What is the future development prospect and salary of the cyberspace security major?

Whether it is a prospective college student who is considering applying for a major in the future, an intern entering the workplace, or a professional who wants to change jobs, when we start to choose a job, we are essentially considering the following three questions:

1. What is the income level of the job;
2. Does this job have development prospects?
3. The salary increase in this industry will not be large in the future.

So, what are the development prospects and salary increases of cybersecurity in the IT industry?

Next, I will answer your questions in terms of salary, industry status, future development, and national policies. (Be sure to read it carefully, maybe this will be a good opportunity for you to change your destiny.)

What is the salary of cyber security?

Let’s talk about the issues that everyone is most concerned about first. After all, apart from the boss, the results of employees’ hard work are reflected in their salary. The amount of salary determines everyone's consumption standards and living standards. Who doesn't want to live in a big villa and drive a luxury car?

Not long ago, Liepin and Shanghai Kongan jointly launched the "2022 White Paper on China's Network Security and Functional Security Talents". Based on the 52 million+ mid-to-high-end talents on the Liepin platform, the white paper systematically analyzes the profile of talents in the field of network security and functional security, industry and regional supply and demand, industry salary, development status, etc.

The report shows that last year, the average annual salary of cybersecurity talents in China was 240,900 yuan. From a geographical point of view, salaries in first-tier cities are higher, with Shenzhen topping the list with an average annual salary of 291,100 yuan, followed by Beijing with 287,700 yuan, and Shanghai with 281,600 yuan.

There are 6 cities with more than the average salary, and the difference between Beijing, which ranks first, and Suzhou, which ranks sixth, is only 3,000 yuan.

According to different positions, their salary also varies greatly. It can be seen that the employment prospects of network security personnel are very optimistic, and the salary level also has a lot of room for growth with career development.

Why are cyber security salaries so high?

After reading the salary survey above, everyone must have doubts: Why can the annual salary of ordinary commissioners be 156,100 yuan, with an average monthly salary of 13,000 yuan?

Core reason: market demand is greater than talent supply.

Just like the cat claw cup produced by Starbucks, when the user demand is greater than the product stock, then you have to pay a higher price if you want to get your beloved cat claw cup.

In the past few years, network security basically only served some important institutions of the country. However, with the rapid development of the Internet industry in the past two years, from a global perspective, the risks brought by network security are becoming increasingly prominent, and they are constantly escalating to political , economy, culture, society, national defense and other fields conduct penetration.

On June 1, 2017, the "Network Security Law" was officially promulgated and implemented. Article 20 stipulates that "the state supports enterprises, colleges and universities, vocational schools and other education and training institutions to carry out education and training related to network security, and adopts various methods to cultivate network security. security talents, and promote the development of network security talents.” According to Xinhua News Agency, as of now, nearly 200 colleges and universities across the country have opened information security or cyberspace security majors, and colleges and universities train more than 20,000 people every year, but this is still not enough. Society's demand for relevant talents.

At the same time, network security itself is a professional field with strong offensive and defensive capabilities. The current university education is "by the book", so it is difficult to cultivate real practical network security personnel. In addition, the demand for it from enterprises continues to grow. However, in the current environment where relevant talents are generally in short supply, if companies want to really recruit people, they must have sufficient competitive advantages in terms of salary and benefits.

What is the future of network security?

1. Network security affects the whole body if it affects national security.

A year ago, the United States unilaterally sanctioned ZTE and Huawei under the pretext of maintaining national security, politicized commercial issues under the guise of protecting the country, blatantly hindered fair competition and technological progress, and caused heavy losses to many Chinese companies, although this behavior hurts people It is not self-interested, but it has the support of the people of the country.

2. The Internet of Everything is based on security, and the network security of enterprises cannot be ignored.

3. National policies vigorously promote the development of network security.

Since 2013, my country has successively established the National Security Commission, the Central Network Security and Informatization Leading Group, and issued laws and regulations such as the National Security Law, the Cyber ​​Security Law, and the National Cyberspace Security Strategy, as well as important guidance documents. . In 2014, at the first meeting after the establishment of the Central Network Security and Informatization Leading Group, the state clearly stated that "without network security, there will be no national security, and without informatization, there will be no modernization . " It can be seen that the central government will comprehensively deepen reforms and strengthen top-level design, showing its determination to ensure network security, safeguard national interests, and promote the development of informatization.

Safety is the premise of development, and development is the guarantee of safety. Safety and development must be promoted simultaneously.

Based on the above reasons, for friends who are considering entering the network security industry, there is nothing to worry about in the future. The most important thing to worry about is how to make yourself a qualified talent required by the industry.

How to get started with cyber security?

Here you can refer to the following growth roadmap:

Click to get the high-definition expandable mind map

The first stage: getting started with basic operations and learning basic knowledge

The first step to getting started is to learn some current mainstream security tool courses and supporting books on basic principles. Generally speaking, this process takes about 1 month.

At this stage, you already have a basic understanding of cybersecurity. If you have finished the first step, I believe you have theoretically understood the SQL injection above, what is an xss attack, and have mastered the basic operations of security tools such as burp, msf, and cs. The most important thing at this time is to start laying the foundation!

The so-called "foundation" is actually a systematic study of basic computer knowledge. If you want to learn network security well, you must first have 5 basic knowledge modules:

1. Operating system

2. Protocol/Network

3. Database

4. Development language

5. Principles of Common Vulnerabilities

What is the use of learning these basics?

The level of knowledge in various fields of computer determines the upper limit of your penetration level.

[1] For example: if you have a high level of programming, you will be better than others in code auditing, and the exploit tools you write will be easier to use than others;

[2] For example: if you have a high level of database knowledge, then when you are conducting SQL injection attacks, you can write more and better SQL injection statements, which can bypass WAF that others cannot bypass;

【3】For example: if your network level is high, then you can understand the network structure of the target more easily than others when you infiltrate the internal network. You can get a network topology to know where you are, and get the configuration of a router. file, you will know what routes they have made;

【4】For another example, if your operating system is good, your privilege will be enhanced, your information collection efficiency will be higher, and you can efficiently filter out the information you want.

The second stage: practical operation

1. Mining SRC

The purpose of digging SRC is mainly to put the skills into practice. The biggest illusion of learning network security is to feel that you know everything, but when it comes to digging holes, you can’t do anything. SRC is a very good opportunity to apply skills.

2. Learn from technical sharing posts (vulnerability mining type)

Watch and learn all the 0day mining posts in the past ten years, and then build an environment to reproduce the loopholes, think and learn the author's digging thinking, and cultivate your own penetrating thinking​​​​

3. Range practice

Build a shooting range by yourself or go to a free shooting range website to practice. If you have the conditions, you can buy it or apply to a reliable training institution. Generally, there are supporting shooting range exercises.

Phase 3: Participate in CTF competitions or HVV operations

Recommended: CTF Competition

CTF has three points:

【1】A chance close to actual combat. Now the network security law is very strict, unlike before, everyone can mess around

[2] Topics keep up with the frontiers of technology, but many books lag behind

【3】If you are a college student, it will be very helpful for finding a job in the future

If you want to play a CTF competition, go directly to the competition questions, if you don’t understand the competition questions, go to the information according to what you don’t understand

Recommended: HVV (network protection)

HVV has four points:

[1] It can also greatly exercise you and improve your own skills. It is best to participate in the HVV action held every year

【2】Be able to meet many bigwigs in the circle and expand your network

【3】The salary of HVV is also very high, so you can earn a lot of money if you participate

[4] Like the CTF competition, if you are a college student, it will also be very helpful for finding a job in the future

I have also compiled some network security information for you below. If you don’t want to find them one by one, you can refer to these information.

The field of network security is like a towering tree full of fruit. There are countless onlookers standing under it. They all claim that they like network security and want to pick the fruit from the tree, but they are hesitant when faced with the vine branches that hang down from time to time. indecision.

In fact, you can climb this tree by just grabbing any vine branch.
What most people lack is such a beginning.

This full version of online security learning materials has been uploaded. If you need it, you can scan the QR code of the CSDN official certification below on WeChat or click the link to get it for free [guaranteed 100% free]

CSDN spree: "Hacker & Network Security Introduction & Advanced Learning Resource Pack" for free https://mp.weixin.qq.com/s/rB52cfWsdBq57z1eaftQaQ