Cybersecurity and programming are closely intertwined because nearly all cybersecurity tools are written in code. Knowing how to code and the program can help cybersecurity professionals develop and modify tools that help keep networks and systems secure. However, whether programming is essential for cybersecurity professionals depends on the role they are in and how advanced they want to be.
Tools play an essential role in cybersecurity by allowing professionals to change the environment in which they work, whether in the physical or digital world. With the right tools and intent, they can create action and change. The more sophisticated the tools, the more leverage professionals have and the wider range of actions they can achieve. That being said, the overall effectiveness of cybersecurity professionals depends on the combination of tools and skills. In cybersecurity, most people fall into three categories: Blackbox users, tool operators, and developers.
Blackbox users are typically individuals who have only basic knowledge of using one or a few software systems and are only capable of using them in situations where they have been trained. These individuals may have certifications, but they are not able to apply their training to solve problems independently in more complex scenarios without the help or mentorship of more experienced practitioners. These individuals are not able to modify tools or create new ones, making coding unnecessary for them.
Tool operators, on the other hand, are experienced individuals who can use a variety of software to get things done and can creatively chain them together in real-world scenarios. They are the backbone of companies’ IT and security shops and are often the workhorses getting things done. However, when a situation arises without an immediately apparent tool available, these individuals are limited in their ability to do something about it. Learning some programming can help automate tasks that were once performed manually and can amplify the operator’s ability to work more efficiently.
Tool developers, especially those who are actively involved in operations, are able to understand the ins and outs of the tools they use. Knowing how to program lets them modify existing software or craft something more custom to solve specialized cybersecurity problems. The operator-developer types tend to be some of the best cyber practitioners you’ll meet in the field and are hard to come by, depending on the team you’re on.
Professionals with programming backgrounds tend to progress faster and deeper in their learning journeys than those who do not. For example, when someone is starting off in the field, programming can help them build advanced queries to search across large datasets, like network logs. By monitoring DNS traffic for signs of malicious activity, they can catch malware that often hides its communication traffic within common protocols, like NTP, DNS, HTTP, and HTTPS.
To improve overall effectiveness in cybersecurity, it’s important to balance both tools and skills. Individuals should focus on the fundamental principles of cybersecurity like understanding computer networking, operating system architecture, and solving technical problems. Programming can help operators automate tasks and developers modify the software to solve specialized problems.
In conclusion, programming is essential for cybersecurity professionals who want to be advanced in their careers. It’s essential for tool developers, but not as important for Blackbox users. Tool operators can amplify their ability to work more efficiently by learning some programming. Programming is an essential tool for cybersecurity professionals because nearly all cybersecurity tools are written in code.
