How much math is involved in a typical information security career?

techexams-user-923

Are there particularly any areas in information security which require a lot of math knowledge? How much math do pentesters and security engineers need to know?

TechGromit

Math? That's why God invented computers. Learning math is just like the requirements to learn subnetting, almost no one uses does it by hand, they just pull up an online subnetting calculator and let the computer do the work. It's important to know where the results came from but I really don't think too many people pull out a paper and pencil when a computer is at arms length away.

lucky0977

Most of my professors had a PhD in Mathematics and I was a little worried if I would need to use those skills I learned in Physics after college but in the real world, the calculator is your friend.

OctalDump

EDIT for TL;DR

More math = more opportunity.

I think all you need to know is that the NSA is the largest employer of mathematicians in the USA.

Original post below

Mathematics is a powerful discipline and can be useful in many interesting places. Generally, the more mathematical knowledge you have, the more you can apply it. And I do mean mathematical knowledge and not just mechanics. Computers and calculators are good at the mechanics but knowing which tools to apply to a problem is still largely beyond them.

But I suspect you are asking more "how little mathematics can I get away with?" and the answer is very little. There are competent programmers who don't move much beyond basic operations - modulus is perhaps the furthest they go - and some understanding of algebra (which is basically what you are doing when you use variables).

If you go deep in, then things like cryptography get quite heavy, and can probably get as heavy as you like. Although that knowledge is generally only needed by people working on new implementations, or checking the implementations of others. Hard work, but the implications of flaws in crypto are usually massive.

Info Sec management generally needs understanding of risk and risk modelling, and again this can get heavy, at the extreme end it becomes a specialist discipline with its own degrees and very good pay.

Even things like threat analysis, forensics, incident handling etc can benefit from good statistics knowledge. Being able to sift through masses of data to find the anomalous is difficult, but again, can be very rewarding.

So I guess the pattern is, if you know more, you can potentially do more which usually means more money, maybe more interesting work, more prestige, and better job security.

TechGuru80

Math...interesting question...where did that spur from? I cannot really see any area except for Cryptography where you need to know heavy math. With that being said, agencies like the NSA where they actually create crypto algorithms are probably the only places you could realistically use the math.

JDMurray

Most every InfoSec profession will require the use of arithmetic, and some will benefit from competency in the use of spread sheets apps. (Excel is the most popular business application on Earth.) The real math is in cryptography/cryptoanalytics, but that's a mathematical career whose products are applied to the needs of InfoSec.

If a career in InfoSec, or software development, required math skills then I would have earned many paychecks in neither.

dmoore44

I'd say that the most helpful math discipline for me has been stats. I've been asked questions like "how many alerts did not fire because x log source went down" and "what's the distribution of alerts look like per country" and "what's the percentage change in alerts, by country, from last month/quarter/year". Also, knowing stats is handy if you're creating correlation rules in your SIEM. I've also been attempting to come up with a multiple regression function that will help identify the most important factors in an alert (i.e. user location, user permissions, indicator of compromise, etc...) so that a risk/severity/urgency rating can be applied.

TheFORCE

You will need to know heavy math if you are working with databases or doing any financial calculations in those databases. Business intelligence is another area that requires math, the more you know, the better you can become.

TechGromit

As others have said you don't need to do all the calculations yourself, let the computer do the grunt work. But you need to understand the formula / equations your feeding into a computer to allow the computer to give you useful results.

cyberguypr

Infosec engineer checking in who despises advanced math. When in college I purposely stayed away from it as much as I could. All I took was the minimum: college algebra and statistics. I have never needed more than that for my work.

It irks me big time when people say "oh, if you want to do infosec you MUST ABSOLUTELY study computer science". NO YOU DON'T.

jeremywatts2005

Depends how much you are going to get into encryption and decryption. Those are usually especially math heavy.

cyberguypr

Absolutely, but the general sentiment in some subreddits and other IT boards is Infosec (no matter what specialty) = CS. Drives me crazy.

NetworkNewb

JDMurray wrote: »

Most every InfoSec profession will require the use of arithmetic

Exactly ^^ I can confirm I had do some deep addition and subtraction the other day. Many beads of sweat were let out!

JDMurray

And percentages too!

HolyPuck

I'm an Info Sec Engineer and I pretty much do none. At least none that require me to think hard, maybe some statistics, but that's about it.