foreword
Network security is now a sunrise industry, and the gap is huge. However, the network security industry needs a lot of skilled people who cannot meet the requirements of the enterprise, which leads to a large talent gap.
At present, many junior operation and maintenance personnel are transferred to network security, and the juniors will slowly roll up, but don’t be afraid if there are too many positions. In the future, major factories will also need network security personnel. Follow-up laws will also be reformed, and network security will only become more and more serious. The better and better, after all, it is led by the state. Cyber security issues have caused many large companies to leak information, and some have been blackmailed.
The advantage of this industry is high wages, and the disadvantage is that you need to keep learning, and you have to keep learning. You are not involved with others, but with yourself. I will elaborate on the most positions in this industry at present, namely, security operation and maintenance, and security services . , Security Research
Let’s not talk about operation and maintenance, the nature of the job is relatively simple
security service post
Security service posts are divided into security engineers, security service engineers, penetration test engineers, etc.
Among them, security engineers mostly deal with equipment, similar to network engineers. In the past, they debugged equipment, debugged according to needs, and then retreated. Most of these positions will recruit some network engineer certificates, such as HCIE, HCIP, etc.
Security service engineer, referred to as security service, is to provide security services, debug equipment according to customer needs, let customers pass the level of protection, and then do some simple vulnerability testing (penetration testing), and do some simple reinforcement, etc., sometimes Do some safety training for customers. Penetration test engineers, like hackers, do some penetration tests to let customers know what problems they have. Then, before the new business goes online, a penetration test will be done to check for any loopholes.
Waiting for the security assessment is the same as businesses passing the fire protection. There are also levels of network security. If you fail to pass it, you are not in compliance.
security research
Security research is divided into vulnerability research and rule extraction. I usually do some vulnerability mining for some software, website building systems, etc., and audit the code to see if there are any loopholes.
Sometimes when a relatively new vulnerability is announced in the industry, someone needs to reproduce it immediately, study the principle of the vulnerability, and then extract the vulnerability rules, also known as features, and then tell customers or R&D how to defend against this vulnerability. How to detect etc.
The rest of the work is relatively detailed, such as binary security, reverse engineering, Trojan horse avoidance, etc.
Of course, there may be some missing, please forgive me.
These are some of the jobs in the security industry. I am currently doing security research, and the salary is really high. The leader said that in security, you need to know more about development than development. . . . Then I finish the day's work for 2 hours every morning, write the daily report, and then turn on the B station and start charging. . . . .
Feel safe without end, too much to learn, everything to learn
I think, when our company was in a downturn, the first one to be killed was probably our department. I dare not say too much, for fear of being social workers, social workers by big bosses, it is tantamount to flogging corpses. . . . . So I dare not announce the salary, but the salary is indeed very high, which is similar to that of development. If the technology is the same, it will be higher than that of development.
I feel that everyone is quite interested in the network security industry, so let me introduce the learning direction!
First of all, as long as you are engaged in the network security industry and dealing with vulnerabilities, you cannot escape, then there is a problem involved here.
You need to know about the bug and be able to reproduce it, right? After all, you have to reproduce it again to determine its harmfulness. Then, at this time, there are two points
1. You need to understand the principle of the vulnerability. 2. You need to reproduce the vulnerability.
Okay, let me talk about 1 first. There are various vulnerabilities, including webpages, software, and industrial control chip vulnerabilities. I can’t figure it out myself. The ones involved are written in PHP Some are written in java, there are logical loopholes, there are databases, and network transmission, encryption and decryption, and so on.
Okay, let’s take a look at what you want to learn at this time, php, java, code reading, database, network, encryption and decryption, and I haven’t said anything about weird stack overflows. In short, if you want to be famous, you must suffer from the brain . Having said that, there is no need to talk about the latter, and the latter is the exploitation of loopholes.
Because after learning these is enough, the foundation is solid, and then watch the security videos on station B, and try to dig out the loopholes by yourself after learning, or you can contact me after learning, help me look at the code, I will teach You dig a hole, let’s py, hahahaha
2. Learning route
After talking about the three major technical directions above, let’s talk about how to get started? Let me talk about my opinion below. First of all, don't try to divide the direction, lay the foundation first!
Click to get high-definition to expand the mind map
Step 1: Computer Basics
This first step, in fact, has little to do with network security, but a basic ability that anyone entering the IT field must master. The following five major courses were taught to us by university teachers back then. No matter what technical direction you are in, it is best to learn the technology well. Now it seems that it is still not out of date:
-
computer network
-
Principles of computer composition
-
operating system
-
Algorithms and Data Structures
-
data
In fact, each of these courses has its own universe, and basically it cannot be mastered in one study, but along with everyone's career, different technical stages will have different understandings and feelings. For specific learning, it is recommended to refer to agile development and continue to iterate: have a rough understanding** -> have a further understanding -> thoroughly grasp -> review the past to learn the new. **Don't worry about learning all of one course before moving on to the next one.
Step 2: Programming ability
After having some of the above basic skills, it is time to start writing some codes and hone your programming skills. The following three are the languages that practitioners in the security industry are best able to master:
-
Shell script : master commonly used Linux commands, be able to write simple shell scripts, and handle some simple affairs.
-
C language (C++ optional) : C language has no complicated features. It is the ancestor of modern programming languages. It is suitable for writing low-level software, and it can also help you understand computer knowledge such as memory, algorithms, and operating systems. It is recommended to learn it.
-
Python : C language helps you understand the bottom layer, and Python helps you write functional software such as network, crawler, data processing, and image processing. It is a programming language that programmers, especially hackers, love very much and have to learn.
Step 3: Safety First Experience
With the foundation of the previous two steps, it's time to get in touch with some network security technologies. At this stage, don't circle yourself and only learn technologies in a certain direction. At this stage, my suggestion is: but when dabbling, see the past. Network protocol attack, Web service attack, browser security, vulnerability attack, reverse cracking, tool development, etc., to know what it is, to discover your own interests in the process, and let yourself be familiar with various fields of network security. The technology has a preliminary understanding.
Step 4: Divide the direction
In the third step, slowly discover your interest points, whether you like to develop various tools, or like to break into websites, or obsessed with host computer attacks... At this time, you can think about your future direction, and then focus on Start to focus on this direction, and continue to cultivate deeply through the technologies in the respective directions in the above mind map, and become a master in a certain field.
3. Learning method
The above introduces the technical classification and learning route, here to talk about the learning method
-
Reading and learning, this is the most basic
-
Practical hands-on, the development route needs to write more code, read excellent open source code, analyze more samples in the binary route, write EXP, etc., use more website practice for penetration testing (legal method), etc.
-
Play CTF, participate in some network security competitions, and exercise your hands-on ability in an environment close to actual combat
-
Mix circles, mix more communities, communities, and forums that are haunted by security experts, master industry information, and understand the latest technology trends
I have also compiled some network security information for you below. If you don’t want to find them one by one, you can refer to these information.
This full version of online security learning materials has been uploaded. If you need it, you can scan the QR code of the CSDN official certification below on WeChat or click the link to get it for free [guaranteed 100% free]
https://mp.weixin.qq.com/s/rB52cfWsdBq57z1eaftQaQ