How to Avoid Being a Script Kiddie or Cybersecurity Tool Guy
If you want to avoid becoming a tool person or a script kiddie, you need to pay attention to the choice of the initial stage of learning and the initial stage of work.
First of all, in the early stages of learning, it is most important to lay a good foundation and avoid becoming a script kiddie.
You may find that many people can only write Python and then use tools. With a little experience, they can find a decent job, but they may only be able to do the simplest security work.
Nowadays, there are so many integrated scripting tools, and the barriers to use are gradually lowering. Many people who don’t even know how to build a website just use a scanner to scan the website directory. There are serious technical gaps. The purpose of network security is to attack and promote defense. Discovering vulnerabilities is only one step, but it is difficult to locate vulnerabilities, describe the hazards of vulnerabilities, how to exploit them, and provide suggestions for repairing them. If the technical level is not solid, it is difficult to have a good development prospect.
For example, when doing penetration testing, if you mention SQL injection, you need to understand the TSQL language. When you mention CSRF, you will involve the application layer protocol HTTP of "Computer Network". Servlet can't understand it. Therefore, in the early stage of penetration, basic skills such as network foundation, programming foundation, database foundation, and operating system are required. First of all, you should enter from html, css, js, programming language, protocol package analysis, network interconnection principle, database syntax, etc. After you have a firm grasp of the basic knowledge, you can go to in-depth study of penetration testing.
Therefore, you need to stay away from impetuous environments. Many people have a heart towards technology at first, but they can't sink their hearts
continuous learning. Constantly break through the bottleneck. In the stage of technological improvement, everyone will experience their own confusion and learn a lot, but if they go deeper, it will be a brand new world and it will be another hard battle. If you hold back, you're stuck at the script kiddie stage.
In network security work, how to avoid becoming a tool person.
Since there are many infiltration positions in the industry and they are in short supply, when entering the industry, you can do infiltration engineering positions first.
In the later stage, if you have a strong coding or research foundation and have accumulated more experience, you can switch to higher-paying or more subdivided positions such as security research and development or security research. For example the following:
Cloud Computing Product Security Analyst. With the rapid development of the Internet, more and more companies have begun to pay attention to network security. There is a large gap for cloud computing product security analysts, and the salary is high. Cloud computing product security analysts rely on their ability to solve problems. Like old Chinese medicine practitioners, the older they get, the more popular they get, and the faster they get promoted. Security work is usually done by business leaders and department executives, and it is easier to gain leadership approval. Compared with some IT positions, it also involves very difficult mathematical problems.
Security development engineer. The work content is mainly to design and implement security products, improve the usability of security products and optimize Web R&D technology; develop security auxiliary tools or platforms; be responsible for the design and development of security platforms; understand the latest attack and protection technologies in the security field, and constantly improve product. The salary is also relatively high.
Network security level protection assessor. Mainly do level protection evaluation, risk assessment, information security construction and rectification consultation, etc. Write the work specification, process and implementation plan of the project; conduct network security level protection evaluation, network security consultation, information security risk assessment, security reinforcement of operating system and database, etc. for the client company; design network security solutions according to customer needs, and follow the Organize and compile technical support documents according to document specifications, provide customers with graded protection, information security consulting introduction and training,
etc.
The network security industry is like a river and lake, where people of all colors gather. Compared with many decent families with solid foundations in European and American countries (understand encryption, know how to protect, can dig holes, and are good at engineering), our talents are more heretics (many white hats may not be convinced), so in the future Talent training and In terms of construction, it is necessary to adjust the structure and encourage more people to do "positive" "system and construction" that combines "business" and "data" and "automation" in order to quench the thirst for talents and truly serve the society in an all-round way. Internet provides security.
Friends who want to get involved in hacking & network security, I have prepared a copy for everyone: the most complete network security information package on the entire network in 2023 for free! Pay attention to it (automatically sent in the background)