2. Generally speaking, this professional standard refers to the personnel who work in accordance with the information security management system and standards to prevent hacker intrusion, analysis and prevention, set up firewall, antivirus, IDS, PKI, attack and defense technologies, and carry out security system construction and security technology planning, daily maintenance management, information security inspection, audit system account management and system log inspection.
3. There are many things to be familiar with, such as some network knowledge, sql injection, operating system (Windows, Linux, Android), and some kinds of development languages, such as C, C++, Java, Perl and so on.
If you want to engage in this industry, I suggest you teach yourself some interesting hacking techniques, such as grey pigeon, D tool, SQL injection tool, dictionary cracking and so on.