First of all , let’s talk about schools and employment issues. I mentioned that there are relatively good schools for cyber security majors in China . Hangzhou Dianzi University) must have a name.
Judging from the current employment situation, network security majors are actually relatively easy to find employment. After all, with the development of the industrial Internet and the migration of enterprises to the cloud, new directions such as new terminal security, cloud-native security, big data security, and business security have emerged in the security field, so a lot of fresh blood is also needed.
Secondly, back to the network security major itself, whether network security is a good major or not should be divided into two parts.
At the talent market level , as just mentioned, the security industry needs network security talents to join.
According to the "2019 Network Security Talent Market Research Report" released by Zhaopin , the growth rate of the network security talent market demand is astonishing: in June 2019, the scale of network security talent market demand reached 24.6 times the demand in January 2016, compared with 2018 In July 2019, it also increased by 3 times. It can be seen that the demand for network security talents has shown a substantial growth trend.
At the level of personal development, it depends on salary and development prospects.
In terms of salary, overall, the salary provided by employers to security personnel is higher than job seekers' expectations. The average salary for cybersecurity-related positions provided by government and enterprise organizations is about 11,728.9 yuan/month, and security companies provide cybersecurity-related positions. The average salary is about 12004.8 yuan/month, which is relatively impressive.
In terms of development prospects, in today's increasingly advanced science and technology, various industries are increasingly pursuing the maximization of benefits in the shortest time. The particularity of network security lies in its non-immediate benefits (that is, it cannot benefit immediately. ), however, all investments in network security are extremely valuable. This is also the true meaning of the concept of cyberspace security.
Let me give you an easy-to-understand example—many people have physical problems and go to the doctor when they can't hold on. Similarly, enterprises only think of defense and resistance after encountering security problems (such as ransomware or data leakage);
In order to prevent illness, people have begun to cultivate awareness of health preservation, physical examination or vaccination. Correspondingly, some companies have also begun to take preventive vaccinations in advance, performing patch updates, system reinforcement, threat detection, data encryption, etc., to defend against external threats;
But in the final analysis, everyone can't avoid physical problems, so they rely on various ways to enhance their resistance to maintain long-term physical health, and at the same time, they also buy insurance for emergencies;
In fact, the same is true for enterprises - it is advisable to plan ahead for rain, not to dig a well when you are thirsty . It is necessary not only to resist perceived threats, but also to prevent unknown threats, do a good job in top-level security planning and real-time situational awareness, normalize risk assessment, and ensure continuous safe operation, just like people do for themselves Buying insurance is the same as buying cyber insurance.
Having said that, in the face of such a situation, if you want to find a relatively decent job by studying network security, in addition to using your school and education as a stepping stone, you must naturally improve your own capabilities.
The mainstream talents in the Internet era are compound talents, including the compounding of knowledge, thinking and ability. In the field of network security, the attribute of compounding is more prominent, because network security itself needs to take into account all aspects of security.
One-point cutting, comprehension by analogy, establishment of a systematic network security knowledge system, and continuous strengthening of the ability to think comprehensively are the only ways to become a security talent.
For the topic subject who is about to enter university, everything has just begun. Since he is interested in network attack and defense, he might as well accumulate some practical experience.
For example, on a university campus, you can apply to join organizations such as security teams and security clubs, and communicate with experienced seniors. You can also participate in various security competitions or challenge cups and other technological events to take the first step in actual combat. .
There are even more security competitions in the society. TCTF and GeekPwn are very important competitions to exercise your ability. In the process of competing with global hackers on the same stage, your gains must be far beyond imagination.
In addition to competitions, daily practical operations are also an important agenda to consolidate basic knowledge and quickly improve learning efficiency, such as digging out website vulnerabilities and submitting them to enterprise src.
Finally, back to the question itself, everyone has a different opinion on whether the network security major is good or not, but the status of network security is increasing day by day, and its importance is becoming more and more prominent. The latest data from the "IDC Global Cybersecurity Spending Guide" shows that under the impact and promotion of the new crown pneumonia epidemic, the total investment in the global cybersecurity-related hardware, software, and service markets will reach US$125.21 billion in 2020, a year-on-year increase from 2019 . 6.0% . Meanwhile, the top IT spending priority for the second half of 2020 is cybersecurity, according to a recent survey of enterprise chief information officers (CIOs) by Hitachi ID .
The value and importance of cybersecurity is self-evident as the world spends more on it. As for the major, whether you choose it or not, learn it or not, it is there, and the advantages and disadvantages are at your own discretion.
How to get started with network security?
Let's get down to the specific technical points. The overall learning time of this network security learning route is about half a year, depending on each person's situation.
The first stage: getting started with basic operations and learning basic knowledge
The first step to getting started is to learn some current mainstream security tool courses and supporting books on basic principles. Generally speaking, this process takes about 1 month.
At this stage, you already have a basic understanding of cybersecurity. If you have finished the first step, I believe you have theoretically understood the SQL injection above, what is an xss attack, and have mastered the basic operations of security tools such as burp, msf, and cs. The most important thing at this time is to start laying the foundation!
The so-called "foundation" is actually a systematic study of basic computer knowledge. If you want to learn network security well, you must first have 5 basic knowledge modules:
1. Operating system
2. Protocol/Network
3. Database
4. Development language
5. Principles of Common Vulnerabilities
What is the use of learning these basics?
The level of knowledge in various fields of computer determines the upper limit of your penetration level.
[1] For example: if you have a high level of programming, you will be better than others in code auditing, and the exploit tools you write will be easier to use than others;
[2] For example: if you have a high level of database knowledge, then when you are conducting SQL injection attacks, you can write more and better SQL injection statements, which can bypass WAF that others cannot bypass;
【3】For example: if your network level is high, then you can understand the network structure of the target more easily than others when you infiltrate the internal network. You can get a network topology to know where you are, and get the configuration of a router. file, you will know what routes they have made;
【4】For another example, if your operating system is good, your privilege will be enhanced, your information collection efficiency will be higher, and you can efficiently filter out the information you want.
The second stage: practical operation
1. Mining SRC
The purpose of digging SRC is mainly to put the skills into practice. The biggest illusion of learning network security is to feel that you know everything, but when it comes to digging holes, you can’t do anything. SRC is a very good opportunity to apply skills.
2. Learn from technical sharing posts (vulnerability mining type)
Watch and learn all the 0day mining posts in the past ten years, and then build an environment to reproduce the loopholes, think and learn the author's digging thinking, and cultivate your own penetrating thinking
3. Range practice
Build a shooting range by yourself or go to a free shooting range website to practice. If you have the conditions, you can buy it or apply to a reliable training institution. Generally, there are supporting shooting range exercises.
Phase 3: Participate in CTF competitions or HVV operations
Recommended: CTF Competition
CTF has three points:
【1】A chance close to actual combat. Now the network security law is very strict, unlike before, everyone can mess around
[2] Topics keep up with the frontiers of technology, but many books lag behind
【3】If you are a college student, it will be very helpful for finding a job in the future
If you want to play a CTF competition, go directly to the competition questions, if you don’t understand the competition questions, go to the information according to what you don’t understand
Recommended: HVV (network protection)
HVV has four points:
[1] It can also greatly exercise you and improve your own skills. It is best to participate in the HVV action held every year
【2】Be able to meet many bigwigs in the circle and expand your network
【3】The salary of HVV is also very high, so you can earn a lot of money if you participate
[4] Like the CTF competition, if you are a college student, it will also be very helpful for finding a job in the future
Finally, I have compiled a simple learning method for everyone, which can be used for reference:
1. Read more books
Reading is always the most effective way. Although books are not necessarily the best way to get started, the understanding of books requires a certain foundation; but for now, books are a relatively reliable way to get started.
For example: "Hacking and Defense --- Detailed Explanation of Web Security Practical Combat", "Secrets of Web Front-end Hacking Technology", "The Road to Security: Analysis of Web Penetration Technology and Practical Cases (2nd Edition)"
Now there are many books on Web security, so you can avoid a lot of detours in the process of learning. If you have difficulty reading the above recommended books, then find a book on Web security that you can read.
Of course, talk on paper is shallow, so what if you don't practice it.
2. Learning common tools
1. Burpsuite learns Proxy, captures and changes packets, learns Intruder blasting module, learns plug-ins in the practical Bapp application store 2. Nmap uses Nmap to detect the ports opened by the target host, uses Nmap to detect the network service of the target host, and determines its service name and version number 3 .SQLMap uses SQLMap to mine the SQL injection vulnerabilities scanned in AWVS for data acquisition practices and exploit common types of vulnerabilities
3. Learning and development
1. Book "Detailed PHP"
2. Practice using PHP to write a script that lists directories, and you can list any directory through parameters. Use PHP to grab the content of a web page and output it. Use PHP to grab the content of a web page and write it to the Mysql database for output.
You can also find a training class and study systematically, it is all possible.
I also compiled a set of network security learning materials for you, which can save you the time to find other materials. I have read most of them, and they are all very good.
This full version of online security learning materials has been uploaded. If you need it, you can scan the QR code of the CSDN official certification below on WeChat or click the link to get it for free [guaranteed 100% free]
https://mp.weixin.qq.com/s/rB52cfWsdBq57z1eaftQaQ