Recently, some headhunting friends of mine told me that I was worth a lot of money. I started to look confused. After learning the details, I realized that many OEMs and Tier 1 are recruiting automotive network security engineers recently, and they are all paying a lot of money.
These headhunters have been recruiting for a long time but have not been able to recruit suitable candidates. They also asked me various questions when they urged me to change jobs: Can people who traditionally work in security take this position? Can he do the job as a diagnostician before? So let me take this opportunity to talk about what kind of knowledge and skills an automotive network security engineer should have.
[Note] Different companies give different names to automotive network security practitioners, some are called Security Manager, and some are called Security Engineer. There are other names, but basically they all fall into these two categories. The former pays more attention to the development and management of requirements at the system level, and has more dealings with customers or suppliers, while the latter pays more attention to the realization of network security requirements. And these two types are relatively common positions at present, so today we will focus on talking about the knowledge and skills that each of these two roles should possess.
- Security Manager
- Macro concept for car cyber security. What are the attacks that the vehicle's external communication and in-vehicle communication are vulnerable to, and what are the common countermeasures?
- Basic knowledge of network security. Such as encryption, decryption, hash algorithm, digital signature and PKI and other knowledge. This knowledge is the basic knowledge of Internet network security, and it is also applicable in the field of automotive network security.
- Understand cybersecurity regulations and related standards. Such as ISO/SAE21434, WP. 29 etc.
- Good understanding of common network security measures. Such as secure refresh, secure unlock, secure boot, SecOC, JTAG protection, etc.
- Familiar with common attack methods. Such as spoofing attacks, malicious tampering, privilege escalation, etc.
- Familiar with network security testing. Including network security measures testing, fuzz testing and penetration testing.
Among them, the network security measures mentioned in point 4 are the housekeeping skills of Security Manager.
- Security Engineer
- Basic knowledge of network security.
- Embedded development knowledge.
- Knowledge of diagnostics, communication and electronic architecture.
- Ability to implement cybersecurity measures. It is mainly to transform the system-level requirements of Security Manager into development requirements, and develop and implement them. Of course, the more experienced Security Manager also has the ability to write development requirements.
- Network security testing capabilities. Test the network security measures according to the test cases to ensure their correct operation in the ECU.
Among them, the ability to develop network security requirements mentioned in point 4 is the housekeeping skill of Security Engineer, and it is also the most important factor that distinguishes this position from traditional embedded development.
Written at the end: The above are only the relatively common ability requirements for automotive network security engineers. Different companies may have different project requirements, but the housekeeping skills mentioned above are essential. I am still learning and perfecting some of the requirements listed above. The records are not only for everyone to communicate with, but also to remind myself to keep learning and improving!
finally
In order to help you better learn about network security, the editor has prepared a set of introductory/advanced learning materials for network security for you. The contents are all notes and materials suitable for zero-based beginners. I understand, all the information is 282G in total. If you need a full set of network security introduction + advanced learning resource package, you can click to get it for free (if you encounter problems with scanning codes, you can leave a message in the comment area to get it)~
CSDN spree: "Introduction to Network Security & Advanced Learning Resource Pack" for free sharing
Network security source code collection + toolkit
Network
security interview questions
The last is the network security interview questions section that everyone is most concerned about.
The total data is 282G. If you need a full set of network security introduction + advanced learning resource package, you can click to get it for free ( If you encounter problems with scanning the code, you can leave a message in the comment area to get it)~
Video supporting materials & domestic and foreign network security books and documents
