foreword
Recently, many friends asked me: How to get started with network security with zero foundation. His dream is to become a network security engineer. When I asked how old I was, I just entered the freshman year. This is the best time to learn any technology, because there are four full years of preparation.
Industry prospect
I believe there is no need to say much about the prospect of the network security industry. With the strong support of national policies and the continuous expansion of the talent gap, network security has gradually become a new trend in today's era.
study plan
general outline
Join your school's ctf team or security club, and choose a direction of interest based on your own strengths after a preliminary understanding of security, such as binary, web penetration, cryptography (good at mathematics), android reverse, etc.
From freshman to sophomore, you must learn computer professional courses well (it is recommended to watch station b, 985 university MOOCs, and do more experiments), introduction to computer, discrete mathematics, computer network, data structure, operating system, computer composition principle, compilation principle , if some The course is in the third and fourth year of the junior year, and try to complete the self-study before the third year . The foundation of network security is the computer foundation. It doesn’t matter even if there are no professional courses related to network security. Even the top universities in China can rarely learn things related to industry security in class. The only difference is that there are a few more cryptography courses. It is no exaggeration to say that 90% of the experts in the security industry are self-taught .
Daiichi
The freshman pays attention to laying the foundation, and uses the spare time to study in clubs or self-study, maintaining 4-8 hours of personal study time every day (the freshman class is rare and sometimes there is no class all day). Proficient in 1 programming language (can reach about 10,000 lines of code, can independently complete projects and small games of about 1,000 lines, can flexibly apply code to write scripts, and solve problems), familiar with 2-3 languages (about 2,000 lines of code , Familiar with grammar, able to understand code), Binary is recommended to master c/c++, assembly, python, web can learn C, JAVA, php, python, etc. After mastering the basics of programming, start to learn security systematically, start to learn PE, elf, debugging, vulnerability principles, etc. in binary, learn web security penetration, intranet, owasptop10 vulnerabilities, etc. Learning can be watching videos or reading some books (encryption and decryption, reverse engineering core principles, etc.). In addition, you can contact some ctf practice questions in some ctf shooting ranges such as attack and defense world and bugku.
sophomore
In the sophomore year, start brushing the ctf questions, participate in the ctf competition, practice and learn while playing the game, what knowledge is lacking, and learn the ctf questions after the freshman has laid a solid foundation, otherwise there is a high probability that you will face a writeUp and you will not even be able to read it If you understand the situation, in addition to the professional courses, try to keep improving as much as possible. You don’t need to care about the scores in the final exam of the professional courses, but practice more and write more code. Play competitions and try to win some awards. It is best to win an internship in a security company or participate in some hw activities during the summer vacation of the sophomore year.
Daisan
Juniors continue to participate in ctf, and at the same time move closer to actual combat, pay more attention to security circle information and trends such as freebuf, security hacker, etc. If you want to engage in security research in the future, start to reproduce classic CVE, some latest Nday, learn fuzz, Try to dig out your own CVE number. If you want to engage in virus analysis, analyze some samples based on some APT research reports. If you think of game companies doing anti-cheat, you should study injection, network protocols, and memory protection. It depends on your own interests. The actual business combination of security companies.
Autumn move
In the summer vacation of the junior year, as long as you follow the above, you will definitely be able to get an internship in a big factory, and you can transfer if you can become a regular. If you don’t have an internship or don’t want to become a full-time student, start preparing for autumn recruits in June of your junior year, and then read some interview questions and you will surely get a pleasant offer for a security post.
The above-mentioned learning route is mainly suitable for those who are both African and non-Chinese and plan to start a career as a bachelor . Although the whole university seems to be very complicated, this may be your only chance to enter a large factory as a non-Chinese . Currently, the school recruits Internet companies every year. There are few positions. Even though the security industry pays more attention to technology than education, in recent years, more and more people have education and skills. During the interview, you will find that the resumes around you are more scary than the other.
Maybe some people will ask if I am already a sophomore or junior, or if I don’t know anything, is there any hope of entering a big factory? It is not impossible. In addition to the technical route, Internet companies can also do products, testing, and sales. However, even in sales, security companies now prefer highly educated and have certain skills. It is still very important to accumulate skills at the undergraduate level. So if you feel that you are not self-disciplined enough, you cannot complete the above-mentioned plan by yourself, or you have missed the golden time before, or is it possible to enter a large factory with a bachelor’s degree ?
have!
But this is another completely different path: education and training institutions. Educational and training institutions have been criticized fiercely in recent years, and they are accused of cutting leeks, but the existence of a thing is reasonable. If you really want to work in the cyber security industry but missed the opportunity for various reasons, why not try again? Next, I will share a copy of "[282G] Network Security Zero-Basic Introductory Learning Materials Package"
officially certified by CSDN . Those who need it can scan the QR code below to get it for free!
If the above picture fails, students can click the link below to get it for free!
【282G】Network security & hacking technology zero-basic to advanced full-set learning spree, free to share!
Next, I will introduce to you what is included in this 282G data:
1. Growth roadmap
2. Companion video
3. Network security literature
4. Actual operation
5. Interview questions
6. Installation package & source code
All of the above materials are available for free, so why not give yourself a chance?
This "[282G] Network Security Zero-Basic Introductory Learning Packet" officially certified by CSDN , if you need it, you can scan the QR code below to get it for free!
If the above picture fails, students can click the link below to get it for free!
【282G】Network security & hacking technology zero-basic to advanced full-set learning spree, free to share!