I started from 2013 led to participate in vocational assessment of information security management and information security skills competition in 2015, a year visiting scholar at Beijing University of Posts and Telecommunications Information Security Center, visiting scholar at the end of the second half of 2016, back to school, started to concentrate led participate in various competitions, in 2018 he began to participate in CTF competition, along the way, so far there are few years.
Day and age, information technology is profoundly changing the whole of human society, in information technology, I think there are several of the most important direction of development: artificial intelligence, big data, cloud computing, networking, information security. Up to the national level, this is a national vigorously advocate and promote the core industries, down to university admissions, in recent years, these are the most popular green card professional. Max employment in the Salary Survey published for 2017 and 2018 World College graduates in information security professionals is the second consecutive year ranked first in the list. 
This is from my previous sessions of students who have graduated can be proved. Most of them work in Beijing, the basic monthly salary at 10K or more. So learning information security, wide employment prospects, high salary, this is beyond doubt.
But in fact we can re-think deeply about. Why is the highest information security professional treatment? This is of course because it is more a shortage of expertise in this area. Why people would be a shortage of it? I think the main reason is that the learning curve is very large information security technology, is particularly broad range of knowledge, information security really want to learn is not easy.
As a perennial instructor led to participate in the competition, I am currently most troublesome problem is how to select the best players. New students every year I will do a lot of publicity, there are many students want to join our team, for example, in 2019 in this year's freshmen will recruit nearly 100 students. But your soldiers in the fine rather than more, most of these students will eventually be eliminated.
For this group of new entrants to the students, I first put forward three requirements, that is, the ability to have three areas:
self-learning
self-control
coding capacity
of these three capabilities I will not start illustrates, in short, you look at the inner self look, if you do not have these three capabilities, that is do not waste time in this regard.
No problem for the self-confidence of the students in this area, then I arranged for an entry-learning path is divided into three major off:
First off, Linux
Linux systems are now too important, if not using Linux, then not only can not learn information security, others, such as artificial intelligence, big data, cloud computing, Internet of things, also can not learn, Linux is specialized in these areas must continue to learn to have the foundation. But the Linux learning curve is very steep, very friendly especially for beginners, because of the need to memorize a lot of command in early learning. So Linux is the first entry I put off, if not pass this off, then an early close hand, find another suitable learning other direction. But if we can have this off, even if the final was stuck in the other points, we can not continue to study information security, but also give themselves a very important skill to learn the field of artificial intelligence in the future will be more relaxed.
In addition Then again, Linux is actually not so difficult to learn, we must grasp the Standing Orders also about 50 in the entry stage, we do not have in-depth study, as long as have some basic knowledge on the line. Specifically, I have prepared a few lessons and 50, as long as the completion of these courses and pass the examination, then this entry Linux first hurdle even before. These courses are:
to understand and secure Linux system (say 17):
https://edu.51cto.com/sd/64978
Linux file and directory management (say 29):
https://edu.51cto.com/sd/8b646
Linux user and rights management (top 15 say):
https://edu.51cto.com/sd/36ff3
the last hurdle, I will combine Kali and Metasploit to introduce some of the more basic buffer overflow vulnerabilities. In short, the ability to remember and flexible to use common Linux commands are the core of this off.
Second off, Python
Those who participated in CTF competition students know, if not Python, it is impossible to move in the game, but if they can be proficient in Python, will be even more powerful.
The essence of Python, of course, it was a colorful library, but I think, have some knowledge of Python's core syntax is also important, frequently used functions and methods of processing lists, strings of these objects, and various derivations and exception handling, etc. these are Python's unique skills. Elegant, simple, clear, I am in the process of learning of Python, it would often powerful with just one line of code that can be achieved and lovely. In addition, Python currently it is too hot, and as with Linux, mastered Python, even if ultimately not a safe school, then their own learning in other areas will also be helpful.
Python tutorial is very large, as a beginner, we must be careful not to choose the wrong course. Some Python course is for artificial intelligence direction, some direction for large data, though they are Python, but the content will be very large differences in learning. We want to learn Python, of course, is the direction for information security. My idea is to combine part of classical cryptography and coding of information in terms of the basics of Python, specifically also have a few lessons and 50, with the first set of courses has been released, a second set of courses is recording editing:
Python basic syntax ( 16 speaking)
https://edu.51cto.com/sd/53aa7
Third off, Web security
Too many areas of information security covered, if I had to choose one of the most important areas, then the current situation, there is no doubt that Web security (of course, the future is likely to be binary and reverse).
In recruitment for information security, the largest group is *** test engineer, this is a typical Web safe direction, this post is typical Qualifications: 
Of course, as the entry stage, we do not need and can not grasp so much content , I asked this off as long as you can master the basic SQL injection.
First of all, to be able to be injected by hand for PHP + Mysql.
Secondly, it must be able to use the tools SQLMAP injection.
Finally, to be able to defend against SQL injection from the perspective of PHP code audit.
This is off the main course is to learn:
Web *** test https://edu.51cto.com/sd/45eb5
PHP code audit (due to force majeure, this program has now been off the shelf, I will adjust back content, re-record a new course).
If we can ultimately pass these three tests, then you can officially join our security team, and you also have the basic quality of further study of information security. Next to learn how you can combine personal interest to choose a suitable main direction.
As for learning, I think there are mainly two:
1. SRC Burrows (combat-type)
SRC, which is vulnerability response platform. This method of learning belong to actual combat, the Internet is the vulnerability of each excavation site, and then write a detailed report submitted to the SRC platform, both to improve their technology, but also can earn valuable rewards. But I do not recommend college students using this approach to learning, because only *** and white hat in an idea, if you accidentally crossed the red line of the law, it may harm than good.
2.CTF game (theoretical model)
CTF, that is, capture the flag game, this is the field of information security the most popular form of the game, I think that learning is best for college students. This method of learning is to do the main title, but the title race involving almost all areas of the computer, so to participate in CTF competition can greatly broaden their knowledge.
Of course, the difficulty of CTF game is very large, especially for students in vocational and want to get good results in a number of major national competitions, the probability is almost zero. But the game is just one way of promoting our study, the results fell to the second. In addition, opportunities will always be those who are prepared to, as long as their ability to, you never know when you can catch opportunities.
These are the personal point humble opinion, we welcome different opinions, very happy to share with you.