Thor Draper Jr's Blog

Do you need to know how to code before getting into Cybersecurity?

I’ve been asked different variations of the question: Do I need to know how to code before going into cyber? If so, then when should I start? Also, how much do I need to go? Does everyone else know how to do it?

And I totally understand the concern. The first problem I see is that the terms “coding” or “programming” are used interchangeably to describe things like scripting or software development, which can be a bit intimidating. For the most part, scripting refers to writing short lines of code in an interpreted language, like Powershell, to automate tasks. The latter is a career path and discipline in its own right. Software development involves writing algorithms or libraries as a part of a larger, more complex toolchain.

So, when you’re first learning about Cybersecurity, and you hear that it’s essential to learn how to code, you might get a sense that you need to stop where you are and begin spending all of your extra time inside of VS Code.

The short answer

Ultimately, I think the answer is yes. At some point, you’ll need to learn how to code. The degree to which you need to understand will vary entirely on where you’d like to take your career. For some career paths, it’s going to be highly critical. To others, you might be encouraged to learn just enough to make aspects of your life easier.

As for when I’d say begin to learn the moment that you can identify a task that you do regularly. Odds are there will be ways to automate that process. Your journey in Cyber is a long one. Do things that will streamline your workflow.

The depth is a bit more challenging to address. The thing to consider for cyber is how you need to know a lot about a lot. The first environment you work in is going to have its tech stack. They’ll have specific tools that they use, and their applications will be written in various languages. To start, it might help to understand the fundamentals of reading code at the very least. It’s more important to realize that you’ll need different tools in your toolbelt as a cyber professional.

The Toolbelt

Tools are used to carry out a particular function and can modify features of the surrounding environment in both a physical and digital sense. The more advanced your tools, the more you’re able to accomplish. The introduction of automation will allow you to operate with minimal intervention. Most cyber tools are written in code. Programming lets you write tools. So, getting results in cyber will entirely depend on the types of tools at your disposal and your ability to use them. The specific languages are going to be your choice. Most people will recommend Python. But, you’ll want to keep an open mind because it’s the combination of tools and skills that will determine the value of your cyber abilities.

Stage one-low code

From a skill level, the majority of entry-level cyber positions do not require coding skills. You’ll find that plenty of users out there are in the early cognitive stages of learning. This involves gathering tools like Wireshark, Burp Suite, Metasploit, etc. As well as the pursuit of conceptual knowledge like taking classes and obtaining certifications. At this stage, those users are generally comfortable using the tools in areas limited to what they’ve been trained in, and customization of the tools isn’t a capability. It is perfectly normal and acceptable only to know a limited scope. At least you are committed to learning, and you’re doing your best to improve every day.

I do have a few caveats. The first is to be cautious of getting the cyber equivalent of Gear Acquisition Syndrome. As you ask people what to learn, you’ll find thousands of tools out there for thousands of situations. A Jack of all day-one walkthroughs but a master of none makes Jack an ineffective team member. The second one is to watch out for the learning loop. It can be easy to feel like you need to take another course or watch another video. At some point, you are just learning for yourself, and you need to find a way to put what you’re learning into action.

Stage Two: Intermediate

As you gather various software to get things done, you can also chain them to address real-world scenarios. You can still solve problems where there isn’t an obvious tool available.

Most of the “go-to” guys on your IT or security team are in this stage. This tends to be the stage. You need to learn some programming if you’d like to stand out.

Stage Three: Advanced

At this stage, you’ve likely started to develop your tools. People are referring to you as a unicorn. You understand the ins and outs of tools. You can craft custom solutions to solve technical security problems. Operator-developers tend to be some of the best practitioners in the field.

Final Thoughts

As you begin in the cyber field, it’s critically important to focus on the fundamental principles of networking, solving technical problems, and understanding the basics of IT. If you want to make coding a priority, keep in mind that it takes deliberate practice to progress in any skill. You can start putting in the reps with something small to get the feedback to improve continually. I’d suggest learning what you need to accomplish a specific task and then ask your mentors how they might approach the problem differently. You can make it pretty far by just learning how to read and write scripts. The operator side of the spectrum is focused heavily on pre-built tools. To get you started, I have three books I recommend for learning scripting: Learn Powershell in a Month of Lunches, Automating The Boring Stuff with Python, and Unix and Linux System Administration Handbook, for learning Bash.

So what’s your take? How important do you think coding is for people in the cybersecurity field? I’d love to hear more about your thoughts in the comments below.