Information security from the industry sentiment, one week years

If you have been working from the actual experience, you have been in the industry for a year now;

If you look at the information security of an undergraduate, it's the first time in my sophomore years to know about penetration tests, to start participating in a security competition, and then to ISCC to a senior year and to work, it can be said that it's been four decades.

Four years of work experience is enough to be a small leader in any industry.

In other words, if I had been tired for four years, and had not been able to be a leader, what was the problem?

First of all, if I can put my foot into it, focus on the two, reverse, move security, web security, according to a small time law, four years enough to small.

There are many reasons for not being able to achieve this, but the internal causes are more fundamental than external reasons.

In the area of security, not to mention the computer field, many highly skilled people are not specialized, and they are not professionally educated. The fact that they are able to achieve brilliant results is interesting. Interest brought them to the talent, and the talent has increased their interest. In simple words, self-learning. Trained's Daniel also has, basically according to have the enthusiasm to have the talent. At this point, I am not as congenital as they are.

External reasons, not only an excuse, but also play a big role in the decision, of course, it is a pretext to think of it.

In fact, in addition to the learning of the cryptography in the course of this, to say that the encryption of the actual war in the middle of the next semester to touch, not to mention the various codes, reverse, drive ....

When you enter the door, there is a good communication and learning atmosphere around, and it is important for someone to take you for a while. This can save a lot of precious time, enhance the focus, and find your interest at an early date.

In the end, this is an external cause, but sometimes internal causes also need external catalysis, which is no longer discussed.

Now think about, if I know these things, I can know early in the year, that is, in the sophomore time know reverse engineering, encryption and decryption of these, junior will be able to master owasp Top 10, know what is the cross-site of the foot, what is csrf, what is WebView, I'm certainly not going to write this article here right now, but maybe it's not in the company. Or, in the year that the seniors were not wasted, there was a difference between finding a job, writing an essay, and continuing to improve on the technical side. "If" is a false assumption that there is no way to say that something has happened, and now it is impossible to cross over and not come back again.

Strictly speaking, the previous experience coupled with the work time, count the days of the waste, in the information security technology, vision, my business time is actually a year, never to have a year. The things that have happened in the past few years are relatively low by sex.

After work, it affects the way you go before, the same as external factors and internal causes, which affect the larger, please assess yourself.

Today's cause is the fruit of yesterday. If you are tired of hard technology in the first few years of college, there are more choices and opportunities to find a job. Companies like 3bat in the country have a lot of attraction before, and now it's time for flowers to get better, but the requirements for technical level are largely not changing in the same type of company, "he added in a similar fashion."

The rise of the Internet, the information system from the first down to the online, so that information security incidents more key into the human vision, and at the same time because the information is left, we are also easy to submerged is not in it, especially in the technical field, so we will mention the focus, mention a small time law.

In accordance with the quality of service and clothing, engineers are divided into party A and party B safety engineers. Internet security Engineers if not in a small area to crawl, such as intrusion testing, basically to take care of both party A and party B's sexual qualities, do both security and do the same (I guess). In addition, the technology is better, the person who has a professional to do security aspects of defense research, such as the various offensive laboratory, offensive team.

By contrast, party B is more emphasis on the technical and defensive, party a more emphasis on business security. Therefore, see a lot of people to engage in safety of the same school if the technology is not good, the level of food, of course, there are a lot of reasons, it is also strange not strange. Few things can be a good summary of the security of the party to the situation, they do not have much energy and time to study the technology, coupled with a number of weak and other reasons, basic anything to find the same school. Traditional party B says that internal factors, such as business model and survival competition, also make it less of a matter of time and energy to develop technology. On the other hand, with a technical expert or other identity to party a service, the focus on the technical solution, for the actual business generally know little.

The advantages of technology and products, if not the core of competition, many of the same school has been a lot of party a with the students to catch up with the trend. Of course, the technical gap here is old, but party a can touch different products and different service vendors, and in the end of the service period can learn from them, on the information system knowledge surface to be more than the same as the school of Learning. There is also a very important reason, most of the information system security and protection of the scene, do not need to be proficient in a certain technology, as long as you can understand everything, know that there is a problem to find out who resolved on the OK. Therefore, party B's learning and progress, and the same school is not necessary. Of course, the co-students of the internet company both laughed at party B and the same school, and laughed at the opportunity of the same students.

The following is a comparison between the general safety of the industry from the technical, the treatment, the work time, the school experience and so on (according to my understanding of the situation, another technical cattle exception).

Technology: Regardless of the average or the whole, the Affiliate technology level of the Internet company is the highest, and there is an irresistible retainer of the trend of strengthening, now the Internet company many of the same school is party B. There are many reasons for this, such as the lure of money, the bigger platform, the more visual about security, and the better technical aura (which are all relative).

Treatment: In terms of treatment, the average internet company may be slightly higher than party a, obviously more than party B (to say). Party a business, bank, certificate, futures of these financial aspects, the security is also very important, and the work of the resources are not bad, the social recruitment is measured in 20W above, not necessarily to the Internet company.

Working time: Is it more common for Internet companies to work overtime, whether the time is longer than to look at the new news to know, party a less than the relative ratio of overtime, financial aspects of the basic non-overtime (see the case of overtime); Party B's People think of the company culture and the situation, should be in between the two, usually not much overtime.

History: Internet company technology, so-called 7 technical 3 parts management; Party B is similar to the general company, the basic undergraduate; Party A is not very well understood, but in the financial field, the demand for school is much higher, many of them are graduate students, doctors, so you can see the high school people with the well-paid water does not do what the wonderful scenery. As to whether the business unit is in the presence of a potential rule, I do not understand, do not change the review.

Next is the focus, from the industry for a year of sentiment.

First look at my work content: penetration test, the code of the jury, app security test, security awareness training, response, and some of the seven miscellaneous eight. The first three, the quality of the test, do not know whether the functional test has not given a person who can do the feeling, safety test door threshold is to be a little bit higher.

It's simple and easy to say, it's not simple or simple. If it is just a regular view of the security test, even if it is the code of the jury, template, framework, methodology, I feel that anyone can do, but the quality of bad is not guaranteed. It's important to say that it's not easy to penetrate through the test experience and skills, especially in the high level of the scene; The code is required to have a good understanding of the loopholes, but also need to have a good code base or foundation; App testing requires the mastery of Android, iOS features, features, the ability to write code, see the Code, Dynamic adaptation, reverse reverse analysis, etc. In summary, the simple pendant is profound, the ordinary hidden in subtle.

The following content can be called Sunny Perak Perak, but it is really my real touch. Technically, the work I do every day, I'm exaggerating the things that might be 90~95%, finding a smart school student, spending a day teaching him what loopholes, how, how, how, and how to fix the application program ..... The second world, things to give him a basic no problem.

It's awful, and it's been a white life for a few years. Most of the time is a simple, repetitive thing, whether the amount of fatigue can lead to the change of quality, depending on external factors and internal causes.

From the security attack and defense technology, the party a majority of the traditional quality of the industry, the development of more slow, party B is dragged by the party, to embrace the technology and change, the Internet is more daring to take risks, basically walk in the forefront of the development of the Times. These categories, representing only the industry sector, party B also refers to the traditional party B, a number of offensive and defensive laboratories, security services manufacturers to walk in the forefront. In addition, the academic community has a lot of width, experience rich and powerful, and they are not in this discussion.

And then, what do I want to say, what do I prepare to do? My answer is to embrace change, to accept the unknown and to be uncertain.

Regardless of which side of a, B, C, D, you first need to know what you want, what to do, what to do, and why should it be like this or not?

? In the above, I drink after the chaos of the creation, do not have any responsibility for its correct, if there is any suggestion to discuss with my private?

Information security from the industry sentiment, one week years