{"id":10073,"date":"2022-06-22T03:12:10","date_gmt":"2022-06-21T21:42:10","guid":{"rendered":"https:\/\/blog.guvi.in\/?p=10073"},"modified":"2025-10-08T16:46:19","modified_gmt":"2025-10-08T11:16:19","slug":"coding-for-cybersecurity","status":"publish","type":"post","link":"https:\/\/www.guvi.in\/blog\/coding-for-cybersecurity\/","title":{"rendered":"Is coding required for cybersecurity? If yes, how crucial is coding for cybersecurity?"},"content":{"rendered":"\n

Many people ask how important is coding for cybersecurity, and the lawyerly answer is: Well, it depends on many facets. Because just starting off, many roles don\u2019t really require you to code and based on how advanced you want to get, programming may or may not be all that important for you.<\/p>\n\n\n\n

In this blog, we cover the relationships between cyber security tooling and expertise, and some on-the-job scenarios where it’s beneficial knowing how to code. and ending with some advice for all the non-programmers out there who are just starting out. So without further ado, Let\u2019s break it down!<\/p>\n\n\n\n

How crucial is coding for Cybersecurity? <\/h2>\n\n\n\n

So how crucial is coding for cybersecurity? Think about it this way. Just about all the tools you use in cyber security are written in code, and programming lets you write tools. So the important questions to answer first are: what are tools? and what\u2019s the value in knowing how to build them? On a conceptual level, tools extend your ability to change the environment around you, whether in the physical or digital world. Combined with intent, they let you create action and change. So the more advanced your tools are the more leverage you have. And with this leverage, you can have a wider range of actions and change. Archimedes once said:<\/p>\n\n\n\n

\u201cGive me a lever long enough and a place to stand and I\u2019ll move the Earth.\u201d<\/em><\/p>Archimedes<\/cite><\/blockquote><\/figure>\n\n\n\n

If he was standing in something more sophisticated like the Death Star, he\u2019d also have the ability to blow it up; only if he knew how to operate it. Similarly. In the cyber world, it\u2019s no different. Being able to get results in cyber depends on the types of software tooling at your disposal and your expertise in using them. So the first principle to keep in mind is that it\u2019s the combination of tools and skills that will determine your overall cyber abilities, whether for an individual or for a team. So to improve your overall effectiveness, it\u2019s important to make a balance between both.<\/p>\n\n\n\n

Additionally, if you want to begin with Ethical Hacking & Cybersecurity through a self-paced course, try HCL\u00a0GUVI\u2019s Cyber Security and Ethical Hacking<\/a><\/strong> course<\/a><\/strong>.<\/p>\n\n\n\n

Three Catagories of Cybersecurity: Blackbox users, tool operators, & developers.<\/h2>\n\n\n\n

Let’s deconstruct them one by one. <\/p>\n\n\n\n

Blackbox Users<\/h3>\n\n\n\n

Most BlackBox users will usually only know the basics of using one or a few different software systems, and only in situations that they\u2019ve been trained in. These guys might even have a few certifications but aren\u2019t able to apply their training to solve problems independently in more complex scenarios without the help or mentorship of more experienced practitioners. Being able to modify tools or craft new ones is out of the question.<\/p>\n\n\n\n

The vast majority of people in cyber security would fall in this category. In General, knowing how to code isn\u2019t all that important for them, because they\u2019ve yet to master many of the most common tools in the role, they\u2019re already in. Whether it\u2019s Wireshark, Metasploit, Autopsy, Burp Suite, Volatility, Cellebrite, Group Policy, et cetera. You\u2019ll be much better off first focusing on fundamental principles like understanding computer networking, operating system architecture, and solving technical problems.<\/p>\n\n\n\n

Tool Operators <\/h3>\n\n\n\n

In the next category, we have tool operators who have years of experience in using a variety of software. And they can creatively chain them together in real-world scenarios. These guys are the backbone of companies\u2019 IT and security firms and are often the workhorses responsible.<\/p>\n\n\n\n

But for those without the ability to code, the downside is that when you\u2019re in a situation without an immediately apparent tool available, there\u2019s not much you can do about it. Taking the time to learn some programming can really amplify your ability at this stage. Since it lets you automate many of the tasks that you once performed manually. <\/p>\n\n\n\n

Now tool developers, especially those who are actively involved in operations, can understand the ins and outs of the tools they use. Knowing how to program lets you modify existing software or craft something more custom to solve specialized cyber security problems.<\/p>\n\n\n\n

Operator Developers <\/h3>\n\n\n\n

The operator-developer types tend to be some of the best cyber practitioners you\u2019ll meet in the field and are hard to come by, depending on the team you\u2019re on. In terms of overall ability, you\u2019ll find that people who can chain tools together or write custom-built code have increasing levels of expertise that are orders of magnitude higher. And those with programming backgrounds tend to progress faster and deeper in their learning journeys than those who don\u2019t.<\/p>\n\n\n\n

Let’s dwell on a real case study<\/h2>\n\n\n\n

Here\u2019s a case study from someone with years in Cybersecurity in his own words<\/p>\n\n\n\n

\n
\n

“When I was first starting off in the field, I worked as a security analyst in a three-man team with no certifications and a very basic understanding of code. We were monitoring for malicious activity on the network using software called Splunk, which lets you build advanced queries to search across large datasets like network logs.<\/em><\/p>\n\n\n\n

In many enterprise networks, the only traffic allowed to exit is common protocols like NTP, DNS, HTTP, and HTTPS, which is what you\u2019d expect from internal users browsing the web or servers fetching updates. These services typically get hosted on ports 123, 53, 80, and 443. Firewalls would drop any other type of traffic destined for other ports to limit the risk of data exfiltration. To bypass this, malware will often hide their communication traffic within these common protocols as covert channels to evade detection. I pushed the idea of monitoring DNS traffic for signs of malicious activity, after reading about the technique in some academic white papers.<\/em><\/p>\n\n\n\n

The Process<\/h3>\n\n\n\n

I wanted to develop a way to assign DNS queries in our logs weighted risk scores depending on the number of subdomains, the length, and the overall entropy of the query. Because I didn\u2019t know how to code, I had to chain together an incredibly massive Splunk query to calculate everything. Even though this method worked and discovered outbreaks on the network, it was pretty slow and bogged down the system. <\/em><\/p>\n\n\n\n

So I had to rely on one of the other more senior guys on the team to re-implement my solution as a module in Python<\/a> to do the same thing, but more efficiently. <\/em><\/p>\n\n\n\n

On one hand, my curiosity and persistence made me a valuable member of the team. But at the same time, had I learned the most basic programming skills, it would have given me the flexibility to describe the outcome of what I wanted to do using the language of code.”<\/em><\/p>\n<\/div>\n<\/div>\n\n\n\n

This experience later prompted the cybersecurity expert to act and take coding more seriously to patch up his skill gap. <\/strong><\/p>\n\n\n\n

\"Scripting<\/figure>\n\n\n\n

Who plays a larger role in Cybersecurity? Scripting or Programming Languages, and what should you learn? <\/h2>\n\n\n\n

One caveat we do want to make is that it’s important to draw the line between scripting and software development. However many people will use the word \u201cprogramming\u201d or \u201ccoding\u201d interchangeably to describe both of them. However, Scripting normally refers to writing short snippets of code in an interpreted language to automate tasks or glue the functionality of other tools together. Meanwhile, Software development is a broader term that covers scripting but also involves writing algorithms or libraries as part of a larger, more complex toolchain.<\/p>\n\n\n\n

People often consider Python or Bash as scripting languages. While compiled ones like C++ or Java are more geared towards software development. Yet generally, it depends on the complexity of the tool and your intent. Whether you are looking for something quick and dirty or something more robust and enduring. <\/p>\n\n\n\n

Operator Vs Developer Axis<\/h3>\n\n\n\n

Now on the operator versus developer axis, you\u2019re going to see a lot more scripts closer to the operator side. Whereas more compiled languages on the developer side. This isn\u2019t true across the board, since people can bounce around the spectrum, but it\u2019s a decent rule of thumb.<\/p>\n\n\n\n

Since on the operator side of the spectrum, your focus is primarily on the pre-built tools with some degree of customized automation. In this case, it\u2019s not massively critical to have a coding background, most computer science programs are much more heavily focused on topics like applied math, programming theory, and software development at the academic level. We personally suggest it\u2019s better to start off learning scripting. As it’s quick to pick up and a bit more pragmatic for day-to-day technical tasks.<\/p>\n\n\n\n

Looking for the best resources for cybersecurity? <\/h3>\n\n\n\n
\"Tech<\/a><\/figure>\n\n\n\n

Start learning Ethical Hacking & Cybersecurity Course<\/a><\/strong>, designed especially for beginners.<\/p>\n\n\n\n

\"Compelling<\/a><\/figure>\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Many people ask how important is coding for cybersecurity, and the lawyerly answer is: Well, it depends on many facets. Because just starting off, many roles don\u2019t really require you to code and based on how advanced you want to get, programming may or may not be all that important for you. In this blog, we […]<\/p>\n","protected":false},"author":11,"featured_media":10106,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[712],"tags":[],"views":"7669","authorinfo":{"name":"Tushar Vinocha","url":"https:\/\/www.guvi.in\/blog\/author\/tushar\/"},"thumbnailURL":"https:\/\/www.guvi.in\/blog\/wp-content\/uploads\/2022\/06\/8bfd01c18be1b5059bc0d7770d9dabf1-300x152.gif","jetpack_featured_media_url":"https:\/\/www.guvi.in\/blog\/wp-content\/uploads\/2022\/06\/8bfd01c18be1b5059bc0d7770d9dabf1.gif","_links":{"self":[{"href":"https:\/\/www.guvi.in\/blog\/wp-json\/wp\/v2\/posts\/10073"}],"collection":[{"href":"https:\/\/www.guvi.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.guvi.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.guvi.in\/blog\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/www.guvi.in\/blog\/wp-json\/wp\/v2\/comments?post=10073"}],"version-history":[{"count":26,"href":"https:\/\/www.guvi.in\/blog\/wp-json\/wp\/v2\/posts\/10073\/revisions"}],"predecessor-version":[{"id":89114,"href":"https:\/\/www.guvi.in\/blog\/wp-json\/wp\/v2\/posts\/10073\/revisions\/89114"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.guvi.in\/blog\/wp-json\/wp\/v2\/media\/10106"}],"wp:attachment":[{"href":"https:\/\/www.guvi.in\/blog\/wp-json\/wp\/v2\/media?parent=10073"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.guvi.in\/blog\/wp-json\/wp\/v2\/categories?post=10073"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.guvi.in\/blog\/wp-json\/wp\/v2\/tags?post=10073"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}