How much programming knowledge do security pros have?

headshot

Considering most breaches are programming exploits.

Pash

Andrew C Johnson

Blog of one of our resident security professionals on techexams.net. Note assembly language programming post.

I am very sure being a good programmer does help.

JDMurray

The term "security pro" is a very broad term. There's no indication of what area(s) of Information Security a "security pro" specializes in, so it's impossible to determine from this title alone how valuable programming would be to someone with this job title.

It's like calling someone a "mechanic," but not identifying what kind of mechanical devices they work on. People who repair electrical motors, automobile engines, or aircraft engines all have different types of technologies to learn and skills to be experienced at using. Just calling them a "mechanic" doesn't tell you what they do or should know.

Programming is a necessary and valued skill for security pros who work directly with (re)creating vulnerabilities and exploits in software. Programming is also used by people who create scripts and programs that configure systems and devices. This is not what 99% of all "security pros" do for a living.

However, that doesn't mean learning programming is not a valuable thing for every security professional to do. Just as most people who took advanced mathematics in college never used it in real life, their brief experience with advanced math topics did permanently shape the way they observed and solved problems. The same is true for "security pros" that take a few programming classes, but never actually uses programming in their security jobs. It will certainly help you to understand how those "black boxes" you are trying to secure really work inside.