Very good, if you are attracted by the topic, please read it before leaving, there are still some~
why write this article
如何自学入行?如何小白跳槽,年纪大了如何转行等类似问题 , found that many people have such confusion.
Why am I better suited to answer this question
Because I also jumped directly from Xiaobai to the network security industry 3 years ago. I was over 30 at the time. So don't worry too much, you must be better than me.
Ask yourself 3 questions first
First of all, if you are really interested in offensive and defensive vulnerabilities, and really obsessed, then you must change to this trip. You only live once, and if you can't date the girls you like, and you can't do the career you like, if you don't make money again, it's too bad, you say so. Closer to home: Deciding whether to change careers depends on the following three questions.
1. Be sure to clarify whether you really like it, or just curious.
Before and after changing careers, you will definitely have to learn a lot of relevant knowledge, even for a lifetime, and it will be after work, which will greatly occupy your spare time. It won't work without strong interest and perseverance. You are changing careers, without this kind of energy, it is difficult to make achievements. If you really like it, it goes without saying that you can do it, otherwise, it is very difficult to force yourself to work hard.
2. The habit of self-study
This industry needs to learn a lot of knowledge, and there is no so-called one day to finish learning. The key is to learn well in this line, practice well is everything, remember. For example, working in this industry is like giving you 3 years to take the college entrance examination, and you must pass 211 or 985. This line must be learned well in order to develop.
3. What is the goal of choosing network security and offense and defense?
What is your goal in this line of work? Is it the power to rule the world, lying drunk on the lap of the beauties; is it the nine-to-five, comfortable and regular life; is it the qualifications and the experience, is it like a financier talking about the splendor, or is it a long-sleeved business representative who is good at both sides?
If it is the above, the network security attack and defense industry cannot bring it to you. Offensive and defensive is a technical job, and the most powerful point is white hats or hackers, and in the final analysis they are technicians. There are specializations in the art field, so don’t fantasize too much. This job can only bring you a slightly better salary and your self-confidence, and little else.
OK, ask yourself the above 3 points, if you really like it, you love learning related knowledge, even more than your love for money. Well, you must choose this industry without hesitation.
After confirming that it is correct, how to enter this industry?
Then the following three questions are how to plan to enter this industry.
1. Choose to focus on penetration testing for 4-6 months and get admission tickets
The entry threshold for this industry is not high at present, but the window period is only in the next 2 years, and it is estimated that involution will be required in the future (in fact, involution has already begun~). So learn a short, easy-to-learn skill point as soon as possible, and get started quickly.此阶段不推荐纯自学,切记、切记。
It is recommended to choose a training institution for direct offensive and defensive penetration testing training courses. 4-6 months to devote all the time and energy to crash + dig simple loopholes and vote on the loophole box platform to practice. Give yourself at most half a year to study, and then start to frantically submit resumes and choose opportunities to enter the industry. 此阶段一定要快,入行要快。I don’t want to explain too much about the reason. If you don’t enter the industry, you will never be a hacker or a white hat in your life.
2. What kind of penetration testing job is suitable for those who have just changed careers
First of all, you must have the opportunity to let you do the work of actual penetration testing, and secondly, a job that can squeeze out your own study time is a good job.
I didn't mention salary here. The reason is very simple, you need to be able to accumulate practical experience, and at the same time, you need to study systematically. If you can meet these two points, you can guarantee that you will be reborn in 3 years. As for the salary, of course it is better to be higher, but it is not important.
3. How to develop a plan
There are many subdivisions in the field of offensive and defensive penetration testing. It is not recommended that you think too much now. In fact, the general learning path is:
Basic knowledge of the network -> web security -> preliminary programming ability (at least understand simple code, write simple scripts) -> Intranet security -> loophole reproduction, mining -> ... the development path varies from person to person It's all the same.
It is recommended to take one step at a time, and once you have accumulated it, you will know what to do next.
Summarize
The above are the most basic 3 questions before changing careers, and 3 important points for changing careers. It is not all smooth sailing in this process, but from my personal experience, as long as the above points are met, the wind and waves can persist.
Hope the above my personal experience can help you. 还有就是犹豫和迷茫不是自己的问题,仅仅是自己没有经历过而已。
So the key point is whether you want to do it or not. If you really want to do it, all difficulties and doubts will be solved.