Why is network security suddenly so popular?
As cyberspace becomes the fifth space and basic social industries become fully Internet-connected, network security (or information security in a broad sense) is facing increasing threats, and the demand for network security talents is also showing a surge.
Even though many people can become self-taught and "cyberspace security" has become a first-level discipline, according to the conclusion of the "11th Cyberspace Security Discipline Professional Construction and Talent Cultivation Seminar", "my country's Cyberspace Security Talent Year The training scale is about 30,000 people, and the total number of information security professionals that have been trained is less than 100,000, which is a huge gap from the 700,000 currently needed." According to joint research statistics by Zhaopin Recruitment and 360 Internet Security Center, in the first half of 2018, the Internet The security talent demand scale index increased by 44.9% year-on-year compared to the first half of 2017.
Our country’s overall investment in network security is not high. In terms of network security construction, domestic network security investment accounts for less than 3% of informatization investment, while in developed countries such as Europe and the United States, it is more than 10%, and some even exceed 15%. In terms of investment scale and awareness of network security, there is a huge gap between us and foreign countries. Compared with our digital dependence, this is still a very big contrast.
According to Tencent Security's "Internet Security Report for the First Half of 2017", in recent years, my country's university education has trained only more than 30,000 information security professionals, while the total demand for network security talents has exceeded 700,000, with a gap as high as 95%.
Why is there a big talent gap in cybersecurity?
The rapid changes in the international and domestic network environment have given rise to a series of security policies, which have gradually developed the network security industry from a niche industry into a national strategic emerging industry, keeping pace with artificial intelligence, big data, cloud computing and other fields.
For most government and enterprise units, network security has changed from "optional" to "required" or even "mandatory". Security teams are no longer exclusive to large manufacturers or Internet companies. As long as they are "connected to the Internet", they need security talents to join.
In the past, when many government and enterprise units divided IT departments and positions, they only had R&D and operation and maintenance departments, and security personnel were directly assigned to the basic operation and maintenance department; but now, in order to meet the requirements of national security laws and regulations, more and more units have It is necessary to establish an independent network security department, recruit security talents from all parties, and establish an SRC (Security Response Center) to protect its products, applications, and data.
According to data from the Ministry of Education’s “White Paper on the Practical Ability of Cybersecurity Talents”, 34 domestic universities have established first-level cyberspace security disciplines. By 2027, the shortage of network security personnel in my country will reach 3.27 million, while the talent training scale of universities is 30,000 per year. Many industries are facing a shortage of cybersecurity talent.
Moreover, when we go to the recruitment website and search for job titles such as [Network Security], [Web Security Engineer], [Penetration Test], etc., we can see that security positions have good remuneration and benefits. As the length of service and salary increase, it shows that "the older you get, the more popular you become." Condition.
[----To help you learn about Internet security, get all the following learning materials for free! 】
① Mind map of network security learning and growth path
② 60+ classic network security tool kits
③ 100+ SRC vulnerability analysis reports
④ 150+ practical network security attack and defense technology e-books
⑤ The most authoritative CISSP certification exam guide + question bank
⑥ Over 1800 pages of CTF practice Skills Manual
⑦ The latest collection of interview questions from major Internet security companies (including answers)
⑧ APP client security detection guide (Android + IOS)
Cybersecurity Learning Path (Employment Level)
Let me reiterate, this learning route is mainly for employment. If you are just interested and want to be a hacker friend, you can leave it.
Many people come up and say they want to get into the network security industry, but they start learning without even knowing the direction. In the end, they just end up in vain! Hacking is a big concept that includes many directions, and different directions require different learning content.
Network security can be further subdivided into: network penetration, reverse analysis, vulnerability attacks, kernel security, mobile security, cracking PWN and many other sub-directions. Today's article is mainly aimed at the direction of network penetration. Other directions are for reference only. The learning routes are not exactly the same. I will sort them out separately if I have the chance.
Today, I will compile for you the most mainstream career planning route learning process for self-study network security at the enterprise level:
Preschool speech
- 1. This is a path to persevere. If you are enthusiastic for three minutes, you can give up and move on.
- 2. Practice more and think more, don't know anything without leaving the tutorial. It is best to complete the technical development independently after reading the tutorial.
- 3. Sometimes when we search Google or Baidu, we often fail to meet a kind-hearted master who will give you answers without chatting.
- 4. If you encounter something you really don’t understand, you can put it aside for now and solve it later.
Step One: Clear Learning Route
You definitely need a complete knowledge architecture system diagram.
If the image is too large and blurred due to compression by the platform, you can download the high-definition version without watermark at the end of the article.
Step Two: Phased Learning Goals & Planning
Enterprise Level: Junior Cybersecurity Engineer
1. Network security theoretical knowledge (2 days)
① Understand the relevant background and prospects of the industry and determine the development direction.
②Learn laws and regulations related to network security.
③The concept of network security operations.
④Introduction to MLPS, regulations, processes and specifications for MLPS. (Very important)
2. Penetration testing basics (one week)
①Penetration testing process, classification and standards
②Information collection technology: active/passive information collection, Nmap tool, Google Hacking
③Vulnerability scanning, vulnerability exploitation, principles, utilization methods, tools (MSF), bypassing IDS and anti-virus reconnaissance
④Host attack and defense drills: MS17-010, MS08-067, MS10-046, MS12-20, etc.
3. Operating system basics (one week)
①Common functions and commands of Windows system
②Common functions and commands of Kali Linux system
③Operating system security (system intrusion investigation/system reinforcement basis)
4. Computer network basics (one week)
①Computer network basics, protocols and architecture
②Network communication principles, OSI model, data forwarding process
③Common protocol analysis (HTTP, TCP/IP, ARP, etc.)
④Network attack technology and network security defense technology
⑤Web vulnerability principles and defense: active/passive attacks, DDOS attacks, CVE vulnerability recurrence
5. Basic database operations (2 days)
①Database basics
②SQL language basics
③Database security reinforcement
6. Web penetration (1 week)
①Introduction to HTML, CSS and JavaScript ②OWASP Top10 ③Web vulnerability scanning tools ④Web penetration tools: Nmap, BurpSuite, SQLMap, others (Chopper, Miss Scan, etc.)
The above learning route comes with a complete set of tutorials, which I personally paid tens of thousands of yuan to purchase at a training institution. If any friends need to scan the QR code below to get it for free, share it for free!
Some self-study introductory books on network security that I have collected
Some video tutorials that I bought myself and cannot be found on other platforms:
If you learn this, you can basically work in a network security-related job, such as penetration testing, web penetration, security services, security analysis and other positions; if you learn the MLPS module well, you can also work as a MLPS engineer. The salary range is 6k-15k.
Advanced: Script Programming (Beginner/Intermediate/Advanced)
in the field of cybersecurity. The ability to program is the essential difference between "script kiddies" and real hackers . In the actual penetration testing process, in the face of complex and changeable network environments, when commonly used tools cannot meet actual needs, it is often necessary to expand existing tools, or write tools and automated scripts that meet our requirements. At this time, Requires certain programming skills. In the CTF competition, where every second counts, if you want to effectively use homemade script tools to achieve various purposes, you need to have programming skills.
For beginners, it is recommended to choose one of the scripting languages Python/PHP/Go/Java and learn to program common libraries; build a development environment and choose an IDE. Wamp and XAMPP are recommended for PHP environments, and Sublime is highly recommended for IDEs; ·Learn Python programming , the learning content includes: grammar, regularity, files, networks, multi-threading and other common libraries. We recommend "Python Core Programming", don't read it all; · Use Python to write exploits for vulnerabilities, and then write a simple web crawler; · PHP basic syntax Learn and write a simple blog system; Be familiar with the MVC architecture, and try to learn a PHP framework or Python framework (optional); ·Understand Bootstrap layout or CSS.
Senior Network Security Engineer
This part of the content is still relatively far away for students with zero foundation, so I won’t go into details and post a rough route. If you are interested in children's shoes, you can research it.
