Is coding required for cybersecurity?

blog + Education Z. Oualid todayJuly 26, 2021

Background
share close

Cybersecurity is a very large field, and it has contact with every other IT domain, and that’s what I personally like in it as it gives you an overview of all the technologies. One of the most common questions I get from my students is this, is coding required for cybersecurity?

Coding is not required in cybersecurity in general. However, mastering this skill could be required in some fields of cybersecurity like secure coding and code auditing.

Now, if you want to understand why coding is not required and why I highly recommend my student to master it and what languages, then keep reading …

Why coding is not required?

Depending on the specialty you choose in cybersecurity the coding could not be required. For example, if you choose to become a security manager that implements ISO recommendations then coding is not required.

Most of the job performed by a manager is related to process and people management. Therefore, having this skill will not have a big impact on your capacity to manage this.

Security Management positions are not the only security jobs where you don’t need to have coding skills. Security Solutions implementers or Security analysts are also jobs that do not require having coding skills.

A Solution implementer or support usually uses the vendor’s interfaces to perform daily operations on the monitored system. Even if the security vendors usually offer some scripting capabilities to the solution administrators, vendors are trying their best to automate every task an admin could do to not have to create his own scripts.

Therefore, mastering coding is not required in a lot of cybersecurity fields as I said. However, in other, this could be a must or at least required to do the job correctly. In the following section of this blog post, I am going to explain why in some cybersecurity fields this skill could be necessary to do the job.

Why having coding knowledge is an important skill in cyber security?

Coding is one of the best skills that any information security or any IT professional should know have in my opinion. Unfortunately, a lot of cybersecurity profiles do not take care of this skill and do not even try to learn it, even if it can help them in doing a very good job.

Let me give you some examples where having a coding skill will help you:

  • Network security or security monitoring jobs are one of the profiles that really neglects this skill. A lot of security monitors profiles I have meet along my experience in this field really does not care about having coding or scripting skills even if it’s really helpful. Having this capabilities give you the opportunity to automate many parts of your job which give you more time to learn new stuff.
  • Even in penetration testing a lot of people does not care about coding even if in my opinion is a very important skill to have if you want to do the best pentest job. Having this skill while performing a penetration test give you an idea about what kind of errors a developer could do and when. In many cases, where I was performing a penetration test, having this skill have helped me a lot to better understand and find vulnerabilities.
  • Also in penetration testing having some coding/scripting knowledge give you the ability to automate a lot of steps from recon to privileges escalation. For example, creating a script that check a lot of configuration errors in a system that can be used to perform a privilege escalation.

Which coding language are recommended for cyber security?

That’s a pretty nice and common question that I also get from my students. The best coding languages recommended for cybersecurity are:

  • C
  • PHP
  • JAVA
  • Python
  • Bach

The C language is the best language you can start with to understand how languages work. Most modern languages are developed based on this language. Therefore, a lot of functionality and logic used in these modern languages are based on this language which will facilitate their mastering.

In addition, learning the C language gives you the ability to better understand the inner concepts of programming as modern languages try to hide them to facilitate the development process. Moreover, a lot of critical vulnerabilities discovered in operating systems are due to C programming errors. Therefore, having this knowledge will help you find those kinds of vulnerabilities by reverse-engineering the OS source code.

I have mentioned the PHP language here, just because a lot of new and old web applications are developed using PHP. Moreover, this language is the easier technology to quickly understand the concepts of web development. In addition, a lot of modern web development frameworks are based on PHP core, like codeigniter, laravel, and more. Therefore, learning the PHP languages will give you the ability to easily understand those new technologies.

The JAVA programming language is necessary to better understand object-oriented programming concepts. Mastering JAVA will help you understand some new critical types of vulnerabilities.

Python and Bach are two of my favorite scripting languages that will help you a lot while performing penetration tests. Knowing one of them or both help you automate a lot of techniques like scanning, maintaining the access, or even doing a privilege escalation.

Where you can learn coding for security?

The coding skills basically can be learned everywhere on the web, it is one of the most mature fields on the internet and a lot of good content are out there. However, I will give you some references that I have personally used to learn some programming technologies.

Openclassroom offers the best programming course with a step-by-step process. I personally liked this website and the fact that they give a lot of details that a penetration tester or even a cybersecurity expert needs to know to find some types of vulnerabilities. That’s by far the best aspect I have found in their courses. Unfortunately, some very good courses on this platform are made in the french language. Here is a list of some good resources you can start with from openclassroom:

That’s all the courses and tutorials I recommend because that’s what helped me the most, and this is a real recommendation, as can see there are no affiliate links out there.

Written by: Z. Oualid

Rate it

About the author
Avatar

Z. Oualid

I am a Cyber Security Expert, I have worked with many companies around the globe to secure their applications and their networks. I am certified OSCP and OSCE which are the most recognized and hard technical certifications in the industry of cybersecurity. I am also a Certifed Ethical hacker (CEH). I hope you enjoy my articles :).


Previous post

Similar posts

Post comments (0)

Leave a reply

Your email address will not be published. Required fields are marked *