Network security is a very popular industry at the moment. Due to the low threshold, it has become the first choice for many programmers to change careers.
So what are the segmented positions in network security? What are the responsibilities of different positions? Here’s a brief explanation for you:
1. Penetration testing engineer
Responsible for penetration testing. In authorization mode, various attack techniques are used to penetrate Party A's real network and server environment, and provide test reports and repair suggestions.
2.Web security engineer
Responsible for the security services of one's own website, providing security suggestions for development from the code layer and business level, requiring a deep understanding of web security principles.
3. Security operation and maintenance engineer
Responsible for the operation and maintenance of one's own security defense system and emergency response work. Be able to skillfully configure security equipment, be proficient in penetration technology and security equipment principles, have broad knowledge and strong practical capabilities.
4. Security service engineer
Responsible for the safety debugging of Party A’s equipment. Need to be proficient in server, network technology, and security equipment principles and configurations.
5. Security project manager
Responsible for managing enterprise security personnel, familiar with their own business systems, keenly aware of security needs, tracking new security technologies, and initiating security projects, they belong to management personnel.
So which direction do you want to develop?
But no matter which path we want to take, it is very important to have an efficient study plan before studying. This can help us avoid many detours and get started and employed quickly!
The following is a summary of a set of learning routes suitable for zero-level network security. It is suitable for fresh graduates and career changers. After learning, the minimum is 6k! Even if you have poor foundation, if you can take advantage of the good development momentum of network security and continue to learn, it is not impossible to find a job in a big company and get a million-dollar annual salary in the future!
Junior network engineer
1. Network security theoretical knowledge (2 days)
① Understand the relevant background and prospects of the industry and determine the development direction.
②Learn laws and regulations related to network security.
③The concept of network security operations.
④Introduction to MLPS, regulations, processes and specifications for MLPS. (Very important)
2. Penetration testing basics (one week)
① Penetration testing process, classification, standards
② Information collection technology: active/passive information collection, Nmap tools, Google Hacking
③ Vulnerability scanning, vulnerability exploitation, principles, utilization methods, tools (MSF), bypassing IDS and anti-virus reconnaissance
④ Host attack and defense drills: MS17-010, MS08-067, MS10-046, MS12-20, etc.
3. Operating system basics (one week)
① Common functions and commands of Windows system
② Common functions and commands of Kali Linux system
③ Operating system security (system intrusion troubleshooting/system reinforcement basics)
4. Computer network basics (one week)
①Computer network basics, protocols and architecture
②Network communication principles, OSI model, data forwarding process
③Common protocol analysis (HTTP, TCP/IP, ARP, etc.)
④Network attack technology and network security defense technology
⑤Web vulnerability principles and defense: active/ Passive attacks, DDOS attacks, CVE vulnerability recurrence
5. Basic database operations (2 days)
① Database basics
② SQL language basics
③ Database security reinforcement
6. Web penetration (1 week)
①Introduction to HTML, CSS and JavaScript
②OWASP Top10
③Web vulnerability scanning tools
④Web penetration tools: Nmap, BurpSuite, SQLMap, others (Chopper, Miss Scan, etc.)
Congratulations, if you learn this, you can basically work in a network security-related job, such as penetration testing, web penetration, security services, security analysis and other positions; if you learn the standard protection module well, you can also work as a standard protection engineer. Salary range 6k-15k
So far, about 1 month. You've become a "script kiddie." So do you still want to explore further?
[ Get "Script Kid" growth and advanced resources ]
7. Script programming (beginner/intermediate/advanced)
in the field of cybersecurity. The ability to program is the essential difference between "script kiddies" and real hackers . In the actual penetration testing process, in the face of complex and changeable network environments, when commonly used tools cannot meet actual needs, it is often necessary to expand existing tools, or write tools and automated scripts that meet our requirements. At this time, Requires certain programming skills. In the CTF competition, where every second counts, if you want to effectively use homemade script tools to achieve various purposes, you need to have programming skills.
For beginners, it is recommended to choose one of the scripting languages Python/PHP/Go/Java and learn to program common libraries; build a development environment and choose an IDE. Wamp and XAMPP are recommended for PHP environments, and Sublime is highly recommended for IDEs; ·Learn Python programming , the learning content includes: grammar, regularity, files, networks, multi-threading and other common libraries. We recommend "Python Core Programming", don't read it all; · Use Python to write exploits for vulnerabilities, and then write a simple web crawler; · PHP basic syntax Learn and write a simple blog system; Be familiar with the MVC architecture, and try to learn a PHP framework or Python framework (optional); ·Understand Bootstrap layout or CSS.
8. Super Internet worker
This part of the content is still relatively far away for students with zero foundation, so I won’t go into details and post a rough route. If you are interested in children's shoes, you can research it. If you don't understand the place, you can [click here] to join me and learn and communicate with me.
Network Security Engineer Enterprise Level Learning Route
If the picture is too large and has been compressed by the platform and cannot be seen clearly, you can [click here] and I will send it to you. You can also learn and communicate together.
Some video tutorials that I bought myself and cannot be found on other platforms:
If necessary, you can scan the card below and I will send it to you (all are shared for free). You can also learn and communicate together.
Conclusion
The network security industry is like a river and lake, where people of all colors gather. Compared with many well-known and decent people in European and American countries who have a solid foundation (understand encryption, know how to protect, can dig holes, and are good at engineering), our country's talents are more of a heretic (many white hats may be unconvinced), so in the future talent training and In terms of construction, it is necessary to adjust the structure and encourage more people to do "positive" "system construction" that combines "business" with "data" and "automation". Only in this way can we quench the thirst for talents and truly provide comprehensive services to society. The Internet provides security.
Special statement:
This tutorial is purely technical sharing! The purpose of this book is by no means to provide technical support to those with bad intentions! We also do not assume any joint liability arising from the misuse of technology! The purpose of this book is to maximize everyone's attention to network security and take corresponding security measures, thereby reducing the risks caused by network security.