Someone said: "Why are hackers better than programmers? Why do so many people start to change careers?"
In fact, hackers are all programmers, but not all programmers are hackers.
Judging from the needs of enterprises and society, there is no shortage of programmers, but there is a large shortage of security engineers. With the same monthly salary of 8,000 yuan, there are a lot of programmers, but it is difficult to recruit security engineers. The most important thing is that programmers have to work overtime. , most people's first impression of programmers is the "Mediterranean Sea", which seems to have been even more underestimated.
Table of contents
1. Why do so many programmers switch jobs in network security?
2. What kind of position is network security?
3. Misunderstandings that programmers will avoid when learning network security
1. Try to learn network security based on programming
2. Believe that cybersecurity does not require programming skills
3. Try to learn cybersecurity as a hobby
4. How to effectively learn network security?
The first stage: Getting started with basic operations and learning basic knowledge
The second stage: practical operation
The third stage: Participate in CTF competition or HVV action
5. Recommendation of study materials
1. Why do so many programmers switch jobs in network security?
Compare a programmer to an infiltrator and you get the idea.
Programmer:
Advantages:
1. The salary is high, and the campus recruitment fee for big companies is generally 24K*15.
2. There are many positions, no matter in big cities or small cities, there are positions everywhere.
3. There is a great sense of accomplishment during study
. 4. There are rich learning resources, many websites There are complete tutorials
Disadvantages:
1. There are rumors on the Internet that 35-year-olds were laid off
2. Severe overtime work, daily 996, and even PDD situations
3. High competition pressure, with dozens of people applying for one position, very replaceable
4. Gradually attaching importance to academic qualifications, Nowadays, the threshold for big manufacturers is basically one book or 211 to start
penetration/installation:
Advantages :
1. The salary is high, 16k for the first-line and 13k for the second-line. There are many people there.
1. It’s easier than a programmer and less overtime work.
2. The work content is more “cool” than a programmer. I say that I am a white hat to the outside world.
3. There is little employment pressure and competition pressure. 4.
Don’t pay much attention to academic qualifications. As long as the skills are strong enough, a junior college student can get more salary than a master’s degree. 5. There
are many ways to get extra money. You can make small money by digging loopholes and submitting SRC. It is not a problem to join HW and earn 2K a day.
6. Compared with the program For programmers, they rely more on experience and experience, which means they may become more popular as they get older.
Disadvantages:
1. The salary may not be as good as that of programmers just after graduation
2. The study period is boring and it is difficult to have a sense of accomplishment
3. Employment threshold It will get higher and higher in the future.
4. The tutorials are incomplete and it is difficult to find free and useful ones.
2. What kind of position is network security?
What kind of job is network security?
- Huge talent gap
- High salary level
- Shortage of counterpart practitioners
- Very flexible
The Internet has always emphasized that the security industry has good development prospects, but most of them are presented in text or data charts. However, this time CCTV directly stated that the gap of people has exceeded 1.4 million. And every year, there are more than 1.4 million people graduating from colleges and universities. The demand for graduates in cybersecurity-related majors is only over 20,000, and there is a serious imbalance in supply. The cybersecurity industry has developed in recent years, and now there is a serious shortage of talent supply.
The demand for graduates of cybersecurity-related majors from colleges and universities every year is only more than 20,000, and there is a serious imbalance in supply. The cybersecurity industry has developed in recent years, and now there is a serious shortage of talent supply.
This will also mean an opportunity, and it will also be an opportunity to stand out from the tight encirclement in the inner world!
With the rapid development of science and technology, more and more enterprises are showing demand for comprehensive talents . Therefore, if you want to get a high salary, improving technology is the first priority, and in the future, the Internet industry will definitely need more high-tech or compound talents . As a network security industry, this field has become popular.
To put it simply, the development of network security has officially entered the development stage of "policy dividends + rapid development" in the next three years from the initial stage of "regulation construction + start-up development" in the past few years. Now is the best time to enter the industry!
Didn't Luo Jun have a saying: Standing on the wind, even a pig can fly. As a programmer, you have a programming foundation, which can be said to be more advantageous than those who want to change jobs in other industries. Your programming skills will be of great help for further studies such as code auditing that you will learn later. This is part of the reason why many programmers choose the network security industry nearby.
3. Misunderstandings that programmers will avoid when learning network security
1. Try to learn network security based on programming
Cybersecurity and programming are two different fields that require different knowledge and skills. Network security requires knowledge of network protocols, security protocols, encryption algorithms, vulnerability principles, etc., while programming requires knowledge of programming, algorithms, and data structures. If you try to learn network security based on programming, you may feel overwhelmed and a waste of time and energy.
2. Believe that cybersecurity does not require programming skills
Cybersecurity requires programming skills to develop and maintain security systems, write security test scripts, analyze and resolve security vulnerabilities, etc. Without programming skills, it can be difficult to fill these jobs.
3. Try to learn cybersecurity as a hobby
Cybersecurity requires professional knowledge and skills, and requires a lot of time and energy to learn and practice. If you try to learn cybersecurity on a hobby basis, you may struggle to achieve good results, and you may lose interest in cybersecurity. Therefore, if programmers want to switch to network security, they should first understand the knowledge and skills of network security, then choose a learning method and route that suits them, and invest enough time and energy in learning and practicing.
4. How to effectively learn network security?
Network security (hacking) learning route, you can learn according to this learning route
If the picture is too large and has been compressed by the platform and cannot be seen clearly, please like and leave a message in the comment area to get it. I will always reply
The first stage: Getting started with basic operations and learning basic knowledge
The first step to get started is to study some current mainstream security tool courses and books on basic principles. Generally speaking, this process takes about one month.
At this stage, you already have a basic understanding of cybersecurity. If you have completed the first step, I believe you have theoretically understood what the above is SQL injection, what is an XSS attack, and have mastered the basic operations of security tools such as burp, msf, and cs. The most important thing at this time is to start laying the foundation!
The so-called "laying the foundation" is actually the systematic learning of basic computer knowledge. If you want to learn network security well, you must first have 5 basic knowledge modules:
1. Operating system
2. Protocol/network
3. Database
4. Development language
5. Common vulnerability principles
What is the use of learning these basic knowledge?
The level of knowledge in various computer fields determines the upper limit of your penetration level.
[1] For example: If you have a high level of programming, you will be better than others in code auditing, and the vulnerability exploitation tools you write will be easier to use than others;
[2] For example: If you have a high level of database knowledge, then when you conduct SQL injection attacks, you can write more and better SQL injection statements and bypass WAFs that others cannot;
[3] For example: if your network level is high, then when you penetrate the intranet, you can understand the target's network architecture more easily than others. If you get a network topology, you can know where you are and the configuration of a router. File, you will know what routing they have done;
【4】For another example, if your operating system is good, your rights will be stronger, your information collection efficiency will be higher, and you can efficiently filter out the information you want to get.
The second stage: practical operation
1. Digging SRC
The main purpose of mining SRC is to put skills into practice. The biggest illusion in learning network security is to feel that you know everything, but when it comes to actually digging for vulnerabilities, you are at a loss. SRC is a very good skill application. Chance.
2. Learn from technology sharing posts (type of vulnerability mining), watch
and study all 0day mining posts in the past ten years, and then build an environment to reproduce vulnerabilities, think about and learn the author's digging thinking, and cultivate your own penetration thinking
3. Shooting range practice:
Build your own shooting range or go to a free shooting range website to practice. If possible, you can purchase it or sign up for a reliable training institution, which usually has supporting shooting range practice.
The third stage: Participate in CTF competition or HVV action
Recommendation: CTF competition
CTF has three points:
【1】The opportunity to get close to actual combat. Cyber security laws are very strict now, unlike before where everyone could mess around
【2】The topics keep up with the cutting edge of technology, but many books lag behind
【3】If you are a college student, it will also be helpful for finding a job in the future.
If you want to play CTF competition, go directly to the questions. If you don’t understand the questions, then go to the information based on what you don’t understand.
Recommended: HVV (protection net)
HVV has four points:
【1】It can also greatly train you and improve your skills. It is best to participate in the HVV action held every year.
【2】You can get to know many big shots in the industry and expand your network.
【3】HVV’s salary is also very high, so you can make a lot of money by joining it.
[4] Just like the CTF competition, if you are a college student, it will also be helpful for finding a job in the future.
5. Recommendation of study materials
Recommended book list:
Computer operating system:
[1] Coding: the language hidden behind computer software and hardware
【2】In-depth understanding of the operating system
【3】In-depth understanding of Windows operating system
【4】Linux kernel and implementation
Programming development category:
[1] windows programming
【2】windwos core becomes
【3】Linux Programming
【4】Advanced transformation of unix environment
【5】IOS becomes
【6】The first line of code Android
【7】C programming language design
【8】C primer plus
【9】C and pointers
【10】C Expert Programming
【11】C Traps and Defects
【12】Assembly language (Wang Shuang)
【13】java core technology
【14】java programming ideas
【15】Python core programming
【16】Linuxshell script strategy
【17】Introduction to Algorithms
【18】Compilation principle
【19】Practical combat of compilation and decompilation technology
【20】How to clean your code
【21】Code encyclopedia
【22】Detailed explanation of TCP/IP
【23】Rootkit: Lurkers in the gray area of the system
【24】Hacker attack and defense technology guide
【25】Encryption and decryption
【26】C++ disassembly and reverse analysis technology revealed
【27】Web security testing
【28】White hat talks about web security
【29】Proficient in script hacking
【30】Web front-end hacking technology revealed
【31】Applications for programmers
【32】English Writing Handbook: Elements of Style
Common network security and forums Kanxue Forum Security Class Safety
Cow Security
Internal
Reference
Green
Alliance Prophet
Community
SRC&hacker technical documentation
Everything has been divided into categories
If you want to get into hacking and network security, the author has prepared a copy for you: 282G, the most complete network security information package on the entire network, can be obtained for free! You can comment 1 in the comment area or follow me and it will be sent automatically.
Conclusion
The network security industry is like a river and lake, where people of all colors gather. Compared with many well-known and upright people in European and American countries who have a solid foundation (understand encryption, know how to protect, can dig holes, and are good at engineering), our country's talents are more of a heretic (many white hats may be unconvinced), so in the future talent training and In terms of construction, it is necessary to adjust the structure and encourage more people to do "positive" "system construction" that combines "business" with "data" and "automation". Only in this way can we quench the thirst for talents and truly provide comprehensive services to society. The Internet provides security.
Special statement:
This tutorial is purely technical sharing! This tutorial is in no way intended to provide technical support to those with ill intentions! We also do not assume any joint liability arising from the misuse of technology! The purpose of this tutorial is to maximize everyone's attention to network security and take corresponding security measures, thereby reducing the economic losses caused by network security. ! ! !