In 2023, resign and switch to IT, is there any prospect?
What is better to learn?
First of all, we need to know that the relationship between supply and demand determines market conditions, and the IT industry is essentially a service-oriented industry.
If the IT job market is to improve, the decisive factor is not how good the practitioners are in the market, but how much demand is needed to hire these practitioners, and where does the demand come from? Naturally, there are many job requirements, and job requirements come from employers. So, overall, do employers have job demands?
Since "the T industry is essentially a service-oriented industry", compare it to the tourism and catering industry. Affected by the epidemic, because the people being served do not come, it is depressed. This is the case in the service-oriented industry. If the owner has money and is willing to spend it, Only the service type can thrive, which has little to do with how hard you work.
The overall economic slowdown in the macro environment, coupled with the impact of fringe politics and the epidemic, has caused varying degrees of pressure on profits for many companies, and this universality is obvious. There is no high demand in the short term.
then what should we do?
Can I learn network security?
Of course, network security engineers are currently the best job in the IT industry.
The salary in the field of network security has increased steadily in recent years. In the first half of 2021, the average recruitment salary in the field of network security reached 22,387 yuan/month, an increase of 4.85% compared with the same period last year. Among them, the R&D technical post with the highest market demand has become the post with the highest gold content , the average monthly salary in the first half of 2021 is 24,887 yuan/month. Compared with the average salary of the whole industry, the main reason is that the talents that most companies hope to recruit through social recruitment websites are "experienced and skilled" talents.
For Xiaobai to switch to network security, the most suitable person is a network security operation and maintenance engineer.
Safe operation and maintenance is an important part of the entire network security life cycle.
At present, one of the two most lacking positions for network security recruiters is the operation and maintenance post, accounting for 80%, and the entry threshold for operation and maintenance is also low. Learning security operation and maintenance has the most employment opportunities.
In addition, security operation and maintenance belongs to the category of network security positions that start at a low level and are the easiest to learn and enter. With the rapid development of China's Internet (currently, Chinese netizens have jumped to the number one in the world), the scale of the website is getting bigger and bigger, and the structure is getting more and more complex; the requirements for full-time website operation and maintenance engineers and website architects will become more and more urgent , especially the demand for experienced and excellent operation and maintenance talents is increasing; because the knowledge of operation and maintenance positions is very broad, it is easier to cultivate or develop personal specialties or hobbies in certain aspects, such as kernel, network, development, In terms of databases, etc., you can do a very in-depth proficiency and become an expert in this area.
If you are good at learning, you can turn to a system architect or cto in the later stage. As mentioned above, although the threshold for operation and maintenance is low, the specific work of many companies may be quite different from what you expected. If you choose to learn operation and maintenance, you should mainly consider your own objective conditions. , Will there be an opportunity to enter large enterprises in first- and second-tier cities in the future to get in touch with automated operation and maintenance, devops, and cloud computing, which will be more conducive to future career development.
Where can I study Operational Network Security Operations?
It is recommended to sign up for online work! !
First, save time
Online classes take a lot of time and effort. Dedicate yourself to learning. However, taking the time will inevitably yield better value. If you have any questions, you can just raise your hand and ask questions. You don’t have to worry about whether the teacher can see it, it’s very direct. When practicing by yourself, there will also be professional teachers to accompany you, and you can solve problems directly, which can save a lot of time.
Second, the learning atmosphere is good.
The most important thing about online classes is that the learning atmosphere is also very good. Everyone can study and discuss in class whenever they have time. This is the advantage of online classes.
Accompanied by the teacher, solve the problems that you don't understand in time, the learning atmosphere is strong, and the learning initiative is greatly enhanced. Learning efficiency and learning effect have been improved.
Third, the quality of teaching is better.
The subject of network security is a technology that does not take an unusual path.
One of the biggest disadvantages of online course tutorials may be that they are popularized by beginners, and they cannot learn too many valuable technologies. Advanced technical courses cannot be taught on the Internet at all. The complex experimental environment involves equipment, codes, circuits, etc. Pure online, simulator or demonstration can be achieved. From code security to logical security, to physical security and management security. From virtualized servers, to desktops, to network tunnels, to multilayer switching, to routing to isolation.
Cyber Security Learning Path
The first stage: getting started with basic operations and learning basic knowledge
The first step to getting started is to learn some current mainstream security tool courses and supporting books on basic principles. Generally speaking, this process takes about 1 month.
At this stage, you already have a basic understanding of cybersecurity. If you have finished the first step, I believe you have theoretically understood the above is sql injection, what is xss attack, and you have also mastered the basic operations of security tools such as burp, msf, and cs. The most important thing at this time is to start laying the foundation!
The so-called "foundation" is actually a systematic study of basic computer knowledge. If you want to learn network security well, you must first have 5 basic knowledge modules:
1. Operating system
2. Protocol/Network
3. Database
4. Development language
5. Principles of Common Vulnerabilities
What is the use of learning these basics?
The level of knowledge in various fields of computer determines the upper limit of your penetration level.
[1] For example: if you have a high level of programming, you will be better than others in code auditing, and the exploit tools you write will be easier to use than others;
[2] For example: if you have a high level of database knowledge, then when you are conducting SQL injection attacks, you can write more and better SQL injection statements, which can bypass WAF that others cannot bypass;
【3】For example: if your network level is high, then you can understand the network structure of the target more easily than others when you infiltrate the internal network. You can get a network topology to know where you are, and get the configuration of a router. file, you will know what routes they have made;
【4】For another example, if your operating system is good, your privilege will be enhanced, your information collection efficiency will be higher, and you can efficiently filter out the information you want.
The second stage: practical operation
1. Mining SRC
The purpose of digging SRC is mainly to put the skills into practice. The biggest illusion of learning network security is to feel that you know everything, but when it comes to digging holes, you can’t do anything. SRC is a very good opportunity to apply skills.
2. Learn from technical sharing posts (vulnerability mining type)
Watch and study all the 0day mining posts in the past ten years, and then build an environment to reproduce the loopholes, think and learn the author's digging thinking, and cultivate your own penetrating thinking
3. Range practice
Build a shooting range by yourself or go to a free shooting range website to practice. If you have the conditions, you can buy it or apply to a reliable training institution. Generally, there are supporting shooting range exercises.
Phase 3: Participate in CTF competitions or HVV operations
Recommended: CTF competition
CTF has three points:
【1】A chance close to actual combat. Now the network security law is very strict, unlike before, everyone can mess around
[2] Topics keep up with the frontiers of technology, but many books lag behind
【3】If you are a college student, it will be very helpful for finding a job in the future
If you want to play a CTF competition, go directly to the competition questions, if you don’t understand the competition questions, go to the information according to what you don’t understand
Recommended: HVV (network protection)
HVV has four points:
[1] It can also greatly exercise you and improve your own skills. It is best to participate in the HVV action held every year
【2】Be able to meet many bigwigs in the circle and expand your network
【3】The salary of HVV is also very high, so you can earn a lot of money if you participate
[4] Like the CTF competition, if you are a college student, it will also be very helpful for finding a job in the future
Fourth, the recommendation of learning materials
Book list recommendation:
Computer operating system:
[1] Coding: the language hidden behind computer software and hardware
【2】In-depth understanding of the operating system
【3】In-depth understanding of windows operating system
【4】Linux kernel and implementation
Programming development class:
【1】windows programming
【2】windwos core becomes
【3】Linux programming
【4】Unix environment advanced into
【5】IOS becomes
[6] The first line of code Android
【7】C programming language design
【8】C primer plus
[9] C and pointers
[10] C expert programming
[11] C traps and defects
[12] Assembly language (Wang Shuang)
【13】java core technology
【14】java programming ideas
【15】Python core programming
[16] Linux shell script strategy
[17] Introduction to Algorithms
[18] Compilation principle
[19] Compilation and decompilation technology practice
[20] The way to clean code
[21] Code Encyclopedia
[22] TCP/IP Detailed Explanation
【23】Rootkit: Lurkers in the gray area of the system
【24】Hacking Attack and Defense Technology Collection
【25】Encryption and decryption
【26】C++ Disassembly and Reverse Analysis Technique Revealed
[27] web security testing
【28】White hat talks about web security
【29】Proficient in script hacking
【30】Web front-end hacking technology secret
[31] Programmer's application
【32】English Writing Handbook: Elements of Style
Common Internet Security and Forums
Kanxue Forum
Safety Class
Safety Niu
Safety Internal Reference
Green League
Prophet Community
XCTF Alliance
I have also compiled some network security information for you below. If you don’t want to find them one by one, you can refer to these information.
video tutorial
SRC&Hacking Technical Documentation
Hacking Tools Collection
epilogue
The network security industry is like a river and lake, where people of all colors gather. Compared with many decent families with solid foundations in European and American countries (understand encryption, know how to protect, can dig holes, and are good at engineering), our talents are more heretics (many white hats may not be convinced), so in the future Talent training and In terms of construction, it is necessary to adjust the structure and encourage more people to do "positive" "system and construction" that combines "business" and "data" and "automation" in order to quench the thirst for talents and truly serve the society in an all-round way. Internet provides security.
Special statement:
This tutorial is purely technical sharing! The purpose of this tutorial is in no way to provide and technical support for those with bad motives! Nor does it assume joint and several liability arising from the misuse of technology! The purpose of this tutorial is to maximize everyone's attention to network security and take corresponding security measures to reduce economic losses caused by network security.