"Going to Beihang University to recruit talents" is just the tip of the iceberg. Tencent's security talent layout is exposed｜Analysis

Beihang University is an interesting university. It basically holds blind dates and meetings with security companies in the same conference room.

On the last day of June, the eighth conference room of the conference center of the new main building of Beihang University welcomed another cooperative enterprise related to Beihang University’s network security - Tencent.

Previously, CNCERT, 360, Bangbang Security, Yuanxin Technology, Yongxin Zhicheng, H3C, Hangzhou Tiangu, Anheng, Xipu Education, Venusstar and others have joined hands with Beihang University and carried out cooperation of varying degrees.

At this cooperation meeting, Tencent and Beihang University announced that they would do the following four things together:

• Jointly establish the "Beijing University of Aeronautics and Astronautics-Shenzhen Tencent Computer Systems Co., Ltd. Network Ecological Security Joint Laboratory";

• Establish a joint internship base between Tencent and Beihang University School of Cyberspace Security;

• Co-sponsored top cybersecurity events;

• Expert teachers hire each other.

Leifeng.com discovered two important pieces of information: First, the cooperation between Beihang University and large and small enterprises in network security is similar; second, since the forms of cooperation are similar, it means that everyone is competing for talent!

Tencent is here to poach talent with great fanfare. Let's take a look at the lineup sent by Tencent: Ding Ke, Senior Vice President of Tencent, Ma Bin, Vice President of Tencent, Liu Yong, General Manager of Tencent Industrial Policy Department, Li Xuyang, General Manager of Tencent Security Cloud Department and Head of Tencent Security Anti-Fraud Lab, Yu Yang, Head of Tencent Security Xuanwu Lab, Yuan Renguang (Brother Yuan), Head of Tencent Security Zhanlu Lab, and Ma Jinsong, Head of Tencent Security Anti-Virus Lab.

First, the top boss of Tencent's security line was present. Secondly, those who are familiar with Tencent Security may know that Tencent Security has seven major security laboratories, and at this cooperation meeting, four of the seven well-known laboratory heads in the security industry came. Ding Ke said regretfully at the scene that Tencent Keen Laboratory is located in Shanghai, and many of its research is also related to Beihang University. In short, all the bigwigs of Tencent Security who can hold the field in Beijing are here. Ding Ke, Li Xuyang, Yu Yang, Yuan Renguang, and Ma Jinsong were also hired as part-time professors by Beihang University.

Finally, Yu Yang, also known as the "TK Master" in the industry, said that he would come to Beihang University to give lectures. Lectures are lectures, but how long they last shows sincerity. The editor of Leifeng.com's home channel took the opportunity to ask TK this question, and he replied: "It must be continuous." Well, the suspicion of a one-time or two-time show can be ruled out.

Since Tencent came to Beihang University in such a big way to poach talents, it shows that it takes this matter very seriously. The nearly 40-minute speeches by Ding Ke and TK on the spot further exposed Tencent's security talent layout.

You will find that this is part of Tencent Security’s core talent strategy.

One point TK agrees with is that cybersecurity requires different levels of talent.

For example, practical talents who are good at discovering vulnerabilities; research talents who are good at security research.

In recent years, major universities have opened direct majors in network security. According to the previous sources of network security talent, Leifeng.com has learned that there are several parts: 1. Network security enthusiasts self-study security technology, starting with vulnerability mining, and some will be divided into other research directions; 2. Switching from "related" or unrelated majors such as communications, cryptography, and computers to become network security talents; 3. Talents who receive professional education in network security in universities.

On the one hand, the cybersecurity industry may be the field that least values ​​academic qualifications. A capable "cybersecurity person" can become a "cybersecurity talent" through certain paths. For example, Yuan Ge graduated from Shandong University with a major in mathematics, but for some reasons, he did not get two certificates when he graduated, but this did not prevent him from becoming a big shot in the field. In Leifeng.com's previous reports on cybersecurity figures, you can also see Li Jun, a hacker who taught himself from a car mechanic, and Yang Qing, a researcher who specializes in radio attack and defense and has never taken the college entrance examination.

But it is undeniable that we also see another side - Lao Bi, who used to work at Tencent Security and later founded the security startup "Threat Hunter" CEO, once revealed to Leifeng.com that during his time at Tencent, his immediate boss attached great importance to academic qualifications. Once when everyone was having a meal together and reported their respective alma mater, Lao Bi was heartbroken, because the colleagues present "at worst graduated from Hunan University", and he was embarrassed to say "Hunan City University".

Tencent Security went to Beihang University to recruit talents, which made Leifeng.com editors wonder: In the security field where academic qualifications are really not important, what percentage of outstanding college graduates does Tencent Security have? Does this mean that they still prefer graduates from excellent schools?

Although TK did not admit the above conclusion, he told the editor that at least 50% of the staff in Tencent Security Xuanwu Lab are outstanding college graduates. This may also be a cruel fact in talent screening - if there are thousands of resumes in front of you, people with a background in a prestigious school may have a higher probability of having the qualities that the recruiter needs.

In TK's view, talents are in a dilemma under the new situation of cyberspace security: there is a lack of authoritative talent training and certification standards, and a lack of training mechanisms and systems; there are only 30,000 talents in a market of 700,000 with more than 1.4 million colleges and universities in 2020; new technologies such as big data, intelligence, mobility and cloud drive the comprehensive training and improvement of talents' model capabilities and awareness.

Since the gap in cybersecurity talent is so serious, "recruiting" talents in advance and conducting joint training at universities that already have cybersecurity disciplines, such as Beihang University, Guangzhou University, Xidian University, and Wuhan University, has become a more successful way to reserve talent.

This is one of the paths, and TK's PPT also "leaked" more information.

Let’s take a look at this picture:

First, let’s learn about TCTF, Jibang, DEF CON and Qiangwang Cup.

According to official statements, TCTF is a Tencent Information Security Competition guided by the Competition and Drill Working Committee of the China Cyberspace Security Association, initiated by Tencent Security, hosted by Tencent Security Joint Laboratory, undertaken by Tencent Security Cohen Laboratory, and co-organized by the 0ops Security Team and Tencent Security Xuanwu Laboratory. It is committed to establishing the country's first professional security talent training platform in collaboration with industry strategic partners.

From the fact that Leifeng.com has been tracking and reporting on TCTF, it can be seen that this "competition" is mainly for Tencent Security to recruit talents. Once, Leifeng.com invited Xie Tianyi, a member of TK and Tencent Security Keen Lab, to give an online public course on "CTF and TCTF". The Tencent side that led this "project" was its HR department. As for the on-site hosting of TCTF in 2017, Tencent's HR department was also the main participant in this event.

This competition, hosted and co-organized by Cohen and the 0ops security team, is also full of mysteries.

The 0ops security team is a well-known CTF team of Shanghai Jiaotong University, which has won numerous awards in international CTF competitions. Leifeng.com once interviewed the current captain and team members of the 0ops security team and found that they have long been sought after by security teams of major companies. They invited the graduated team members to join the security team, and the team members who have not graduated to come to the laboratory for internship. Cohen, located in Shanghai, has recruited a group of 0ops team members to join the laboratory. For example, Xie Tianyi graduated from Shanghai Jiaotong University and was the captain of the well-known domestic CTF team 0ops during his time at school.

In addition, some members of the strong CTF teams Zhejiang University AAA and Fudan University Sixstars were also absorbed into Tencent Security for similar reasons, and together with Tencent's own eee team (Eee-Eee-Eee team), they formed a stronger A*0*E team. As a result of the strong combination, this CTF team fought against the world's top hackers in the finals of the world hacker competition DEF CON CTF held in Las Vegas, USA, and achieved good results.

The security talents recruited by Tencent Security are not only able to compete in external competitions. Before participation in various PWN competitions abroad was "discouraged", these talents were also the main force in the vulnerability PWN competitions submitted by major well-known companies.

Tencent Security's "Hundred Talents Program" is also closely related to TCTF. It is open to college students around the world. Through the TCTF competition, the most promising 100 security talents are selected through multiple levels of competition and examination. Through subsequent continuous training, the goal is to "create future leading talents in the field of Internet security."

Those who are familiar with these two types of competitions should know that if CTF is a "training" competition, then the PWN competition may have more of a "real combat" temperament - it tests real security research capabilities.

GeekPwn is a security geek (hacker) competition for smart life initiated and hosted by KEEN, a top domestic information security team, in 2014. The origin of GeekPwn and Tencent Security is that the core members of the KEEN Team, including Wu Shi, joined Tencent and established Keen Lab. They are still a family, and other security researchers of Tencent Security often appear on the stage of GeekPwn to show their cracking projects.

The special thing about this competition is that the contestants are likely to crack new products from well-known domestic and foreign manufacturers. It is also attracting security researchers from other domestic and foreign companies to participate.

There is also the Qiangwang Cup. Judging from the situation of the second Qiangwang Cup, it has a stronger "government color": this competition is guided by the Network Security Coordination Bureau of the Central Cyberspace Administration of China, hosted by the University of Information Engineering, and co-organized by the Teaching Guidance Committee of Information Security Majors in Higher Education Institutions of the Ministry of Education.

Leifeng.com once reported on this, "This may be the largest-scale hacker training in China this year," and wrote at the end of the article: "The real-time battle situation this time has been transmitted to the rear, and the 'big brothers' are watching from the rear..."

However, Tencent Security has nothing to do with the hosting of this competition. This time, eee, AAA, sixstars, and 0ops achieved the top five results in this training exercise.

Leifeng.com editor believes that, in summary, the significance of these four competition platforms to Tencent Security lies in: selecting talents, training troops, and demonstrating security strength, thereby supporting the entire Tencent Security brand and attracting more talents to join.

At this point, let’s look back at one of the cooperation items reached between Tencent and Beihang University - "jointly launch top cybersecurity competitions, integrate the advantages of both parties’ resources, build an innovative platform for outstanding cybersecurity talents, and create top competitions in the field of cybersecurity." We will find that this is to improve Tencent Security’s "Hundred Talents Program" and build a chain-based cybersecurity talent training system that integrates talent discovery, talent training, and value transformation. Everything is logical.

Of course, poaching, discovering and cultivating talents are not the end. Ultimately, they all serve Tencent’s own business.

Figure 1

Figure 1 shows Tencent’s current main businesses and priorities.

Figure II

Figure 2 shows the “feedback” from the talents recruited by Tencent Security in these key areas.

Figure 3

The last picture highlights the key point: key talents have become the core driver of Tencent's full-scenario layout. Therefore, Tencent Security's "robbing" Beihang University of Technology is just the "tip of the iceberg", and everything is for this big goal.

Tencent Security lake2: Black industry also uses "AI", what should we do丨CCF-GAIR 2018

Tencent's internationalization of mobile payments: starting with red envelopes, cross-border payments and remittances become new driving forces丨CCF-GAIR 2018