Most cybersecurity analysts don't have to know how to code. But that doesn't mean they shouldn't bother learning. If you work in cybersecurity, having at least basic programming chops can help you accelerate your career and tackle security challenges more efficiently.
With that reality in mind, keep reading for tips on what to know about programming to advance your cybersecurity career.
Why Coding Matters in Cybersecurity
Let's begin by explaining why learning to code can be valuable for people in cybersecurity roles.
Again, programming skills are not strictly necessary for a cybersecurity career. Most entry-level security jobs don't require knowledge of coding, and in some cases even highly experienced security professionals don't know how to code.
However, given that many of the security challenges that cybersecurity analysts are tasked with solving involve code, understanding how code works is a valuable skill for analysts to have. The more you know about coding, the better positioned you are to advance your cybersecurity career.
On balance, it's worth noting that some niches within cybersecurity don't benefit much from coding. If you focus on physical security, for example, programming skills are not very important because code doesn't play much of a role in physical security risks. Likewise, teams focused on cybersecurity incident response may not need to know much about coding.
But most other types of cybersecurity risks do center around code. Specifically, they involve either application code (where bugs can lead to security vulnerabilities like code injection and buffer overflow risks) or configuration code (which may contain oversights that expose resources to problems like unauthorized access). The more you know about how code works, the better equipped you'll be to manage those risks.
Alamy
Coding Basics for Cybersecurity Engineers
Of course, most cybersecurity engineers don't have time to master everything related to programming. Instead, they should be strategic by focusing on aspects of coding that matter most for cybersecurity.
Learn how programming languages work
There are hundreds of programming languages in existence, and even skilled developers typically know only a handful of them. Cybersecurity analysts certainly shouldn't expect to master a wide range of languages.
But simply learning at least one language will provide valuable insight into how code works and which types of mistakes developers can make that may lead to security flaws. The specific language you choose to learn doesn't matter very much; it's fine in most cases to choose an easy language like Python or JavaScript.
Learn how infrastructure-as-code works
Along similar lines, most cybersecurity analysts will benefit by learning how to write the code that IT engineers rely on to provision resources via the process known as infrastructure-as-code, or IaC.
IaC code doesn't power applications; instead, it determines how servers, networks, and other IT resources are configured. A mistake in IaC code, such as code that accidentally exposes a sensitive data resource to public access, could trigger a security incident.
Cybersecurity analysts don't need to become deeply skilled at writing IaC code, but it is worth their while to choose a popular IaC platform, such as Terraform, and learn how to use it to configure infrastructure. Doing so will provide hands-on understanding of how security risks typically emerge in modern infrastructure.
Learn about CI/CD
Learning how CI/CD pipelines work is another basic skill that can help boost cybersecurity careers. Working with CI/CD pipelines doesn't actually require writing any code because CI/CD pipelines are not code; they're simply the set of tools and processes that developers rely on to write, build, test, and deploy code.
Understanding how these tools and processes fit together, and which types of security risks (such as failure to restrict access to code repositories or continuous integration servers) can arise during CI/CD operations is another way for cybersecurity engineers to gain insight into how security risks originate.
Learn Git
Git is an open source tool that most developers rely on today to help manage source code. If you work in cybersecurity, knowing how to run Git commands is probably not very important, but it is useful to know the fundamentals of how Git works — how developers check code into a Git repository, how they modify code using Git, which types of tests they can trigger via Git, and so on.
Here again, many of the security issues that analysts are tasked with addressing have their origin in oversights that occur during Git processes, so the more you know about Git, the better positioned you'll be to help prevent Git-based security risks.
Learn to script
The ability to write basic scripts using a language like Bash, PowerShell, or Perl can help cybersecurity analysts automate some of their workflows. For example, you could write scripts that automatically deploy security monitoring tools or transform data.
Scripting skills are less important for understanding the origins of cybersecurity threats because maintenance scripts tend not to be major sources of risks (although they could be), but learning to script can help cybersecurity professionals work more efficiently.
Conclusion: To Up Your Security Game, Learn to Code
For most cybersecurity analysts, it's not necessary to be a seasoned coder who has mastered the ins and outs of all aspects of programming. However, having a basic understanding of fundamental aspects of programming — such as how to write application code, how to manage code through CI/CD pipelines, and how to develop basic scripts — can do much to help cybersecurity professionals up their game. Coding is not a strict requirement, but investing a little time in developing coding skills can pay major dividends for cybersecurity careers.
About the author
Christopher Tozzi is a technology analyst with subject matter expertise in cloud computing, application development, open source software, virtualization, containers and more. He also lectures at a major university in the Albany, New York, area. His book, “For Fun and Profit: A History of the Free and Open Source Software Revolution,” was published by MIT Press.
