Is Cyber Security Dependent on Coding

Is Cyber Security Dependent on Coding?

Many people wonder how vital it is to understand programming for cyber security, and the legal response is, "it depends." Because many professions don't require you to code when you're first starting and depending on how advanced you want to get, programming may or may not be important to you.

We'll look at the connections between cyber security tooling and knowledge in this essay, as well as an on-the-job scenario where I wished. I tried to code but couldn't, and I ended up with some suggestions for non-programmers just getting started.

How important is coding?

Consider it this way: Almost all cyber security tools are written in code, and programming allows you to create tools. So the first questions to address are: what are tools, and why is it vital to know how to make them? On a theoretical level,

Whether in the actual or digital world, tools increase your potential to affect the environment around you. They allow you to produce action and change when combined with intent. As a result, the more complex your tools are, the more leverage you'll have and the broader range of actions and changes you'll be able to do.

"Give me a long enough lever and a place to stand, and I'll move the Earth," Archimedes once stated. If he was standing in something more advanced, like the Death Star, he'd be able to blow that up as well, assuming he knew how to handle it.

It's no different in the virtual world. Getting success in cyber depends on the types of software tools you have and how well you know how to use them. So the first thing to remember is that your entire cyber talents, whether as an individual or as a team, are determined by the combination of tools and skills you have. As a result, it's critical to strike a balance in both areas if you want to boost your overall effectiveness.

The majority of people in the cyber security profession currently fall into one of three categories: BlackBox users, tool operators, or developers.

Blackbox Users

Most BlackBox users will only be familiar with the fundamentals of one or a few software systems, and only in instances where they've been trained. These folks may have a few credentials, but they can't apply their knowledge to address problems in more sophisticated circumstances without the assistance or mentoring of more experienced practitioners.

It's not possible to alter or create new tools. The vast majority of cyber security professionals fall into this category, and knowing how to code isn't all that important to them because they haven't mastered many of the most common tools in their current role, such as Wireshark, Metasploit, Autopsy, Burp Suite, Volatility, Cellebrite, Group Policy, and so on.

It's far preferable to start with the fundamentals, such as computer networking, operating system design, and problem resolution.

Tool Operators

We have tool operators in the next group, who are skilled at using a range of applications to do tasks and can creatively connect them in real-world circumstances.

These individuals form the backbone of a company's IT and security departments, and they are frequently the workhorses who get things done. The negative for individuals who don't know how to code is that it isn't much you can do if you're in a scenario where there isn't an obvious tool available.

Learning to program can greatly enhance your abilities at this point, as it allows you to automate many of the processes that you previously handled manually.

Tool Developers

Now, tool creators, particularly those who are directly involved in operations, can comprehend the ins and outs of the tools they employ.

Knowing how to program allows you to customize existing software or create something entirely new to address specific cyber security issues. Depending on the team you're on, the operator-developer types are some of the best cyber practitioners you'll meet in the field and are hard to come by.

People who can chain tools together or develop custom-built code have increasing degrees of knowledge that are orders of magnitude higher in terms of overall ability. And I've noticed that those who have a programming background move faster and further in their learning than those who don't.

Here’s an example:

I started as a security analyst in a three-man team with no certifications and a basic understanding of programming. We were using Splunk to monitor the network for malicious activity, which allows you to create complicated queries to search across massive datasets like network logs.

Common protocols like NTP, DNS, HTTP, and HTTPS are allowed to leave many company networks, which is what you'd expect from internal users browsing the web or servers getting updates. Ports 123, 53, 80, and 443 are commonly used to host these services.

To reduce the possibility of data exfiltration, firewalls would drop any other form of communication headed for other ports. To avoid detection, malware would frequently mask its communication activity within these standard protocols as covert channels. After reading about the technique in various academic white papers, I pushed the notion of monitoring DNS traffic for signals of malicious behavior.

I intended to devise a method for assigning weighted risk scores to DNS searches in our logs based on the number of subdomains, length, and overall entropy of the query. I had to put together an exceedingly big Splunk query to calculate everything because I didn't know how to code.

Even while my method detected outbreaks on the network, it was slow and slowed down the system, so I had to rely on one of the team's more senior members to re-implement my solution as a Python module that did the same thing but faster.

On the one hand, my curiosity and perseverance made me a great team member. At the same time, if I had learned the most fundamental programming skills, I would have been able to use code to explain the consequence of whatever I wanted to achieve. This incident inspired me to take action and take coding more seriously to close the gap in my skill set.

One caveat I'd want to mention is that it's critical to distinguish between scripting and software development, as many individuals will use the terms "programming" and "coding" interchangeably.

Scripting

Scripting is a term used to describe the process of creating short pieces of code in an interpreted language to automate processes or connect the functionality of several tools.

Software Development

Software development, on the other hand, is a broad word that encompasses scripting as well as the creation of algorithms and libraries as part of a larger, more complex toolchain.

People often think of scripting languages like Python or Bash as scripting languages, while compiled languages like C++ or Java are more geared toward software development, but it all depends on the tool's complexity and your goal: whether you want something quick and dirty or something more robust and long-lasting.

On the operator vs. developer axis, you'll see a lot more scripts on the operator side and a lot more compiled languages on the developer side. This isn't true for everyone because people's personalities vary, but it's a good rule of thumb.

Because on the operator side of the spectrum, your focus is mostly on pre-built tools with some degree of customized automation thrown in, even if you aren't into software development-level programming, you can get very far by at least learning how to read and write scripts.

In this scenario, having a coding background isn't necessary because, in my opinion, most computer science programs at the university level are much more strongly focused on areas like applied math, programming theory, and software development.

I believe it is preferable, to begin with, scripting, which is easier to understand and more practical for day-to-day technical duties. Automating the Boring Stuff with Python, Learn Powershell in a Month of Lunches, and the Unix and Linux System Administration Handbook for learning Bash are three books I recommend for learning scripting.

One of my favorite sites for practice is a website called runcode.ninja, which includes scripting exercises in almost any language you want. Check it out because it has hundreds of practical activities ranging from encryption to forensics to reverse engineering.

Overall, even if you don't know how to program, you can have a great career in cyber security. However, as you gain experience, you'll see that the types of difficulties you'll be dealing with aren't always easy to solve with readily available solutions.

You can only rely on someone else on your team to assist you in implementing a solution, or you can learn how to do it yourself. Being able to create your own tools with code increases your versatility and breadth as a cyber expert.

It effectively flips the script and puts you in the position of assisting others on the team in becoming more effective, which, in turn, leads to greater possibilities in various businesses.