foreword
"There is no national security without cybersecurity". At present, network security has been elevated to the height of national strategy and has become one of the most important factors affecting national security and social stability.
1. Characteristics of the network security industry
The industry has a lot of room for development and many jobs
Since the establishment of the network security industry, dozens of new network security industry positions have been added:
network security experts, network security analysts, security consultants, network security engineers, security architects, security operation and maintenance engineers, penetration engineers, information security management Data Security Engineer, Network Security Operations Engineer, Network Security Emergency Response Engineer, Data Appraiser, Network Security Product Manager, Network Security Service Engineer, Network Security Trainer, Network Security Auditor, Threat Intelligence Analysis Engineer, Disaster Recovery Professional , Actual combat offensive and defensive professionals...
2. Analysis of Network Security Talent Employers
From the perspective of the institutional nature of the recruiting unit (Note: the recruiting unit is the "government and enterprise organization", the same below), among the government and enterprise organizations that demand cybersecurity talent recruitment, the most recruiting needs are private enterprises, and the employment demand accounts for the largest proportion of network security personnel. 55.7% of the total talent recruitment; followed by state-owned enterprises, accounting for 10.9%; listed companies ranked third, accounting for 10.2%. (The number of employees employed by the above-mentioned types of government and enterprise institutions is counted independently and does not overlap with each other).
From the perspective of the employer’s industry, the industry with the largest demand for cyber security talents is IT information technology, which accounts for 42.4% of the total number of cyber security talent recruitments, followed by the Internet, accounting for 13.7% . In fact, due to the nature of the IT industry and the Internet industry, the demand for network security-related jobs is significantly higher than that of other industries. The third place is the manufacturing industry, with 12.3% of the number of recruits. The communication industry (6.8%) and the business service industry (4.3%) come next.
Salaries offered by employers in different industries also vary. From the perspective of the average salary provided by employers in different industries, employers in the real estate/construction industry provide the most salary to network security talents, with an average of about 16,428 yuan/month, followed by the business service industry, with an average salary of 15,384 yuan/month, The average salary in the Internet industry is 14,707 yuan/month. The specific distribution is shown in the figure below.
What needs to be explained is: the difference in the average salary of employers in various industries cannot be used to simply think that the salary packages in different industries are different. According to statistics, industries with high salaries often have higher requirements for the experience and ability of network security talents.
Therefore, it is not possible to judge that the salary of the same person in different industries is different simply by the average salary of each industry.
The salary of network security talents will also vary with different positions. Based on the analysis of the average salary of different positions in general companies, the average salary of CIO/CSO (Chief Information Officer, Chief Information Officer/Chief Security Officer, Chief Security Officer) is ranked first at 33,200 yuan/month, followed by project managers. positions, with an average salary of 15,344 yuan/month, and penetration testing and vulnerability mining positions ranked third, with an average salary of 14,990 yuan/month.
From the perspective of the average salary of various positions in security companies, CIO/CSO is still the highest at 30,000 yuan/month, which is basically similar to the average salary level of CSO positions in government and enterprise organizations. Followed by product manager posts, with an average salary of 15,704 yuan/month, and pre-sales posts, with an average salary of 14,102 yuan/month.
It is estimated that in the next 3-5 years, security operation and maintenance personnel with practical skills and high-level network security experts will become the most scarce and sought-after resources in the network security talent market.
Great career potential
The network security major has strong technical characteristics, especially mastering the core network architecture and security technology in the work, which has an irreplaceable competitive advantage in career development.
With the continuous improvement of personal ability, the professional value of the work will also increase with the enrichment of one's own experience and the maturity of project operation, and the appreciation space is bullish all the way, which is the main reason why it is popular with everyone.
To some extent, in the field of network security, just like the doctor profession, the older you are, the more popular you become. Because the technology becomes more mature, the work will naturally be valued, and promotion and salary increase are a matter of course.
In this circle technology category, jobs mainly have the following three directions:
Security R&D Security Research:
Binary Direction Security Research:
Network Penetration
The directions are explained one by one below.
Csdn spree: "Hacker & Network Security Introduction & Advanced Learning Resource Pack"
The first direction: security research and development
You can understand network security as the e-commerce industry, education industry and other industries. Every industry has its own software research and development, and network security is no exception as an industry. The difference is that the research and development of this industry is the development and network security business. related software. That being the case, there are common positions in other industries in the security industry, such as front-end, back-end, big data analysis, etc., but in addition to such general development positions, there are also some R&D positions closely related to the security business.
This category can be further divided into two subtypes:
- Do security product development
- Do prevention and security tool development
- Do attack firewall, IDS, IPSWAF (Web site application firewall) database gateway NTA (network traffic analysis)
- SIEM (Security Event Analysis Center, Situational Awareness)
- Big Data Security Analysis
- EDR (Security Software on End Devices)
- DLP (Data Leakage Prevention)
- antivirus software
- Security Detection Sandbox
To sum up, most of the security research and development products are used to detect and defend against security attacks. The technologies used to develop these products on the terminal side (PC, mobile phone, network equipment, etc.) are mainly based on C/C++, Java, The three major technology stacks of Python are the main ones, and there are also a small number of GoLang and Rust.
Compared with the other two directions, security R&D positions have lower requirements for network security technology (only relatively, the R&D of some products does not have low requirements for security skills), and I have even seen many R&D companies that have nothing to do with security. Know. In this case, if you have an understanding of network security technology in addition to basic development skills, it will naturally be a bonus item when you interview for these positions.
Second Direction: Binary Security
Binary security direction, which is one of the two major technical directions in the security field.
This direction mainly involves software vulnerability mining, reverse engineering, virus and Trojan horse analysis, etc., and involves operating system kernel analysis, debugging and anti-debugging, anti-virus and other technologies. Because we often deal with binary data, binary security is used to collectively refer to this direction over time.
The characteristic of this direction is: need to endure loneliness.
It’s not as good as security research and development, which can have real product output, and it’s not as cool as the direction of network penetration. This direction spends more time in silent analysis and research. Taking vulnerability mining as an example, it takes a lot of time just to learn various attack techniques.
In this field, it may take months or even years to study a problem, which is definitely not something that ordinary people can persist. Not only that, success is not achieved through hard work, but more on talent. People like the heads of Tencent’s major security laboratories, well-known TK leaders in the industry, and Wu Shi have already mastered the profound meaning of vulnerability mining and have mastered this stunt. They can think of new ways to play in their dreams. But geniuses like this are really rare and beyond the reach of most people.
If programmers are hard-working, then binary security research is hard-working Plus
The third direction: network penetration
This direction is more in line with most people's perception of "hackers". They can hack mobile phones, computers, websites, servers, and intranets, and everything can be hacked.
Compared with the direction of binary security, this direction is easier to get started in the early stage. After mastering some basic technologies, you can hack with various ready-made tools.
However, if you want to change from a script kid to a master hacker, the further you go in this direction, the more things you need to learn and master. The direction of network penetration is more inclined to "practical combat", so there are higher requirements for the breadth of technology, from network hardware devices, network communication protocols, network services (web, email, files, databases, etc.), to operating systems, attack Methods and so on need to know. I am more inclined to be an all-round computer expert, who can integrate various technologies for "actual combat".
Let's start to talk about the learning route. The content is a bit long, so you can pay attention to it first, so that you can find it in time if you don't get lost.
There is a lot of knowledge about network security, how to arrange it scientifically and reasonably? First a learning roadmap
1. Basic stage
★Network Security Law of the People's Republic of China (including 18 knowledge points)
★Linux operating system (including 16 knowledge points)
★Computer network (including 12 knowledge points)
★SHELL (including 14 knowledge points)
★HTML/CSS (including 44 knowledge points)
★JavaScript (including 41 knowledge points)
★Introduction to PHP (including 12 knowledge points)
★MySQL database (including 30 knowledge points)
★Python (including 18 knowledge points)
——————— ————————
The first step to getting started is to systematically learn basic computer knowledge, that is, to learn the following basic knowledge modules: operating system, protocol/network, database, development language, and common vulnerability principles. After the previous basic knowledge is learned, it is time to practice.
Because of the popularization of the Internet and informatization, the website system has more external businesses, and the level of programmers is uneven and the configuration of operation and maintenance personnel, so there is more content to be mastered.
2. Penetration stage
■ Penetration and defense of SQL injection (including 36 knowledge points)
■ XSS related penetration and defense (including 12 knowledge points)
■ Upload verification penetration and defense (including 16 knowledge points)
■|The file contains penetration and defense (including 12 knowledge points) knowledge points)
CSRF penetration and defense (including 7 knowledge points)
SSRF penetration and defense (6 knowledge points)
XXE penetration and defense (5 knowledge points)
remote code execution penetration and defense (7 knowledge points) knowledge points)
■… (contains… knowledge points)
————————————————
Master the principles, usage and defense of common vulnerabilities. In the web penetration stage, you still need to master some necessary tools.
The main tools and platforms to master: burp, AWVS, Appscan, Nessus, sqlmap, nmap, shodan, fofa, proxy tools ssrs, hydra, medusa, airspoof, etc. The practice of the above tools can be practiced with the above open source shooting range, which is enough up;
3. Safety management (enhancement)
★ Penetration report writing (including 21 knowledge points)
★ Level protection 2.0 (including 50 knowledge points)
★ Emergency response (including 5 knowledge points)
★ Code audit (including 8 knowledge points)
★ Risk assessment (including 11 knowledge points) points)
★Security inspection (including 12 knowledge points)
★Data security (including 25 knowledge points)
—————————————————
It mainly includes the preparation of penetration reports, grading of network security level protection, emergency response, code audit, risk assessment, security inspection, data security, compilation of laws and regulations, etc.
This stage is mainly for those who have been engaged in network security-related work and need to be promoted to management positions. If you only study to participate in engineering positions, you can learn or not at this stage.
4. Ascension stage (ascension)
■Cryptography (including 34 knowledge points)
■Introduction to JavaSE (including 92 knowledge points)
■C language (including 140 knowledge points)
■C++ language (including 181 knowledge points)
■Windows reverse engineering (including 46 knowledge points)
■CTF capture the flag (contains 36 knowledge points)
■Android reverse engineering (contains 40 knowledge points)
—————————————————
Mainly including cryptography, JavaSE, C language, C++, Windows reverse, CTF capture the flag, Android reverse, etc.
It is mainly aimed at the knowledge that needs to be improved to improve the advanced security architecture after already engaged in network security related work.
This roadmap has been detailed to what content to learn every week and to what extent. It can be said that the web security roadmap I compiled is very friendly to newcomers. In addition, I also compiled corresponding If you need, I can also share some of the learning materials (the confidential part cannot be shared)
If you find it helpful, you can help me like it and bookmark it. If the writing is wrong or unclear, you are welcome to point it out in the comment area, thank you!
epilogue
The advice to my friends is to think clearly that there is no shortcut to self-study network security. In comparison, systematic network security is the most cost-effective way, because it can save you a lot of time and energy costs. The advice for self-taught friends is to persevere. Now that you have come to this road, although the future seems to be difficult, as long as you grit your teeth and persevere, you will eventually get the effect you want.
