Why Choose Cyber Security? Why is it said that network security is the last dividend of the IT industry?

News 2023-08-26 05:45:14 views: null
1. Why choose Network Security?

In recent years, with the continuous implementation of a series of policies/regulations/standards such as "National Cyberspace Security Strategy", "Cyber ​​Security Law" and "Network Security Level Protection 2.0", the status and salary of the cyber security industry have risen accordingly.

The next 3-5 years will be the golden development period of the security industry. If you enter the industry in advance, you can enjoy the development dividend of the industry.

2. Why is it said that the network security industry is the last dividend of the IT industry?

According to the "Internet Security Report" released by Tencent Security, the supply of cybersecurity talents in China is currently severely lacking. Every year, only more than 30,000 talents are trained in security majors in colleges and universities, and the gap in cybersecurity positions has reached 700,000, which is as high as 95%.
 

image.png

 Moreover, we go to the recruitment website and search for job titles such as [Network Security], [Web Security Engineer], [Penetration Testing], and we can see that security positions have good salaries. Condition.

image.png

 Three, choose the security industry has the following four major advantages

01 There is no age limit

In many positions in the IT industry, there are 35-year-olds who are anxious and worry about whether the company is willing to take on the problem, while network security depends on the ability to solve problems. The more years of work, the richer the experience, the more valuable.

02 The educational threshold is relatively loose

At present, there are very few colleges and universities with majors in cyber security. First, there are very few schools offering cyber security majors. Second, even if cyber security majors are offered, there are very few students trained due to the shortage of teachers. And the requirements for age, major, and education are not so strict, and the job market is relatively tolerant.

03 The overall salary level is high

Compared with other IT industries, the starting salary of network security is higher. The starting salary is usually more than 7k, and the annual salary can reach up to one million. There is also the opportunity to earn a lot of part-time income.

4. So how to learn about network security? 

 The first stage: basic preparation 4~6 weeks

This stage is a must-learn part for all those who are preparing to enter the security industry. As the saying goes: if the foundation is not worked, the ground will shake 

Stage Two: Web Penetration

Basic learning time: (1 week to 2 weeks)

  • ① Understand the basic concepts: (SQL injection, XSS, upload, CSRF, one-sentence Trojan horse, etc.) to lay the foundation for subsequent WEB penetration testing.
  • ② Check some web penetrations in some forums, and learn the idea of ​​a case study. Every site is different, so the idea is the main one.
  • ③ Learn the art of asking questions, and be good at asking questions if you don’t understand.
  • Time to configure the penetration environment: (3 weeks to 4 weeks)
  • ① Understand the commonly used tools for penetration testing, such as (AWVS, SQLMAP, NMAP, BURP, Chinese kitchen knife, etc.).
  • ② Download the backdoor-free versions of these tools and install them on your computer.
  • ③ Understand the usage scenarios of these tools and know the basic usage. It is recommended to search on Google.

Infiltration actual operation time: (about 6 weeks)

  • ① Search for actual penetration cases on the Internet, and gain an in-depth understanding of the use of SQL injection, file upload, and parsing vulnerabilities in actual combat.
  • ② Build a vulnerability environment test by yourself, recommend DWVA, SQLi-labs, Upload-labs, bWAPP.
  • ③ Understand the stages of penetration testing, and what actions need to be done in each stage: such as PTES penetration testing implementation standards.
  • ④ In-depth study of manual SQL injection, find ways to bypass waf, and make your own scripts.
  • ⑤ Study the principle of file upload, how to truncate, double suffix spoofing (IIS, PHP), parsing exploits (IIS, Nignix, Apache), etc., refer to: upload attack framework.
  • ⑥ Understand the principles and types of XSS formation, practice in DWVA, use a cms with XSS vulnerabilities, install security dogs, etc. for testing.
  • ⑦ Understand a sentence Trojan horse, and try to write a dog sentence.
  • ⑧ Research on privilege escalation under Windows and Linux, Google keywords: privilege escalation

Fourth, the recommendation of learning materials

The learning framework has been sorted out, and now the resources are missing. I have sorted out the resource documents corresponding to all the knowledge points here. If you don’t want to look for them one by one, you can refer to these materials!

Video supporting materials & domestic and foreign network security books, documents & tools

 Of course, in addition to supporting videos, various documents, books, materials & tools have been sorted out for you, and they have been classified into categories for you.

Some video tutorials that the author bought by himself, but which are not available on other platforms for free.

SRC&Hacking Technical Documentation

If you want to get involved in hacking & network security, the author has prepared a copy for everyone: 282G the most complete network security data package on the entire network for free! After following me, it will be automatically sent to everyone! After everyone pays attention, just pay attention to the background news~


epilogue

Cybersecurity is a critical issue in today's society. With the rapid development of science and technology, the network has penetrated into every aspect of our lives, bringing us great convenience and opportunities. However, there are also various risks and threats in the network, such as hacker attacks, data leakage, etc. Therefore, learning network security knowledge has become a problem that everyone should pay attention to and pay attention to.

Special statement:

This tutorial is purely technical sharing! The purpose of this tutorial is in no way to provide and technical support for those with bad motives! Nor does it assume joint and several liability arising from the misuse of technology! The purpose of this tutorial is to maximize everyone's attention to network security and take corresponding security measures to reduce economic losses caused by network security! ! !

Guess you like

Origin blog.csdn.net/2301_77162959/article/details/132459257
Recommended
LFOSSA Yuanlaisusu Open Course | Mastering the Cloud Native Future: Comprehensive Guide to CNCF Certification and Exam Preparation Tips
Ranking
C++ Basic Syntax
bootstrapTable hides a column based on a condition
Why is reentrant lock recommended instead of Synchronized when dynamic high concurrency?
hexo create a blog
[Fully open source and non-encrypted version] Imitation of the eighth district distribution/online signature/multiple sets of download templates/APP distribution hosting/APP packaging and packaging
Polymerization combination
https://www.flysnow.org/2017/05/06/go-in-action-go-log.html
From the perspective of Flutter and the front-end, talk about how to ensure UI fluency under the single-threaded model
nginx-301, 302 redirect
Geolocation by IP Address in ASP.NET
Daily
More
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)

Code World

© 2018 codetd.com