Is coding required for cybersecurity? If yes, how crucial is coding for cybersecurity?
Many people ask how important is coding for cybersecurity, and the lawyerly answer is: Well, it depends on many facets. Because just starting off, many roles don’t really require you to code and based on how advanced you want to get, programming may or may not be all that important for you.
In this blog, we cover the relationships between cyber security tooling and expertise, and some on-the-job scenarios where it's beneficial knowing how to code. and ending with some advice for all the non-programmers out there who are just starting out. So without further ado, Let’s break it down!
Table of contents
- How crucial is coding for Cybersecurity?
- Three Catagories of Cybersecurity: Blackbox users, tool operators, & developers.
- Blackbox Users
- Tool Operators
- Operator Developers
- Let's dwell on a real case study
- The Process
- Who plays a larger role in Cybersecurity? Scripting or Programming Languages, and what should you learn?
- Operator Vs Developer Axis
- Looking for the best resources for cybersecurity?
How crucial is coding for Cybersecurity?
So how crucial is coding for cybersecurity? Think about it this way. Just about all the tools you use in cyber security are written in code, and programming lets you write tools. So the important questions to answer first are: what are tools? and what’s the value in knowing how to build them? On a conceptual level, tools extend your ability to change the environment around you, whether in the physical or digital world. Combined with intent, they let you create action and change. So the more advanced your tools are the more leverage you have. And with this leverage, you can have a wider range of actions and change. Archimedes once said:
If he was standing in something more sophisticated like the Death Star, he’d also have the ability to blow it up; only if he knew how to operate it. Similarly. In the cyber world, it’s no different. Being able to get results in cyber depends on the types of software tooling at your disposal and your expertise in using them. So the first principle to keep in mind is that it’s the combination of tools and skills that will determine your overall cyber abilities, whether for an individual or for a team. So to improve your overall effectiveness, it’s important to make a balance between both
Three Catagories of Cybersecurity: Blackbox users, tool operators, & developers.
Let's deconstruct them one by one.
Most BlackBox users will usually only know the basics of using one or a few different software systems, and only in situations that they’ve been trained in. These guys might even have a few certifications but aren’t able to apply their training to solve problems independently in more complex scenarios without the help or mentorship of more experienced practitioners. Being able to modify tools or craft new ones is out of the question.
The vast majority of people in cyber security would fall in this category. In General, knowing how to code isn’t all that important for them, because they’ve yet to master many of the most common tools in the role, they’re already in. Whether it’s Wireshark, Metasploit, Autopsy, Burp Suite, Volatility, Cellebrite, Group Policy, et cetera. You’ll be much better off first focusing on fundamental principles like understanding computer networking, operating system architecture, and solving technical problems.
In the next category, we have tool operators who have years of experience in using a variety of software. And they can creatively chain them together in real-world scenarios. These guys are the backbone of companies’ IT and security firms and are often the workhorses responsible.
But for those without the ability to code, the downside is that when you’re in a situation without an immediately apparent tool available, there’s not much you can do about it. Taking the time to learn some programming can really amplify your ability at this stage. Since it lets you automate many of the tasks that you once performed manually.
Now tool developers, especially those who are actively involved in operations, can understand the ins and outs of the tools they use. Knowing how to program lets you modify existing software or craft something more custom to solve specialized cyber security problems.
The operator-developer types tend to be some of the best cyber practitioners you’ll meet in the field and are hard to come by, depending on the team you’re on. In terms of overall ability, you’ll find that people who can chain tools together or write custom-built code have increasing levels of expertise that are orders of magnitude higher. And those with programming backgrounds tend to progress faster and deeper in their learning journeys than those who don’t.
Let's dwell on a real case study
Here’s a case study from someone with years in Cybersecurity in his own words
"When I was first starting off in the field, I worked as a security analyst in a three-man team with no certifications and a very basic understanding of code. We were monitoring for malicious activity on the network using software called Splunk, which lets you build advanced queries to search across large datasets like network logs.
In many enterprise networks, the only traffic allowed to exit is common protocols like NTP, DNS, HTTP, and HTTPS, which is what you’d expect from internal users browsing the web or servers fetching updates. These services typically get hosted on ports 123, 53, 80, and 443. Firewalls would drop any other type of traffic destined for other ports to limit the risk of data exfiltration. To bypass this, malware will often hide their communication traffic within these common protocols as covert channels to evade detection. I pushed the idea of monitoring DNS traffic for signs of malicious activity, after reading about the technique in some academic white papers.
I wanted to develop a way to assign DNS queries in our logs weighted risk scores depending on the number of subdomains, the length, and the overall entropy of the query. Because I didn’t know how to code, I had to chain together an incredibly massive Splunk query to calculate everything. Even though this method worked and discovered outbreaks on the network, it was pretty slow and bogged down the system.
So I had to rely on one of the other more senior guys on the team to re-implement my solution as a module in Python to do the same thing, but more efficiently.
On one hand, my curiosity and persistence made me a valuable member of the team. But at the same time, had I learned the most basic programming skills, it would have given me the flexibility to describe the outcome of what I wanted to do using the language of code."
This experience later prompted the cybersecurity expert to act and take coding more seriously to patch up his skill gap.
Who plays a larger role in Cybersecurity? Scripting or Programming Languages, and what should you learn?
One caveat we do want to make is that it's important to draw the line between scripting and software development. However many people will use the word “programming” or “coding” interchangeably to describe both of them. However, Scripting normally refers to writing short snippets of code in an interpreted language to automate tasks or glue the functionality of other tools together. Meanwhile, Software development is a broader term that covers scripting but also involves writing algorithms or libraries as part of a larger, more complex toolchain.
People often consider Python or Bash as scripting languages. While compiled ones like C++ or Java are more geared towards software development. Yet generally, it depends on the complexity of the tool and your intent. Whether you are looking for something quick and dirty or something more robust and enduring.
Operator Vs Developer Axis
Now on the operator versus developer axis, you’re going to see a lot more scripts closer to the operator side. Whereas more compiled languages on the developer side. This isn’t true across the board, since people can bounce around the spectrum, but it’s a decent rule of thumb.
Since on the operator side of the spectrum, your focus is primarily on the pre-built tools with some degree of customized automation. In this case, it’s not massively critical to have a coding background, most computer science programs are much more heavily focused on topics like applied math, programming theory, and software development at the academic level. We personally suggest it’s better to start off learning scripting. As it's quick to pick up and a bit more pragmatic for day-to-day technical tasks.
Looking for the best resources for cybersecurity?
Well in case you're looking for the best resource to start your cybersecurity journey? You should try the ZEN class's integrated program for cybersecurity w/ Ethical hacking. It's an industry-leading program affiliated with SkillsDA and GOI and offers 100% job assistance upon completion. It also features an advanced curriculum for Python scripting; so you won't have any problem with the basics.