1. Why choose network security?
In recent years, with the continuous implementation of a series of policies/regulations/standards such as China's "National Cyberspace Security Strategy", "Cybersecurity Law", and "Cybersecurity Level Protection 2.0" , the status and salary of the network security industry have increased accordingly.
The next 3-5 years will be the golden development period for the security industry. If you enter the industry early, you can enjoy the dividends of industry development.
2. Why is the network security industry a dividend for the IT industry?
According to the "Internet Security Report" released by Tencent Security, there is currently a serious shortage of cybersecurity talent supply in China. Only more than 30,000 security professionals are trained in universities every year, and the gap in cybersecurity positions has reached 700,000, a gap of 95%.
Moreover, when we go to the recruitment website and search for job titles such as [Network Security], [Web Security Engineer], [Penetration Test], etc., we can see that security positions have good remuneration and benefits. As the length of service and salary increase, it shows that "the older you get, the more popular you become." Case.
There are four major advantages to choosing the security industry:
01No age limit
There are many positions in the IT industry where people aged 35 and above are anxious about whether companies are willing to take on problems. Network security relies on the ability to solve problems. The more years you have been working in the industry and the more experience you have, the more valuable you are.
02 The academic qualifications threshold is relatively loose
. Currently, there are very few people who have majored in cyber security colleges and universities. First, there are very few schools that offer cyber security majors. Second, even if they do offer cyber security majors, there are very few students to train due to the shortage of teachers. Therefore, cyber security recruitment is still The main focus is on changing careers, and the requirements for age, major, and academic qualifications are not so rigid. The job market is relatively tolerant.
03The overall salary level is high
The starting salary of network security is higher than that of other IT industries. The starting salary is usually above 7k, and the maximum annual salary can be one million. There is also the opportunity to earn a lot of part-time income.
There are only three ways to learn network security technology
: the first is to apply for the network security major, now called the network space security major, the main professional courses: programming, computer composition principles and principles 9, data structure, operating system principles, database system, computer Network , artificial intelligence, natural language processing , social computing, network security laws and regulations, network security, content security9, digital forensics, machine learning, multimedia technology, information retrieval, public opinion analysis, etc.
The second type is self-study, which is to find resources and tutorials on the Internet, or find ways to meet some big guys and hug them tightly. However, this method is very time-consuming, and the learning is not planned, and it may take a long time. If you don’t make progress, you will be easily discouraged.
The third way is to find training. Of course, you can’t just find one at random. Mainly look for schools with strong teaching staff and good course quality.
So next, I will tell you how to get started with web security if you are engaged in or above.
When getting started with network security, should you first learn programming or computer basics? This is a controversial issue. Some people will suggest learning programming first, while others will suggest learning computer basics first. In fact, these are all things you need to learn. And these are very important to learn about cybersecurity. But for people with no basic knowledge or those who are eager to change careers, learning programming or computer basics is difficult and takes too long.
Cybersecurity learning routes & resources
[----To help you learn about Internet security, get all the following learning materials for free! 】
① Mind map of network security learning and growth path
② 60+ classic network security tool kits
③ 100+ SRC vulnerability analysis reports
④ 150+ practical network security attack and defense technology e-books
⑤ The most authoritative CISSP certification exam guide + question bank
⑥ Over 1800 pages of CTF practice Skills Manual
⑦ The latest collection of interview questions from major Internet security companies (including answers)
⑧ APP client security detection guide (Android + IOS)
03 There is a lot of knowledge about network security. How to arrange it scientifically and reasonably?
Junior network engineer
1. Network security theoretical knowledge (2 days)
① Understand the relevant background and prospects of the industry and determine the development direction.
②Learn laws and regulations related to network security.
③The concept of network security operations.
④Introduction to MLPS, regulations, processes and specifications for MLPS. (Very important)
2. Penetration testing basics (one week)
① Penetration testing process, classification, standards
② Information collection technology: active/passive information collection, Nmap tools, Google Hacking
③ Vulnerability scanning, vulnerability exploitation, principles, utilization methods, tools (MSF), bypassing IDS and anti-virus reconnaissance
④ Host attack and defense drills: MS17-010, MS08-067, MS10-046, MS12-20, etc.
3. Operating system basics (one week)
① Common functions and commands of Windows system
② Common functions and commands of Kali Linux system
③ Operating system security (system intrusion troubleshooting/system reinforcement basics)
4. Computer network basics (one week)
①Computer network basics, protocols and architecture
②Network communication principles, OSI model, data forwarding process
③Common protocol analysis (HTTP, TCP/IP, ARP, etc.)
④Network attack technology and network security defense technology
⑤Web vulnerability principles and defense: active/ Passive attacks, DDOS attacks, CVE vulnerability recurrence
5. Basic database operations (2 days)
① Database basics
② SQL language basics
③ Database security reinforcement
6. Web penetration (1 week)
①Introduction to HTML, CSS and JavaScript
②OWASP Top10
③Web vulnerability scanning tools
④Web penetration tools: Nmap, BurpSuite, SQLMap, others (Chopper, Miss Scan, etc.)
Congratulations, if you learn this, you can basically work in a network security-related job, such as penetration testing, web penetration, security services, security analysis and other positions; if you learn the standard protection module well, you can also work as a standard protection engineer. Salary range 6k-15k
So far, about 1 month. You've become a "script kiddie." So do you still want to explore further?
[ Get "Script Kid" growth and advanced resources ]
7. Script programming (beginner/intermediate/advanced)
in the field of cybersecurity. The ability to program is the essential difference between "script kiddies" and real hackers . In the actual penetration testing process, in the face of complex and changeable network environments, when commonly used tools cannot meet actual needs, it is often necessary to expand existing tools, or write tools and automated scripts that meet our requirements. At this time, Requires certain programming skills. In the CTF competition, where every second counts, if you want to effectively use homemade script tools to achieve various purposes, you need to have programming skills.
For beginners, it is recommended to choose one of the scripting languages Python/PHP/Go/Java and learn to program common libraries; build a development environment and choose an IDE. Wamp and XAMPP are recommended for PHP environments, and Sublime is highly recommended for IDEs; ·Learn Python programming , the learning content includes: grammar, regularity, files, networks, multi-threading and other common libraries. We recommend "Python Core Programming", don't read it all; · Use Python to write exploits for vulnerabilities, and then write a simple web crawler; · PHP basic syntax Learn and write a simple blog system; Be familiar with the MVC architecture, and try to learn a PHP framework or Python framework (optional); ·Understand Bootstrap layout or CSS.
8. Super Internet worker
This part of the content is still relatively far away for students with zero foundation, so I won’t go into details and post a rough route. If you are interested in children's shoes, you can research it. If you don't understand the place, you can [click here] to join me and learn and communicate with me.
Cybersecurity learning routes & learning resources
Scan the card below to get the latest collection of network security materials (including 200 e-books, standard question banks, CTF pre-match materials, commonly used tools, knowledge brain maps, etc.) to help everyone improve!
Conclusion
The network security industry is like a river and lake, where people of all colors gather. Compared with many well-known and decent people in European and American countries who have a solid foundation (understand encryption, know how to protect, can dig holes, and are good at engineering), our country's talents are more of a heretic (many white hats may be unconvinced), so in the future talent training and In terms of construction, it is necessary to adjust the structure and encourage more people to do "positive" "system construction" that combines "business" with "data" and "automation". Only in this way can we quench the thirst for talents and truly provide comprehensive services to society. The Internet provides security.
Special statement:
This tutorial is purely technical sharing! The purpose of this book is by no means to provide technical support to those with bad intentions! We also do not assume any joint liability arising from the misuse of technology! The purpose of this book is to awaken everyone's attention to network security to the greatest extent, and to take corresponding security measures, thereby reducing the economic losses caused by network security! ! !