I am a network security engineer who has been coding for 5 and a half years. I am currently working in Hangzhou. My monthly salary is currently around 30.6K. 18K offers. 30K or so so far.
Speaking of this, I would like to remind everyone that when you change jobs, remember not to think about naked resignation if you don’t get the offer from the next company, otherwise you will face a particularly embarrassing situation, so I won’t go into details, I understand People naturally understand!
Let me introduce my experience
I went to junior college (later I took the undergraduate exam by myself) I studied tourism at school, and I have been exposed to industrial programming. When I was about to graduate, I chose network security technology. I resigned because I thought the tour guide was too tiring and unflattering. To be honest, as a post-90s me, I still like to work in an office. I have an air conditioner. In reality, I just want to make more money.
Through this article today, I just want to share with you my learning experience, because I know very well that there are many detours in self-learning, so I hope that through my own experience, everyone can take a little less detours and learn the technology as soon as possible .
At the beginning, there was a very important problem that the problem of learning mentality explosion may occur at any time, mainly because I encountered a problem that could not be solved, and I couldn’t figure out what the problem was after thinking about it for five or six hours. When it comes to this little problem, you will feel that you are stupid, that you are not good enough, and you will have serious doubts about yourself. And this happens almost every day, because I have never been exposed to this knowledge, so I can't find out where the problem is. My solution is to find a big cow on the Internet as a master. If you have any questions, you can ask him. Basically, a problem can be solved within five minutes, which greatly improves the efficiency of learning. One of my thoughts at the time was , No matter what you do, you really need an experienced person to guide you in the early stage, otherwise it is easy for you to get into a dead end and fall into a misunderstanding .
If you can’t find a technical expert to take you, I personally think that participating in training courses is the fastest way for beginners to get started. Before choosing a training institution, you must read their course outline. The best network foundation section, web penetration section, Kali Both Linux and Linux are involved. In actual combat, it would be even better if there are offensive and defensive platforms and target drones, and real website authorization can be provided as penetration testing support.
How to learn network security for new entrants
As a "senior programmer" who has worked in the network security industry for nearly 5 years and has worked in various positions, I will tell you that network security is not difficult, and getting started with network security is easier! Don't be fooled by its mysterious coat.
As long as you listen to my explanation carefully, although there is no guarantee that you will become a master, no matter how poor your learning ability is, you can still reach the entry level .
Into the title
01. Simple understanding of network security
To put it bluntly, network security means that the data in the network system is protected from being destroyed. And our security engineers engaged in network information security work, of course, the main job is to design programs to maintain network security.
Network security engineer is a general term that also includes many positions, such as security product engineer, security analyst, data recovery engineer, network architecture engineer, network integration engineer, security programming engineer and so on.
All work content includes security assessment, risk assessment, security service, firewall, intrusion detection, cloud protection, system attack and defense, code audit, etc.
Of course, these positions have nothing to do with you at this stage, I just want to let you know that the industry of network security is also a great place. What you have to do now is to learn the basic knowledge well, and one day in the future, maybe you will be able to get in touch.
02. Network Security Introduction Learning Route
Click to collect the high-definition expandable mind map
The first stage: getting started with basic operations and learning basic knowledge
The first step to getting started is to learn some current mainstream security tool courses and supporting books on basic principles. Generally speaking, this process takes about 1 month.
At this stage, you already have a basic understanding of cybersecurity. If you have finished the first step, I believe you have theoretically understood the SQL injection above, what is an xss attack, and have mastered the basic operations of security tools such as burp, msf, and cs. The most important thing at this time is to start laying the foundation!
The so-called "foundation" is actually a systematic study of basic computer knowledge. If you want to learn network security well, you must first have 5 basic knowledge modules:
1. Operating system
2. Protocol/Network
3. Database
4. Development language
5. Principles of Common Vulnerabilities
What is the use of learning these basics?
The level of knowledge in various fields of computer determines the upper limit of your penetration level.
[1] For example: if you have a high level of programming, you will be better than others in code auditing, and the exploit tools you write will be easier to use than others;
[2] For example: if you have a high level of database knowledge, then when you are conducting SQL injection attacks, you can write more and better SQL injection statements, which can bypass WAF that others cannot bypass;
【3】For example: if your network level is high, then you can understand the network structure of the target more easily than others when you infiltrate the internal network. You can get a network topology to know where you are, and get the configuration of a router. file, you will know what routes they have made;
【4】For another example, if your operating system is good, your privilege will be enhanced, your information collection efficiency will be higher, and you can efficiently filter out the information you want.
The second stage: practical operation
1. Mining SRC
The purpose of digging SRC is mainly to put the skills into practice. The biggest illusion of learning network security is to feel that you know everything, but when it comes to digging holes, you can’t do anything. SRC is a very good opportunity to apply skills.
2. Learn from technical sharing posts (vulnerability mining type)
Watch and learn all the 0day mining posts in the past ten years, and then build an environment to reproduce the loopholes, think and learn the author's digging thinking, and cultivate your own penetrating thinking
3. Range practice
Build a shooting range by yourself or go to a free shooting range website to practice. If you have the conditions, you can buy it or apply to a reliable training institution. Generally, there are supporting shooting range exercises.
Phase 3: Participate in CTF competitions or HVV operations
Recommended: CTF Competition
CTF has three points:
【1】A chance close to actual combat. Now the network security law is very strict, unlike before, everyone can mess around
[2] Topics keep up with the frontiers of technology, but many books lag behind
【3】If you are a college student, it will be very helpful for finding a job in the future
If you want to play a CTF competition, go directly to the competition questions, if you don’t understand the competition questions, go to the information according to what you don’t understand
Recommended: HVV (network protection)
HVV has four points:
[1] It can also greatly exercise you and improve your own skills. It is best to participate in the HVV action held every year
【2】Be able to meet many bigwigs in the circle and expand your network
【3】The salary of HVV is also very high, so you can earn a lot of money if you participate
[4] Like the CTF competition, if you are a college student, it will also be very helpful for finding a job in the future
Fourth, the recommendation of learning materials
The field of network security is like a towering tree full of fruit. There are countless onlookers standing under it. They all claim that they like network security and want to pick the fruit from the tree, but they are hesitant when faced with the vine branches that hang down from time to time. indecision.
In fact, you can climb this tree by just grabbing any vine branch.
What most people lack is such a beginning.
This full version of online security learning materials has been uploaded. If you need it, you can scan the QR code of the CSDN official certification below on WeChat or click the link to get it for free [guaranteed 100% free]
https://mp.weixin.qq.com/s/rB52cfWsdBq57z1eaftQaQ