Hacking Book | Free Online Hacking Learning


from the heart course of traditional safety transfer to risk control field, and on the trend of black production and risk control industry

Posted by bassolino at 2020-02-27

It was awfully happy to see the former comrades and goddess of the sun playing the official account. I also had a writing idea. However, the official account was quietly opened, with limited content and no content. New year's Day holiday listening to their own "ordinary road" in the highway, suddenly feel some experience and feelings, can write.

When I left Tencent a year ago and transferred from the traditional security field to the risk control field, I was very nervous. At that time, Tencent was striving to become the top three Internet companies in the world. It seemed that the stock price of 500 Hong Kong dollars was only a short or very short time issue. Jumping off such an aircraft carrier and leaving the traditional security field that I have been working on for ten years is not the best choice for me. Maybe it's the imperceptible influence of Tencent's product culture, maybe it's tired of the cycle of digging and repairing loopholes, and I don't know when, my heart's desire to make a product has been irresistible. As a safety technical engineer, listening to the inner voice and doing what you want to do are the core driving force that you have come all the way.

Mr. Wu Jun divided engineers into five grades:

Level 5: be able to solve problems independently and complete engineering work;

Level 4: be able to guide and lead others to complete more influential work together;

Level 3: be able to design and implement products independently and succeed in the market;

The second level: be able to design and realize products that other people can't make, that is to say, it's hard to replace his role;

First level: create an industry.

In my work experience, I have been in the middle of level 5 and level 4 in the six years of Lvmeng, and in Tencent's three years in charge of TSRC, I have been in the fourth level. Here, I would like to thank Tencent's leaders and colleagues for their help in the past three years, so that I can understand what influence is.

In reality, most of the safety engineers in the industry have reached the top of their career, which is basically the fourth level, and then they will be transferred to management or other, out of the scope of engineers. The third level of safety engineer is very rare, and the second level is even rarer. I have seen only one real person in the field of safety.

Every time I look at myself calmly, I feel that I am not suitable to be a professional manager, but I should see how far I can go on the road of an engineer. In addition, their own physical health may not be particularly suitable to stand in the front line of anti hacker intrusion and vulnerability emergency (we should all know that the business scale is directly proportional to the frequency of emergencies, half of the technical work and half of the physical work). When thinking about the future many times, tongdun gave me an opportunity to enter a new field and full of challenges. Looking back a few years later, I am grateful for success or failure.

During the resignation process, several very iron elder brothers gave me a lot of suggestions on the future road, which are the proverbs that can be used for a lifetime. Thank you, I didn't say it face to face. I remember every word in my heart.

On the evening of January 9, 2018, the group of blue stars (the legendary "trusted autonomous controllable block chain pseudo security situation awareness Threat Intelligence alliance wechat communication group based on quantum transparent computing") who came to Shenzhen to attend the TSRC annual meeting shouted me out of home after the activity. In a famous barbecue shop in Nanshan, we drank all the Qingdao original pulp in the shop. Everyone didn't say anything to encourage me, but looking at these heartless old friends, I was suddenly full of courage and moved to this day. I can't express that feeling accurately, maybe it's: "don't go ahead without a confidant, no one in the world knows you."

There is too much nonsense. Let's talk about some feelings of this year for the risk control industry, hoping to help those who are interested.

First, the field of risk control has been deeply integrated and coupled with the traditional security field. Because of the rapid improvement of black industry in the past few years, the risk control system without the support of basic technical ability is paper tiger in front of black industry. When I communicated with the business security team of a large factory in 2016, there was no one in the team with more than 50 employees to do basic attack and Defense Technology (reverse, code protection, etc.), mainly relying on the support of brother team. Today, this kind of team has no combat effectiveness in front of the black production. Take equipment risk control as an example. If the core logic of collecting equipment and sensor data on the end is not effectively protected, a large number of false data collected in the cloud may be black production and irrigation. The so-called completely rely on the cloud machine learning algorithm to find attack and real data, you can hear the laughter.

Secondly, the black industry has evolved from a highly specialized group with clear division of labor to an industrial company. The so-called industrialization of black industry means that they have put on the coat of "legal" companies, washed white and financed in various ways, and some have become star enterprises or even listed. The "Datang case" and "Ritz Huasheng case" exposed in 2018 are typical. With more cases being investigated and opened by the judicial organs, we will see more "star enterprises" that have penetrated into the Internet Ecology and occupied a place will be stripped off their coats and leak out the nature of black products in 2019. Here, we need to pay tribute to a few unspoken police elites. Without their professionalism and fighting spirit, this time may be delayed a lot.

Third, with the judicial authorities' high-pressure attack on black ash production, enterprises (especially large enterprises) will focus on the product capability and compliance legitimacy of risk control suppliers. With a few copies of black and gray data, it can be said that the speculative players of big data risk control will be eliminated, and the enterprises that continue to cultivate the market and polish products in the subdivision field will usher in the spring. In addition to technological innovation, risk control manufacturers should actively obtain various patents and qualifications, which may become important barriers. On the other hand, when choosing risk control suppliers, enterprises must choose reliable enterprises (for example, tongdun, this advertisement is a little hard, do not spray).

Fourth, in 2019, big players will make a deep contribution to the field of risk control. Tencent and Alibaba cloud, not to mention, can already meet companies like jd.com in large projects. Are the startups ready? Check the ammunition in your hand. Do you have the confidence to say to yourself: "I am invincible in my heart."

Finally, to borrow a product God's words: "I said above, may be wrong." If you think there is a slot to vomit, I suggest you keep it, because I may not see it at all.