For another example, if your operating system is good, your privilege will be enhanced, your information collection efficiency will be higher, and you can efficiently filter out the information you want.
The second stage: practical operation
1. Mining SRC
The purpose of digging SRC is mainly to put the skills into practice. The biggest illusion of learning network security is to feel that you know everything, but when it comes to digging holes, you can’t do anything. SRC is a very good opportunity to apply skills.
2. Learn from technical sharing posts (vulnerability mining type)
Watch and learn all the 0day mining posts in the past ten years, and then build an environment to reproduce the loopholes, think and learn the author's digging thinking, and cultivate your own penetrating thinking
3. Range practice
Build a shooting range by yourself or go to a free shooting range website to practice. If you have the conditions, you can buy it or apply to a reliable training institution. Generally, there are supporting shooting range exercises.
Phase 3: Participate in CTF competitions or HVV operations
Recommended: CTF competition
CTF has three points:
【1】A chance close to actual combat. Now the network security law is very strict, unlike before, everyone can mess around
[2] Topics keep up with the frontiers of technology, but many books lag behind
【3】If you are a college student, it will be very helpful for finding a job in the future
If you want to play a CTF competition, go directly to the competition questions, if you don’t understand the competition questions, go to the information according to what you don’t understand
Recommended: HVV (network protection)
HVV has four points:
[1] It can also greatly exercise you and improve your own skills. It is best to participate in the HVV action held every year
【2】Be able to meet many bigwigs in the circle and expand your network
【3】The salary of HVV is also very high, so you can earn a lot of money if you participate
[4] Like the CTF competition, if you are a college student, it will also be very helpful for finding a job in the future
According to this study plan, if all of them are completed, it will be no problem to just find a promising job or internship.
This plan corresponds to the video tutorials I have also collected:
Epilogue
To be honest, there is no threshold for obtaining the information package mentioned above.
However, I think many people get it but don't learn it.
Most people's question seems to be " how to act ", but it is actually " can't start" .
This is true in almost any field. The so-called " everything is difficult at the beginning", the vast majority of people are stuck at the first step, and they have eliminated themselves before they even started.
If you really believe you like cybersecurity/hacking, do it now, more than anything else .
The field of network security is like a towering tree full of fruit. There are countless onlookers standing under it. They all claim that they like network security and want to pick the fruit from the tree, but they are hesitant when faced with the vine branches that hang down from time to time. indecision.
In fact, you can climb this tree by just grabbing any vine branch.
What most people lack is such a beginning.
This full version of online security learning materials has been uploaded. If you need it, you can scan the QR code of the CSDN official certification below on WeChat to get it for free [guaranteed 100% free]
