How to seize the last dividend of the IT industry? Why is network security a popular industry?

Others 2023-05-07 19:41:51 views: null

foreword  

"There is no national security without cybersecurity". At present, network security has been elevated to the height of national strategy and has become one of the most important factors affecting national security and social stability.

Characteristics of the network security industry

1. The employment salary is very high, and the salary rises quickly. In 2021, Liepin.com released the highest employment salary in the network security industry, which is 337,700 yuan per capita!
2. There is a large talent gap and many employment opportunities

On September 18, 2019, the official website of the "Central People's Government of the People's Republic of China" published: my country needs 1.4 million cyberspace security talents, but schools across the country train less than 1.5 million people each year. Liepin.com's "Cyber ​​Security Report for the First Half of 2021" predicts that the demand for cyber security talents will be 3 million in 2027, and there are only 100,000 employees currently engaged in the cyber security industry.

The industry has a lot of room for development and many jobs

Since the establishment of the network security industry, dozens of new network security industry positions have been added: network security experts, network security analysts, security consultants, network security engineers, security architects, security operation and maintenance engineers, penetration engineers, information security management Data Security Engineer, Network Security Operations Engineer, Network Security Emergency Response Engineer, Data Appraiser, Network Security Product Manager, Network Security Service Engineer, Network Security Trainer, Network Security Auditor, Threat Intelligence Analysis Engineer, Disaster Recovery Professional , Actual combat offensive and defensive professionals...

Great career potential

The network security major has strong technical characteristics, especially mastering the core network architecture and security technology in the work, which has an irreplaceable competitive advantage in career development.

With the continuous improvement of personal ability, the professional value of the work will also increase with the enrichment of one's own experience and the maturity of project operation, and the appreciation space is bullish all the way, which is the main reason why it is popular with everyone.

To some extent, in the field of network security, just like the doctor profession, the older you are, the more popular you become. Because the technology becomes more mature, the work will naturally be valued, and promotion and salary increase are a matter of course.

There are three major advantages in choosing the security industry:

01 No age limit

In the IT industry, there are many positions in the IT industry where 35-year-olds are anxious, worrying about whether the company is willing to take over the problem, and network security depends on the ability to solve problems. The more years of work, the richer the experience, the more valuable it is.

02 The educational threshold is relatively loose

At present, there are very few colleges and universities with majors in cyber security. First, there are very few schools offering cyber security majors. Second, even if cyber security majors are offered, there are very few students trained due to the shortage of teachers. And the requirements for age, major, and education are not so strict, and the job market is relatively tolerant.

03 The overall salary level is high

The salary of network security is higher than that of other IT industries. The starting salary is usually more than 7k, and the annual salary can reach up to one million. There is also the opportunity to earn a lot of part-time income.

How to Get Started Learning Cyber ​​Security

​Pre-school speech

1. This is a road that needs to be persisted. If you only have three minutes of enthusiasm, you can give up and read on.

2. Practice more and think more, don't know anything without leaving the tutorial, it is best to complete the technical development independently after reading the tutorial.

3. If you have any questions, you can google, baidu... We often don't meet good-hearted masters, who will give you answers every day when they are bored.

4. If you really don't understand something, you can let it go first and solve it later.

Zero-based entry

For students who have never been exposed to network security, we have prepared a detailed learning and growth roadmap for you. It can be said that it is the most scientific and systematic learning route, and it is no problem for everyone to follow this general direction.

how to learn

Let's get down to the specific technical points, the network security learning route, the overall learning time is about half a year, depending on each person's situation.

If you refine the content you need to learn every week to this level, you still worry that you won’t be able to learn it, and you won’t be able to get started. In fact, you have learned it for two months, but you have to learn from east to west, what? The content is just a taste, and I haven't gone deep into it, so I have the feeling that I can't get into the door after studying for 2 months.

1. Concepts related to web security (2 weeks)

  • Familiar with basic concepts (SQL injection, upload, XSS, CSRF, one-word Trojan horse, etc.);
  • Google/SecWiki through keywords (SQL injection, upload, XSS, CSRF, one-word Trojan horse, etc.);
  • Read "Mastering Script Hackers", although it is very old and has errors, it is still possible to get started;
  • Watch some infiltration notes/videos to understand the whole process of actual infiltration, you can Google (infiltration notes, infiltration process, intrusion process, etc.);

2. Familiar with penetration related tools (3 weeks)

  • Familiar with the use of AWVS, sqlmap, Burp, nessus, chopper, nmap, Appscan and other related tools;
  • To understand the purpose and usage scenarios of such tools, first use the software name Google/SecWiki;
  • Download the backdoor-free versions of these software for installation;
  • Learn and use, specific teaching materials can be searched on SecWiki, for example: Brup's tutorial, sqlmap;
  • Once you have learned these commonly used software, you can install Sonic Start to make a penetration toolbox;

3. Infiltration combat operation (5 weeks)

Master the entire stages of penetration and be able to independently penetrate small sites. Look for infiltration videos on the Internet to watch and think about the ideas and principles, keywords (infiltration, SQL injection videos, file upload intrusion, database backup, dedecms exploits, etc.);

  • Find a site/build a test environment for testing by yourself, remember to hide yourself;
  • Thinking penetration is mainly divided into several stages, and what work needs to be done in each stage;
  • Study the types of SQL injection, injection principles, and manual injection techniques;
  • Research the principle of file upload, how to truncate, double suffix spoofing (IIS, PHP), parsing exploits (IIS, Nignix, Apache), etc.;
  • Study the principles and types of XSS formation, the specific learning method can be Google/SecWiki;
  • Study the method and specific use of Windows/Linux privilege escalation;

4. Pay attention to the dynamics of the security circle (1 week)

  • Pay attention to the latest vulnerabilities, security incidents and technical articles in the security circle;
  • Browse daily security technology articles/events through SecWiki;
  • Pay attention to practitioners in the security circle through Weibo/twitter (if you encounter a big cow’s attention or a friend’s decisive attention), take time to check it every day;
  • Subscribe to domestic and foreign security technology blogs through feedly/fresh fruit (not limited to domestic, usually pay more attention to accumulation), if you don't have a feed, you can look at the aggregation column of SecWiki;
  • Cultivate the habit of actively submitting security technical articles to link to SecWiki every day for accumulation;
  • Pay more attention to the latest list of vulnerabilities, and recommend a few: exploit-db, CVE Chinese library, Wooyun, etc., and practice when encountering public vulnerabilities.
  • Follow the topics or videos of domestic and international security conferences, and recommend SecWiki-Conference;

5. Familiar with Windows/Kali Linux (3 weeks)

  • Learn Windows/Kali Linux basic commands and common tools;
  • Familiar with common cmd commands under Windows, such as: ipconfig, nslookup, tracert, net, tasklist, taskkill
  • wait;
  • Familiar with common commands under Linux, such as: ifconfig, ls, cp, mv, vi, wget, service, sudo, etc.;
  • Familiar with common tools under the Kali Linux system, you can refer to SecWiki "Web Penetration Testing with Kali Linux", "Hacking with Kali", etc.;
  • Familiar with metasploit tools, you can refer to SecWiki, "Metasploit Penetration Testing Guide";

6. Server security configuration (3 weeks)

  • Learn server environment configuration, and be able to discover security problems in configuration through thinking;
  • IIS configuration under Windows2003/2008 environment, pay special attention to configuration security and operation permissions;
  • The security configuration of LAMP in the Linux environment mainly considers running permissions, cross-directory, folder permissions, etc.;
  • Remote system reinforcement, restrict user name and password login, and restrict ports through iptables;
  • Configure software Waf to strengthen system security, and configure mod_security and other systems on the server;
  • Use Nessus software to perform security detection on the configuration environment and discover unknown security threats;

7. Script programming learning (4 weeks)

  • Choose one of the scripting languages ​​Perl/Python/PHP/Go/Java to learn programming of commonly used libraries;
  • Build a development environment and choose an IDE. The PHP environment recommends Wamp and XAMPP, and the IDE strongly recommends Sublime;
  • Python programming learning, learning content includes: grammar, regularization, files, network, multi-threading and other common libraries, recommend "Python Core Programming", don't read it;
  • Write the exploit of the vulnerability in Python, and then write a simple web crawler;
  • Learn PHP basic grammar and write a simple blog system, see "PHP and MySQL Programming (4th Edition)", video;
  • Familiar with the MVC architecture, and try to learn a PHP framework or Python framework (optional);
  • Understand Bootstrap's layout or CSS;

8. Source code audit and vulnerability analysis (3 weeks)

  • It can independently analyze script source code programs and find security problems.
  • Familiar with the dynamic and static methods of source code audit, and know how to analyze the program;
  • Find and analyze the vulnerabilities of open source programs from Wooyun and try to analyze them yourself;
  • Understand the causes of web vulnerabilities, and then search and analyze them through keywords;
  • Study the formation principles of web vulnerabilities and how to avoid such vulnerabilities from the source code level, and organize them into a checklist.

9. Security system design and development (5 weeks)

  • Be able to build your own security system and put forward some security suggestions or system architecture.
  • Develop some practical security gadgets and open source to reflect personal strength;
  • Establish your own security system and have your own understanding and opinions on company security;
  • Propose or join the architecture or development of large security systems;

Finally, I also sorted out some learning materials and notes for you, most of which are quite good, I hope it will be helpful to everyone!

Partial display

video tutorial

Books 

SRC information package & HW network protection action

 interview questions 

Finally, I have compiled a simple learning method for everyone, which can be used for reference:

1. Read more books

Reading is always the most effective way. Although books are not necessarily the best way to get started, the understanding of books requires a certain foundation; but for now, books are a relatively reliable way to get started.

For example: "Hacking and Defense --- Detailed Explanation of Web Security Practical Combat", "Secrets of Web Front-end Hacking Technology", "The Road to Security: Analysis of Web Penetration Technology and Practical Cases (2nd Edition)"

Now there are many books on Web security, so you can avoid a lot of detours in the process of learning. If you have difficulty reading the above recommended books, then find a book on Web security that you can read.

Of course, talk on paper is shallow, so what if you don't practice it.

2. Learning common tools

1. Burpsuite learns Proxy, captures packets and changes packets, learns Intruder blasting module, learns plug-ins in the practical Bapp application store 2. Nmap uses Nmap to detect the ports opened by the target host, uses Nmap to detect the network services of the target host, and determines its service name and version number 3 .SQLMap uses SQLMap to mine the SQL injection vulnerabilities scanned in AWVS for data acquisition practices and exploit common types of vulnerabilities

3. Learning and development

1. Book "Detailed PHP"

2. Practice using PHP to write a script that lists directories, and you can list any directory through parameters. Use PHP to grab the content of a web page and output it. Use PHP to grab the content of a web page and write it to the Mysql database for output.

You can also find a training class and study systematically, it is all possible.

Epilogue

To be honest, there is no threshold for obtaining the information package mentioned above. However, I think many people get it but don't learn it. Most people's question seems to be " how to act ", but it is actually " can't start" . This is true in almost any field. The so-called " everything is difficult at the beginning", the vast majority of people are stuck at the first step, and they have eliminated themselves before they even started. If you really believe you like cybersecurity/hacking, do it now, more than anything else .

The field of network security is like a towering tree full of fruit. There are countless onlookers standing under it. They all claim that they like network security and want to pick the fruit from the tree, but they are hesitant when faced with the vine branches that hang down from time to time. indecision.

In fact, you can climb this tree by just grabbing any vine branch. What most people lack is such a beginning.

Guess you like

Origin blog.csdn.net/yinjiyufei/article/details/130245756
Recommended
Ranking
Electric Motor Manufacturer - What Is An Asynchronous Motor?
Operating System (2) - the physical memory (continuous non-continuous) administration
PAT B 1013 (JAVA) - Long brush brother's title path
Java multi-threading (XIII): Thread Pool
gitignre
agc047_a A-Integer Product Mathematical Ideas
Bitcoin block structure Merkle tree and simple payment verification analysis
当技术重构遇上DDD,如何实现业务、技术双赢?
java.lang.IllegalArgumentException: Comparison method violates its general contract!
How to deal with the problem of data skew in Spark tasks?
Daily
More
2024-07-04(0)
2024-07-03(0)
2024-07-02(0)
2024-07-01(0)
2024-06-30(0)
2024-06-29(0)
2024-06-28(0)
2024-06-27(0)
2024-06-26(0)
2024-06-25(0)

Code World

© 2018 codetd.com