Foreword:
Looking back on my study time, I think the biggest difficulty is that there is no old driver to take me, no technical atmosphere, I can only explore on my own, and even spend a lot of time to collect various online tutorials, add various groups and communities, and I am very motivated. The difficulty has been maintained. This is also the embarrassment for students from non-Cinan strong schools or non-Cinan majors.
, Although my technology is relatively average, I can’t compare to the big guys, but I am different from other security technology accounts in that I don’t share any technology, but I’m more willing to share my various experience of stepping on pits as a newcomer in the security industry. So that everyone can avoid detours and have some insights. In the next few articles, I will talk about my experience in penetration testing. Today, I will talk about my views on internships and how to prepare for interviews.
Do you want to go for an internship?
In fact, the answer to this question is beyond doubt for most people. After all, internship in a real security company, whether you are endlessly using scanners to write documents or write POCs for miscellaneous tasks, it looks very complicated at first glance. But this is generally the first step for every safety rookie to work in the company. These experiences are very valuable, allowing you to understand the overall process of safety work, and you can also get to know a lot of safety contacts.
When I was in college, I didn't really go to the company for an internship. I only experienced some projects and CTF competitions. In retrospect, I actually regretted it, mainly in three aspects: there are not many things to say about the resume, it is easy to be screened out in the comparison when I invest in the resume, and the technical answer is not practical or in-depth. But fortunately, I have some achievements in CTF, and I have something to say about Web security. I have been well prepared for the interview, so I can have something to say about the topics I can answer during the technical interview.
In general, if you are not a technical expert and can sink your heart to study the technology deeply, or if you are not a CTF expert, you can get a good ranking above the provincial level, it is best to start the second semester of the sophomore Start preparing for internship. I have said so much. If you don’t want to do an internship yet, I...
How to prepare for the interview?
Sum up my own experience
Open a blank notepad, think about it and write down one by one:
What security technology do you know? You can subdivide the technology. For example, the first level is Web penetration, the second level is SQL injection, the third level is MySQL injection, and the fourth level is how to discover, how to inject (technical details), and how to Right escalation and so on.
What relevant safety experience do you have, including CTF experience and internship or work experience.
What questions are you most afraid of the interviewer asking? You may have a little doubt about the third point, but this can best reveal your problem and can remedy what you are missing in time.
Prepare a simple resume
When writing resumes, students with little experience tend to find a particularly cool resume template. In fact, what resume styles have you never seen in the company's HR? In my opinion, the best resume is focused and concise. One of the biggest problems with fresh graduates writing resumes is that they have little or no work experience and do not understand corporate recruitment.
Generally speaking, a resume requires only three pieces of information: personal information, personal experience and other information. Let’s focus on personal experience. If you have work experience, it’s best. The three things you need to write are what you did in the project, how you did it (what technology was used), and what results you got in the end . If you have no work experience, then you need to have some small personal experiences when preparing, such as how to implement a small WAF, how to implement a scanner, how to penetrate a website, etc. If you have CTF experience, write the most Good two rankings and focus directions. For important information, use bold and important labels.
Why should we be so careful? Because this is where the interviewer will most likely ask. So, after writing this piece, think from the perspective of the interviewer. If you interview this person, what questions will you ask? According to the interviewer’s answers, what questions will you ask based on your answers... Keep asking yourself and exposing yourself. Make up for the shortcomings in time. On the other hand, this is also an important way to guide the interviewer to what you are good at. If you are very good at SQL injection, you can highlight the key points and reflect your SQL injection ability. If you can tell the interviewer about SQL injection Questions and answers are flowing, I think you will be stable this time technically.
Finally, fine-tune the resume according to the JD (job requirements) of each company. This is another big pit. There are a lot of talks about the development. In short, it is right to do what you like.
Prepare the answer to the interview
Although you may have a lot of things, you can use a shuttle when you infiltrate, but you can't directly Google to check the documents during the interview. If you ask, but you can’t answer, it will be cold, so you still need to prepare how to organize Answer, the question can look at the summary of my interview questions:
https://shimo.im/docs/TdpXTY6H9J8jygd8/read
When you are preparing to answer, write down your answer and keep revising it. Think about what questions the interviewer will ask after you answer this question. After constant scrutiny, you will find that you will learn a lot while preparing, and your skills will continue to rise.
Finally, let your friends or classmates conduct a small mock interview with you to practice your courage. Those who are nervous once speaking in public should do more! If you practice well, the interviewer will definitely appreciate you~
END
This is the basic interview preparation. When you are ready, you can start to invest your resume. However, the best and fastest way is to find students in the safety industry to push it. Many students in safety-related groups will be very happy to ask. Later, I will talk about some technical tips and some interview experiences with large and small vendors. The article on how to get started with penetration testing is also in preparation, remember to keep paying attention to me!
java
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。