Security practitioners have living environment, there are two, mostly in professional security companies, there are some non-professional security company,

Non-security company
in the non-security company, what to do with security? In general non-security company to do security, mainly because some of the large Internet companies , the company's business needs security, critical data needs protection,
to help businesses do a good job security is reflected in the value of security practitioners, general non-secure corporate security issues :

1 ****** business, leading to business interruption;
2. black middle class "pull out the wool," cause significant damage to the company's business;
3. *** steal important company assets and data.

With the rapid development of the Internet age, there are many new rise of Internet companies, such as: headlines today, the US group, hungry yet, a lot of fight, Dajiang, OPPO and other companies, they are in a time of rapid development, but also can not do without open security, these new Internet companies, many have reached the scale of tens of billions of dollars, the company's business development needs security guarantee, can be seen in recent years a large number of these Internet companies are also hiring new kinds of security personnel from the host security to mobile security, from wEB *** *** testing to network security, threat intelligence from AI to analyze large data security, have to recruit people mad, to attract these security personnel, the main task is to ensure the normal operation of the company's business, prevent ******, business interruption, business critical data loss or theft and other security problems, these security issues need to solve security practitioners, according to different business, different business needs, a professional security expertise to help businesses or customers resolve the security issues in order to reflect the value.

Security company
specializing in security company is mainly to provide security products and services to other companies , such as Rising, Kingsoft, Jiangmin, 360 and so on are part of the traditional security company with operations primarily 2C (goods or services primarily for individual users ), is to do business safety, security rely on to make money.
There are other security companies, such as: Venus, the Green League, deeply convinced, the main business is 2B (goods or services primarily for corporate users) to ensure the safety of other non-corporate business's normal operation and safety protection, reinforcement and so on.

In response to these professional security company will not say what to do with security, mainly the talk about the value of the security enterprise security practitioners in what ?

Intrinsically safe against black is produced? Zhiyizhibi, know yourself, safety and security *** are complementary, not attack, but where's the proof? Therefore, the study of various black production *** methods and technical means, security practitioners is an essential skill.
Security company's security products are made by developers, but often most of the developers do not have professional security knowledge, led to the development of safe products do not increase the capacity, or the latest security issues can not be solved timely and effectively, leading to customer Not satisfied, any security products require long-term safe operation, constantly updated security features inside, in order to ensure enterprise security products can promptly and effectively solve the latest security issues. Namely: Safety is always confrontational, not once.
Sometimes, can be understood: do security research is constantly filled pit, digging to do is to continue to produce black, black hole production dug much, you need security practitioners how to fill the pit, how much can fill the pit, is reflected in security practitioners the value of those .

Domestic enterprise security market is great, the future still has much room for development.
Now fight a variety of security products, there is still much room for the development of enterprise security, future competition will be growing.

For enterprise security products, there are mainly three categories of products:

1. perimeter defenses the AF (NGAF);
2. the SIP situational awareness;
3. terminal security EDR.

AF border defense
perimeter defenses there are two types of firewall and WAF. For example, rely on firewalls block traffic, by appropriate rules or library, with the rules, there will be a basis for interception, and the rule is how come, security threats are following the market analysis can be accomplished, then the rule will be ready to change the external security environment updated development.

SIP situational awareness
situational awareness is actually a threat intelligence alarm, its role is to provide users with enterprise security alarm, since it is a threat intelligence alarm, that there is no threat intelligence, and how the alarm.

Endpoint Security EDR
called anti-virus software before, and now a few more features, with a background management system, unified management terminal, now have become a cloud pipe end EDR, EDR fact, no matter how evolved, the most important function is : safety testing and disposal, security and defense, security threat detection relies on intelligence, there is no threat intelligence is also not detected anything, the terminal features a lot safer than safe disposal of AF and SIP.

Some media and security vendors are also on the basis of these types of products, we introduced a variety of new concepts invented a new term, not much to say.
On the current status of major domestic security vendors of security products business point of view, indeed there is still much room for development and improvement, security practitioners need to use their professional knowledge, enabling these products, continuous operational improvements, to improve these security products security capabilities.
For example, the area of security popularize the product comes WAF products, has long been monopolized by several giant, compared to the previous mentioned earlier the Green League, blind and so on. In recent years, the emergence of a group of small, innovative provider of security products, such as pavilion, Switzerland number, ShareWAF. Its products are very creative, a great latecomers, even subversive feeling. Such is ShareWAF, WAF is an innovative class of the senses, but is taking the partial 2C, low-end line, very unique, grabbed the mass market level user needs.

Nowadays, we are talking about the threat intelligence, situational awareness talk, talk AI, Big Data, Big Data threat intelligence + + AI, like enterprise security, there had been blocking these files can be a variety of security threats, but in fact we have overlooked a important issue, and that is: Intrinsic safety is always against the people, talent is the biggest security risk! Do black people continue to improve their production of *** practices, will continue to have new security threats emerge, which requires security practitioners we can continually do their own work, and constantly improve their safety skills through their professional skills, obtain the latest threat intelligence, added to the company's security products.

Accurate and effective, high quality latest threat intelligence from where? This means I am talking about the value of security practitioners lies. Any security research and analysis, the final output is to provide a variety of useful information for business intelligence threats to security products, product developers again according to research security practitioners, continue improve the security capabilities of enterprise security products. Some foreign professional security company, has its own professional team of threat intelligence, for example, has developed rapidly in recent years, the two foreign security company, palo alto and fortinet there.

unit42.paloaltonetworks.com  
fortinet.com/blog/threa

This is their official blog, the proposed security practitioners collections, the above information often have great value.

Domestic enterprise security market than to imagine large, but the domestic enterprise security products did not generate more income, there are more room to grow.
How security products for enterprises to create more value, needs some domestic security business leaders, and safety research, you can learn from foreign experience some of the best security companies, so that security practitioners have more say in the product development process of operation, we mutual cooperation and improving the ability of security products, do a good job security.

In some specialized threat intelligence firm, they are also have their own threat analysis team. Mainly from the sample to look for threat intelligence, these threats are the latest and most effective intelligence, of course, this part of the threat intelligence is the highest of these threats intelligence company charges, and charges only for high-end customers, customer information used by most ordinary It is extracted by using some automated tools. Through automated tools can extract, does not guarantee the accuracy of threat intelligence and efficiency, security practitioners need an enterprise or secondary screening to identify, these are reflected in the value of security practitioners, how to create more effective high-value intelligence threat .

Some companies also red team against the Blues, red and blue through a variety of security research, ****** exercises to enhance the security capabilities of enterprises. Most security companies have their own Blues, Blues is to give enterprise security products to find the problem, thereby enhancing the ability of enterprise security products, which is the value of the safety practitioners, for each major business security products provide security capabilities output and a supporting role, continue to help enterprises improve their security products security capabilities, through good security products to help enterprise customers address security issues, which reflects their value.

Which security practitioners in the study regardless of the security: vulnerability discovery, security analysis, *** testing, security and development, code audit, security reinforcement, need to continue to study at work, the sense to do their own work.
Security practitioners whether you are in the non-security company or security company, are intended to provide more security capabilities
hope that every security practitioner can realize their value, so that the leaders and customers can really do feel bring security benefits, to win their approval, so to get a good return on their own, rather than leadership and customers ask you: what to do with safety, value in what?

v2-ac6b82519026a0df2c7b0870e3704ec3_b.jpg

Outside voice:
passerby:
"Leadership and customers ask you: what to do with security, the value of which?"
I do not think the customer and leadership will ask these questions after Paul and Safety Act to find out about 2.0 and so on.
Under revert to the President of the study, "What to do with security, What is the value," is no longer a problem!

Lu Renyi:
domestic security companies have done really good, you can say no, not really, because the environment is so high that you regressed cost you your technology, you no human use, as the authors say Qiming, green League, deeply convinced that the three companies which is not relying on a large number of lay people, under N strokes each year and more graduating students simply went to training in the field. Technology really Niubi it? Not regressed, which is by lay people, to put it nicely called good service, that ugly point is fooled. Really solve the problem? Not necessarily. Look at what you say ShareWAF, I rely on, this is the goods to go the cheap route, a WAF, the Green League to sell 100,000, he sold 8000, rely on, as long as not eating public money will be deducted, would definitely take his family up. This is the market, this is the reality.

Lu Renbing:

The real value of the security personnel, non-security company is to save the company how much money, how much to provide convenient, it is to ensure that nothing happens, if there are questions Zhaode Zhu. The company only cares about money that a safety factor, foreign Why care about safety? Because the impact of fines and revenues the real deal , not necessarily the country, how about hotel data leaked? Not later. It is estimated that 2.0 and other insurance down, the country will be very hard punishment. In the security company is how much money for the company.