foreword
"There is no national security without cybersecurity". At present, network security has been elevated to the height of national strategy and has become one of the most important factors affecting national security and social stability.
Characteristics of the network security industry
1. The employment salary is very high, and the salary rises quickly. In 2021, Liepin.com released the highest employment salary in the network security industry, which is 337,700 yuan per capita!
2. There is a large talent gap and many employment opportunities
On September 18, 2019, the official website of the "Central People's Government of the People's Republic of China" published: my country needs 1.4 million cyberspace security talents, while major schools across the country train less than 1.5 million people each year. Liepin.com's "Cyber Security Report for the First Half of 2021" predicts that the demand for cyber security talents will be 3 million in 2027, and there are only 100,000 employees currently engaged in the cyber security industry.
The industry has a lot of room for development and many jobs
Since the establishment of the network security industry, dozens of new network security industry positions have been added: network security experts, network security analysts, security consultants, network security engineers, security architects, security operation and maintenance engineers, penetration engineers, information security management Data Security Engineer, Network Security Operations Engineer, Network Security Emergency Response Engineer, Data Appraiser, Network Security Product Manager, Network Security Service Engineer, Network Security Trainer, Network Security Auditor, Threat Intelligence Analysis Engineer, Disaster Recovery Professional , Actual combat offensive and defensive professionals...
Great career potential
The network security major has strong technical characteristics, especially mastering the core network architecture and security technology in the work, which has an irreplaceable competitive advantage in career development.
With the continuous improvement of personal ability, the professional value of the work will also increase with the enrichment of one's own experience and the maturity of project operation, and the appreciation space is bullish all the way, which is the main reason why it is popular with everyone.
To some extent, in the field of network security, just like the doctor profession, the older you are, the more popular you become. Because the technology becomes more mature, the work will naturally be valued, and promotion and salary increase are a matter of course.
How to Get Started Learning Cyber Security
Pre-school speech
1. This is a road that needs to be persisted. If you only have three minutes of enthusiasm, you can give up and read on.
2. Practice more and think more, don't know anything without leaving the tutorial, it is best to complete the technical development independently after reading the tutorial.
3. If you have any questions, you can google, baidu... We often don't meet good-hearted masters, who will give you answers every day when they are bored.
4. If you really don't understand something, you can let it go first and solve it later.
Zero-based entry
For students who have never been exposed to network security, we have prepared a detailed learning and growth roadmap for you. It can be said that it is the most scientific and systematic learning route, and it is no problem for everyone to follow this general direction.
Click to collect the high-definition expandable mind map
The first stage: getting started with basic operations and learning basic knowledge
The first step to getting started is to learn some current mainstream security tool courses and supporting books on basic principles. Generally speaking, this process takes about 1 month.
At this stage, you already have a basic understanding of cybersecurity. If you have finished the first step, I believe you have theoretically understood the SQL injection above, what is an xss attack, and have mastered the basic operations of security tools such as burp, msf, and cs. The most important thing at this time is to start laying the foundation!
The so-called "foundation" is actually a systematic study of basic computer knowledge. If you want to learn network security well, you must first have 5 basic knowledge modules:
1. Operating system
2. Protocol/Network
3. Database
4. Development language
5. Principles of Common Vulnerabilities
The second stage: practical operation
1. Mining SRC
The purpose of digging SRC is mainly to put the skills into practice. The biggest illusion of learning network security is to feel that you know everything, but when it comes to digging holes, you can’t do anything. SRC is a very good opportunity to apply skills.
2. Learn from technical sharing posts (vulnerability mining type)
Watch and learn all the 0day mining posts in the past ten years, and then build an environment to reproduce the loopholes, think and learn the author's digging thinking, and cultivate your own penetrating thinking
3. Range practice
Build a shooting range by yourself or go to a free shooting range website to practice. If you have the conditions, you can buy it or apply to a reliable training institution. Generally, there are supporting shooting range exercises.
Phase 3: Participate in CTF competitions or HVV operations
Recommended: CTF Competition
CTF has three points:
【1】A chance close to actual combat. Now the network security law is very strict, unlike before, everyone can mess around
[2] Topics keep up with the frontiers of technology, but many books lag behind
【3】If you are a college student, it will be very helpful for finding a job in the future
If you want to play a CTF competition, go directly to the competition questions, if you don’t understand the competition questions, go to the information according to what you don’t understand
Recommended: HVV (network protection)
HVV has four points:
[1] It can also greatly exercise you and improve your own skills. It is best to participate in the HVV action held every year
【2】Be able to meet many bigwigs in the circle and expand your network
【3】The salary of HVV is also very high, so you can earn a lot of money if you participate
[4] Like the CTF competition, if you are a college student, it will also be very helpful for finding a job in the future
I have also compiled some network security information for you below. If you don’t want to find them one by one, you can refer to these information.
Partial display
video tutorial
Book materials (classified parts cannot be shared)
SRC information package & HW network protection action
interview questions
Finally, I have compiled a simple learning method for everyone, which can be used for reference:
1. Read more books
Reading is always the most effective way. Although books are not necessarily the best way to get started, the understanding of books requires a certain foundation; but for now, books are a relatively reliable way to get started.
For example: "Hacking and Defense --- Detailed Explanation of Web Security Practical Combat", "Secrets of Web Front-end Hacking Technology", "The Road to Security: Analysis of Web Penetration Technology and Practical Cases (2nd Edition)"
Now there are many books on Web security, so you can avoid a lot of detours in the process of learning. If you have difficulty reading the above recommended books, then find a book on Web security that you can read.
Of course, talk on paper is shallow, so what if you don't practice it.
2. Learning common tools
1. Burpsuite learns Proxy, captures and changes packets, learns Intruder blasting module, learns plug-ins in the practical Bapp application store 2. Nmap uses Nmap to detect the ports opened by the target host, uses Nmap to detect the network service of the target host, and determines its service name and version number 3 .SQLMap uses SQLMap to mine the SQL injection vulnerabilities scanned in AWVS for data acquisition practices and exploit common types of vulnerabilities
3. Learning and development
1. Book "Detailed PHP"
2. Practice using PHP to write a script that lists directories, and you can list any directory through parameters. Use PHP to grab the content of a web page and output it. Use PHP to grab the content of a web page and write it to the Mysql database for output.
You can also find an offline training class and study systematically, it is all possible.
Epilogue
To be honest, there is no threshold for obtaining the information package mentioned above.
However, I think many people get it but don't learn it.
Most people's question seems to be " how to act ", but it is actually " can't start" .
This is true in almost any field. The so-called " everything is difficult at the beginning", the vast majority of people are stuck at the first step, and they have eliminated themselves before they even started.
If you really believe you like cybersecurity/hacking, do it now, more than anything else .
The field of network security is like a towering tree full of fruit. There are countless onlookers standing under it. They all claim that they like network security and want to pick the fruit from the tree, but they are hesitant when faced with the vine branches that hang down from time to time. indecision.
In fact, you can climb this tree by just grabbing any vine branch.
What most people lack is such a beginning.
This full version of online security learning materials has been uploaded. If you need it, you can scan the QR code of the CSDN official certification below on WeChat or click the link to get it for free [guaranteed 100% free]
https://mp.weixin.qq.com/s/rB52cfWsdBq57z1eaftQaQ