Cybersecurity: The Coding Myth
After concluding that I was finally going into tech, one of the fields that was of interest to me was Cyber Security. The concept of protecting users and actively fighting against Cyber Criminals really caught my attention, some people refer to the field as the “superheroes” of the tech space. Since I started working in the field, the most frequently asked question has been, “Do you have to code in Cyber Security?” and my usual is “No but Yes”, and why is this?
The reality is that there is no simple “Yes” or “No” answer to the question, as certain variables will decide whether or not it is necessary, such as:
Level of Expertise:
What are the objectives? Some people may only want to learn a few things about Cyber Security for the sake of knowledge; in this case, coding is not needed. In general, there is no need to learn coding for entry-level roles; instead, learning networking and general information security will be ideal.
For people willing to major in Cyber Security as a Career, the need for coding might arise, Why? For Major Cyber Security Roles, Modern Day Organizations tend to need expertise knowledge in one or more programming languages, so learning how to code gives you an advantage over other applicants.
Role:
Now roles in Cyber Security can be grouped into the Red team - This group are all about the offensive, they search for flaws in a system to exploit and proffer solutions to the problem and Blue Team - They are on the defensive, and their job is to defend the organization from cyber-attacks, system monitoring, risk assessment, and so on. Red team roles, on the other hand, are more likely to include coding than Blue Team roles. Let's take a look at some of these roles:
- Red Team Roles:
Now, the Red Team are involved in the exploiting vulnerabilities in software and network systems to help organization locate and patch the vulnerabilities. They must think like hackers and code like hackers to do this effectively, which necessitates a strong programming background. Roles in red team include:
- White Hat Hacking
- Penetration Testing
- Cyber Threat Hunting and many more
Blue Team Roles (Requires understanding of Programming Languages):
- Incident Response – Analyse tools used against the company (these tools are written in code)
- Information Security Engineering – Development of Security Software such as Antivirus, Firewall, Cryptographic tools etc
- Code Security – Securing of Web Applications as well as Software and so on.
- Blue Team Roles (Do not really require understanding of Programming Languages):
- Security Operations Centre
- Network Defender
- Vulnerability and Patch Management
- Security Architecture
- Security Audit
- Security Project Management
- Security Architecture and so on
What Programming Language should I learn?
Now, we have seen the different positions that require understanding of programming languages and those that do not. What programming languages are needed for the roles that require coding, especially in the field of Cyber Security:
1. Python: For Networking and Automated Scripting
2. JavaScript: For web application security and the prevention of common web vulnerabilities like Cross-Site Scripting.
3. PHP: Understanding Server-Apps is easier with a clear understanding of PHP.
4. SQL: This is to avoid database-related attacks as SQL is the most requested DB Programming Language
5. C & C++: Used in Reverse Engineering for antivirus etc
Conclusion:
There is no downside neither is there any negative effects of Programming Languages, it might not be needed by every role in Cyber Security but it does give an added advantage in the Tech Space. To be frank, simple networking principles and security concepts go a long way in the Cyber Security Career Path for Entry Level Analysts, rather than programming languages.
