1

Im interested in becoming a cyber security expert. I feel comfortable with my networking skills but im worried about my programming skills. How important is for a cyber security expert to have advanced programming skills? And what languages would you recommend.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Deus9
  • 51
  • 5
  • it depends on the type of security you want to provide. If you want to be a firewall expert or a Security Awareness professional, then you don't need programming at all. If you want to test applications, then you need a lot of programming experience. You need to define what you mean by "cyber security expert" Once you do, the answer might reveal itself. – schroeder May 06 '16 at 15:23
  • @schroeder Ive been applying for graduate cyber security jobs at different companies shuch as Ernst & Young, Nissan, Accenture and I need to know what kind of skills i need so i can be prepared. The job specifications dont really give enough detail to what im going to do if i get the job. – Deus9 May 06 '16 at 15:26
  • 1
    We cannot help with that. What any one employer is looking for is up to them and the role they are hiring for. Like I said, a firewall expert does not need advanced coding skills at all. Frankly, ask them. Get in contact with their hiring manager and ask them directly. Set up informational interviews so that you get a sense of what they are looking for. – schroeder May 06 '16 at 15:28

1 Answers1

3

Short answer: Start learning the security aspects of the technologies you already know.

Longer answer: the term "cyber security expert" is much broader than I think you realize. Like any technical field, there are lots of sub-areas, each requiring specialized knowledge. Even on this site you can see that no one person feels qualified to answer all types of questions - some people are cryptographers, others know about secure coding practices for C/C++, others know about secure coding for php / python / ruby, others know about firewalls and anti-virus configuration. You really have to be an expert in something before you can start thinking about how to penetration test it, or harden it against exploits.

Metaphor: your kid is sick, you take them to the doctor and the doctor says "I'm actually a plumber by training, but I recently took a course in what medicine to prescribe for which symptoms". Yeah, that's not good enough, I want my doctor to be a full expert in biology and understand why the medicine works, not just know which one to prescribe - similarly a "security expert" really should be a top-to-bottom expert in the technologies they are looking for weaknesses in.

Where to start:

If you already work for a company where you already have an assigned job, this will give you an area to concentrate your security studies. If you don't deal with a lot of code, then don't learn to code just for security, spend your time elsewhere!

If you are trying to apply to a "new grad" security positions at a company, then they will expect to have to train you anyway - you will have to learn their products and environment, looking for security holes along the way. You need to demonstrate that you "think like a gamer" - that your gut reaction to seeing something new is to say "what are the rules of this system, and how can I exploit them?". It's much easier to pick up the technical skills than to pick up this mindset.

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207