How-to
Alamy
Most
cybersecurity
analysts
don't
have
to
know
how
to
code.
But
that
doesn't
mean
they
shouldn't
bother
learning.
If
you
work
in
cybersecurity,
having
at
least
basic
programming
chops
can
help
you
accelerate
your
career
and
tackle
security
challenges
more
efficiently.
With
that
reality
in
mind,
keep
reading
for
tips
on
what
to
know
about
programming
to
advance
your
cybersecurity
career.
Why
Coding
Matters
in
Cybersecurity
Related:
Cybersecurity
Quiz
2024:
Test
Your
IT
Security
Knowledge
Let's
begin
by
explaining
why
learning
to
code
can
be
valuable
for
people
in
cybersecurity
roles.
Again,
programming
skills
are
not
strictly
necessary
for
a
cybersecurity
career.
Most
entry-level
security
jobs
don't
require
knowledge
of
coding,
and
in
some
cases
even
highly
experienced
security
professionals
don't
know
how
to
code.
Related:
Cybersecurity
Basics:
A
Quick
Reference
Guide
for
IT
Professionals
However,
given
that
many
of
the
security
challenges
that
cybersecurity
analysts
are
tasked
with
solving
involve
code,
understanding
how
code
works
is
a
valuable
skill
for
analysts
to
have.
The
more
you
know
about
coding,
the
better
positioned
you
are
to
advance
your
cybersecurity
career.
On
balance,
it's
worth
noting
that
some
niches
within
cybersecurity
don't
benefit
much
from
coding.
If
you
focus
on
physical
security,
for
example,
programming
skills
are
not
very
important
because
code
doesn't
play
much
of
a
role
in
physical
security
risks.
Likewise,
teams
focused
on
cybersecurity
incident
response
may
not
need
to
know
much
about
coding.
But
most
other
types
of
cybersecurity
risks
do
center
around
code.
Specifically,
they
involve
either
application
code
(where
bugs
can
lead
to
security
vulnerabilities
like
code
injection
and
buffer
overflow
risks)
or
configuration
code
(which
may
contain
oversights
that
expose
resources
to
problems
like
unauthorized
access).
The
more
you
know
about
how
code
works,
the
better
equipped
you'll
be
to
manage
those
risks.
Alamy
Coding
Basics
for
Cybersecurity
Engineers
Of
course,
most
cybersecurity
engineers
don't
have
time
to
master
everything
related
to
programming.
Instead,
they
should
be
strategic
by
focusing
on
aspects
of
coding
that
matter
most
for
cybersecurity.
Learn
how
programming
languages
work
There
are
hundreds
of
programming
languages
in
existence,
and
even
skilled
developers
typically
know
only
a
handful
of
them.
Cybersecurity
analysts
certainly
shouldn't
expect
to
master
a
wide
range
of
languages.
But
simply
learning
at
least
one
language
will
provide
valuable
insight
into
how
code
works
and
which
types
of
mistakes
developers
can
make
that
may
lead
to
security
flaws.
The
specific
language
you
choose
to
learn
doesn't
matter
very
much;
it's
fine
in
most
cases
to
choose
an
easy
language
like
Python
or
JavaScript.
Learn
how
infrastructure-as-code
works
Along
similar
lines,
most
cybersecurity
analysts
will
benefit
by
learning
how
to
write
the
code
that
IT
engineers
rely
on
to
provision
resources
via
the
process
known
as
infrastructure-as-code,
or
IaC.
IaC
code
doesn't
power
applications;
instead,
it
determines
how
servers,
networks,
and
other
IT
resources
are
configured.
A
mistake
in
IaC
code,
such
as
code
that
accidentally
exposes
a
sensitive
data
resource
to
public
access,
could
trigger
a
security
incident.
Cybersecurity
analysts
don't
need
to
become
deeply
skilled
at
writing
IaC
code,
but
it
is
worth
their
while
to
choose
a
popular
IaC
platform,
such
as
Terraform,
and
learn
how
to
use
it
to
configure
infrastructure.
Doing
so
will
provide
hands-on
understanding
of
how
security
risks
typically
emerge
in
modern
infrastructure.
Learn
about
CI/CD
Learning
how
CI/CD
pipelines
work
is
another
basic
skill
that
can
help
boost
cybersecurity
careers.
Working
with
CI/CD
pipelines
doesn't
actually
require
writing
any
code
because
CI/CD
pipelines
are
not
code;
they're
simply
the
set
of
tools
and
processes
that
developers
rely
on
to
write,
build,
test,
and
deploy
code.
Understanding
how
these
tools
and
processes
fit
together,
and
which
types
of
security
risks
(such
as
failure
to
restrict
access
to
code
repositories
or
continuous
integration
servers)
can
arise
during
CI/CD
operations
is
another
way
for
cybersecurity
engineers
to
gain
insight
into
how
security
risks
originate.
Learn
Git
Git
is
an
open
source
tool
that
most
developers
rely
on
today
to
help
manage
source
code.
If
you
work
in
cybersecurity,
knowing
how
to
run
Git
commands
is
probably
not
very
important,
but
it
is
useful
to
know
the
fundamentals
of
how
Git
works
—
how
developers
check
code
into
a
Git
repository,
how
they
modify
code
using
Git,
which
types
of
tests
they
can
trigger
via
Git,
and
so
on.
Here
again,
many
of
the
security
issues
that
analysts
are
tasked
with
addressing
have
their
origin
in
oversights
that
occur
during
Git
processes,
so
the
more
you
know
about
Git,
the
better
positioned
you'll
be
to
help
prevent
Git-based
security
risks.
Learn
to
script
The
ability
to
write
basic
scripts
using
a
language
like
Bash,
PowerShell,
or
Perl
can
help
cybersecurity
analysts
automate
some
of
their
workflows.
For
example,
you
could
write
scripts
that
automatically
deploy
security
monitoring
tools
or
transform
data.
Scripting
skills
are
less
important
for
understanding
the
origins
of
cybersecurity
threats
because
maintenance
scripts
tend
not
to
be
major
sources
of
risks
(although
they
could
be),
but
learning
to
script
can
help
cybersecurity
professionals
work
more
efficiently.
Conclusion:
To
Up
Your
Security
Game,
Learn
to
Code
For
most
cybersecurity
analysts,
it's
not
necessary
to
be
a
seasoned
coder
who
has
mastered
the
ins
and
outs
of
all
aspects
of
programming.
However,
having
a
basic
understanding
of
fundamental
aspects
of
programming
—
such
as
how
to
write
application
code,
how
to
manage
code
through
CI/CD
pipelines,
and
how
to
develop
basic
scripts
—
can
do
much
to
help
cybersecurity
professionals
up
their
game.
Coding
is
not
a
strict
requirement,
but
investing
a
little
time
in
developing
coding
skills
can
pay
major
dividends
for
cybersecurity
careers.
About
the
author
Christopher
Tozzi
is
a
technology
analyst
with
subject
matter
expertise
in
cloud
computing,
application
development,
open
source
software,
virtualization,
containers
and
more.
He
also
lectures
at
a
major
university
in
the
Albany,
New
York,
area.
His
book,
“For
Fun
and
Profit:
A
History
of
the
Free
and
Open
Source
Software
Revolution,”
was
published
by
MIT
Press.
Comments