Many people ask how important is coding for cybersecurity, and the lawyerly answer is: Well, it depends on many facets. Because just starting off, many roles don’t really require you to code and based on how advanced you want to get, programming may or may not be all that important for you.

In this blog, we cover the relationships between cyber security tooling and expertise, and some on-the-job scenarios where it’s beneficial knowing how to code. and ending with some advice for all the non-programmers out there who are just starting out. So without further ado, Let’s break it down!

How crucial is coding for Cybersecurity?

So how crucial is coding for cybersecurity? Think about it this way. Just about all the tools you use in cyber security are written in code, and programming lets you write tools. So the important questions to answer first are: what are tools? and what’s the value in knowing how to build them? On a conceptual level, tools extend your ability to change the environment around you, whether in the physical or digital world. Combined with intent, they let you create action and change. So the more advanced your tools are the more leverage you have. And with this leverage, you can have a wider range of actions and change. Archimedes once said:

If he was standing in something more sophisticated like the Death Star, he’d also have the ability to blow it up; only if he knew how to operate it. Similarly. In the cyber world, it’s no different. Being able to get results in cyber depends on the types of software tooling at your disposal and your expertise in using them. So the first principle to keep in mind is that it’s the combination of tools and skills that will determine your overall cyber abilities, whether for an individual or for a team. So to improve your overall effectiveness, it’s important to make a balance between both.

Additionally, if you want to begin with Ethical Hacking & Cybersecurity through a self-paced course, try GUVI’s Cyber Security and Ethical Hacking – Beginner course.

Three Catagories of Cybersecurity: Blackbox users, tool operators, & developers.

Let’s deconstruct them one by one.

Blackbox Users

Most BlackBox users will usually only know the basics of using one or a few different software systems, and only in situations that they’ve been trained in. These guys might even have a few certifications but aren’t able to apply their training to solve problems independently in more complex scenarios without the help or mentorship of more experienced practitioners. Being able to modify tools or craft new ones is out of the question.

The vast majority of people in cyber security would fall in this category. In General, knowing how to code isn’t all that important for them, because they’ve yet to master many of the most common tools in the role, they’re already in. Whether it’s Wireshark, Metasploit, Autopsy, Burp Suite, Volatility, Cellebrite, Group Policy, et cetera. You’ll be much better off first focusing on fundamental principles like understanding computer networking, operating system architecture, and solving technical problems.

Tool Operators

In the next category, we have tool operators who have years of experience in using a variety of software. And they can creatively chain them together in real-world scenarios. These guys are the backbone of companies’ IT and security firms and are often the workhorses responsible.

But for those without the ability to code, the downside is that when you’re in a situation without an immediately apparent tool available, there’s not much you can do about it. Taking the time to learn some programming can really amplify your ability at this stage. Since it lets you automate many of the tasks that you once performed manually. 

Now tool developers, especially those who are actively involved in operations, can understand the ins and outs of the tools they use. Knowing how to program lets you modify existing software or craft something more custom to solve specialized cyber security problems.

Operator Developers

The operator-developer types tend to be some of the best cyber practitioners you’ll meet in the field and are hard to come by, depending on the team you’re on. In terms of overall ability, you’ll find that people who can chain tools together or write custom-built code have increasing levels of expertise that are orders of magnitude higher. And those with programming backgrounds tend to progress faster and deeper in their learning journeys than those who don’t.

Let’s dwell on a real case study

Here’s a case study from someone with years in Cybersecurity in his own words

This experience later prompted the cybersecurity expert to act and take coding more seriously to patch up his skill gap.

Who plays a larger role in Cybersecurity? Scripting or Programming Languages, and what should you learn?

One caveat we do want to make is that it’s important to draw the line between scripting and software development. However many people will use the word “programming” or “coding” interchangeably to describe both of them. However, Scripting normally refers to writing short snippets of code in an interpreted language to automate tasks or glue the functionality of other tools together. Meanwhile, Software development is a broader term that covers scripting but also involves writing algorithms or libraries as part of a larger, more complex toolchain.

People often consider Python or Bash as scripting languages. While compiled ones like C++ or Java are more geared towards software development. Yet generally, it depends on the complexity of the tool and your intent. Whether you are looking for something quick and dirty or something more robust and enduring. 

Operator Vs Developer Axis

Now on the operator versus developer axis, you’re going to see a lot more scripts closer to the operator side. Whereas more compiled languages on the developer side. This isn’t true across the board, since people can bounce around the spectrum, but it’s a decent rule of thumb.

Since on the operator side of the spectrum, your focus is primarily on the pre-built tools with some degree of customized automation. In this case, it’s not massively critical to have a coding background, most computer science programs are much more heavily focused on topics like applied math, programming theory, and software development at the academic level. We personally suggest it’s better to start off learning scripting. As it’s quick to pick up and a bit more pragmatic for day-to-day technical tasks.

Looking for the best resources for cybersecurity?

Start learning Ethical Hacking & Cybersecurity at your own speed with GUVI’s Self-paced Course, designed especially for beginners.