write at the beginning
There is a saying that is very useful for self-study friends: Blind self-study will only destroy you!
The author himself studied in an ordinary undergraduate school in 2017. In June 2020, when he had three years of experience, he successfully passed the school recruitment internship interview and entered a large factory. Now he works in a safety joint laboratory of a large factory. Why do I say self-study network security, ordinary people, I still advise you to forget it, don't learn it blindly. Because I have suffered too much on this!
First of all, let me talk about my understanding of network security. In fact, the most important thing is interest. If you are not interested in this industry, giving up as soon as possible is your best choice now.
Let me talk about my personal experience first: I entered the big factory mainly by self-study and internal advancement. I was only 20 years old at the time. Based on my love for hackers, every time I finished my work, I would read this book every day. I will compare and actively research various technologies and take on some tasks (unlike most lay-flat people), and I may still feel that I am not enough. I have gnawed the basics of tcp/ip protocol, routing and switching °, and learned c++ for a while. Based on my school background, I also inevitably have some inferiority complex. I always feel that I came from a wild way, and I want to sort out the system of guerrillas and regular troops. I've been looking at php in recent months (yes, that's the best programming language), and I plan to look at the authoritative guide to http in the future. In addition to work, I also took the initiative to familiarize myself with the equipment of several manufacturers, which may be the spirit of "ingenuity" in me. This is my unusual performance!
How to Get Started Learning Cyber Security
Learning network security requires a solid basic knowledge of computers and networks. If you want to engage in research and development positions in the field of network security in the future, you also need to have a solid mathematical foundation. Since the overall amount of knowledge is very large, learning network security should first have its own learning entry point. For those with strong hands-on ability, they can start from the basic knowledge of the network, and then gradually understand the various network security equipment. related information.
Network Security Growth Roadmap
Let’s take a look at an overall road map first, and get a preliminary understanding of what knowledge needs to be learned in this direction.
I have divided it into six stages, but it does not mean that you have to learn all of them before you can start working. For some junior positions, you need to learn the first Three or four stages are enough. Come on, don't talk much, let's learn together and witness the growth path from zero-based advancement to network security engineer!
study plan
Stage 1: Junior Network Security Engineer
Next, I will arrange a one-month primary plan for network security for you. After you finish the study, you can basically work in a network security-related job, such as penetration testing, web penetration, security services, security analysis, etc. ;Among them, if you learn the security module well, you can also work as a security engineer.
Comprehensive salary range 6k~15k
1. Theoretical knowledge of network security (2 days)
①Understand the relevant background and prospects of the industry, and determine the development direction.
②Learn laws and regulations related to network security.
③The concept of network security operation.
④Multiple guarantee introduction, guarantee regulations, procedures and norms. (Very important)
2. Penetration testing basics (1 week)
①Penetration testing process, classification, standards
②Information collection technology: active/passive information collection, Nmap tools, Google Hacking
③Vulnerability scanning, vulnerability utilization, principles, utilization methods, tools (MSF) , Bypass IDS and anti-virus reconnaissance
④ Host attack and defense drill: MS17-010, MS08-067, MS10-046, MS12-20, etc.
3. Operating system basics (1 week)
①Common functions and commands of Windows system
②Common functions and commands of Kali Linux system
③Operating system security (system intrusion troubleshooting/system reinforcement basis)
4. Computer network foundation (1 week)
①Computer network foundation, protocol and architecture
②Network communication principle, OSI model, data forwarding process
③Common protocol analysis (HTTP, TCP/IP, ARP, etc.)
④Network attack technology and network security defense Technology
⑤ Principles and Defenses of Web Vulnerabilities: Active/Passive Attacks, DDOS Attacks, CVE Vulnerability Reappearance
5. Basic database operations (2 days)
①Database basics
②SQL language basics
③Database security reinforcement
6. Web penetration (1 week) ①Introduction
to HTML, CSS and JavaScript
②OWASP Top10
③Web vulnerability scanning tools
④Web penetration tools: Nmap, BurpSuite, SQLMap, others (kitchen knife, missed scan, etc.) About 1 month. You've successfully become a "script kiddie". So do you want to continue exploring?
Phase 2: Intermediate or senior network security engineer (depending on your ability)
Comprehensive salary range 15k~30k
7. Script programming learning (4 weeks)
in the field of network security. Having programming ability is the essential difference between "script kiddies" and real network security engineers. In the actual penetration testing process, in the face of a complex and changeable network environment, when the common tools cannot meet the actual needs, it is often necessary to expand the existing tools, or write tools and automated scripts that meet our requirements. Some programming ability is required. In the CTF competition where every second counts, if you want to efficiently use self-made scripting tools to achieve various purposes, you need to have programming skills.
For students with zero foundation, I suggest choosing one of the scripting languages Python/PHP/Go/Java to learn programming of commonly used libraries.
Build a development environment and choose an IDE. The PHP environment recommends Wamp and XAMPP, and the IDE strongly recommends Sublime;
Python programming learning, learning content includes: grammar, regularization, files, network, multi-threading and other common libraries, recommend "Python Core Programming", there is no need to read it
Write the exploit of the vulnerability in Python, and then write a simple web crawler
Learn PHP basic grammar and write a simple blog system
Familiar with MVC architecture, and try to learn a PHP framework or Python framework (optional)
Learn about Bootstrap's layout or CSS.
Phase 3: Top Network Security Engineer
This part of the content is too far away for our students with zero foundation. Due to the space problem, I will not go into details. I will post a learning route for everyone. Interested children's shoes can be researched by themselves. Of course, you can also click here to add me to discuss, communicate and consult with me.
at last
Statistics show that there is currently a gap of 1.4 million cyber security talents in China...
Whether you are a cyber security enthusiast or a practitioner with certain work experience,
whether you are a fresh graduate or a professional who wants to change jobs ,
you all need this job. super super comprehensive information
almostBeats 90% of self-study materials on the market
And covers the entire network security learning category
to bookmark it!It will definitely help your study!
Friends, if you need a full set of network security introduction + advanced learning resource package, you can click to get it for free (if you encounter problems with scanning codes, you can leave a message in the comment area to get it)~
CSDN spree: "Hacker & Network Security Introduction & Advanced Learning Resource Pack" free sharing
1. A full set of toolkits and source codes necessary for network security
2. Video Tutorial
Although there are a lot of learning resources on the Internet, they are basically incomplete. This is the online security video tutorial I recorded myself. I have supporting video explanations for every knowledge point on the road map.
3. Technical documents and e-books
The technical documents are also compiled by myself, including my experience and technical points in participating in the network protection operation, CTF and digging SRC vulnerabilities.
I have also collected more than 200 e-books on Internet security, basically I have popular and classic ones, and I can also share them.
4. NISP, CISP and other certificate preparation packages
5. Information security engineer exam preparation spree
6. Interview questions for network security companies
The interview questions about cyber security that have been sorted out in the past few years, if you are looking for a job in cyber security, they will definitely help you a lot.
Friends, if you need a full set of network security introduction + advanced learning resource package, you can click to get it for free (if you encounter problems with scanning codes, you can leave a message in the comment area to get it)~
CSDN spree: "Hacker & Network Security Introduction & Advanced Learning Resource Pack" free sharing