This article is about programming (also referred to as coding) and it’s role in cybersecurity.  To learn more about how the Python programming language is used in cybersecurity, view our article here.

When many people get started on their cybersecurity career journey, they begin to assess which skills will be needed, and undoubtedly consider whether those skills are ones that they can learn, or even want to learn.  A not-so-common but very relevant question is about the need for programming and whether programming skills are mandatory for someone getting started in cybersecurity.

So, does cybersecurity require coding?  The majority of entry-level cybersecurity jobs do not require coding skills.  However, being able to write and understand code may be necessary for some mid-level and upper-level cybersecurity positions that you will become qualified for after you’ve built a few years of experience.

In other words, I don’t believe that coding is a skill that everyone needs to worry about or focus on while they are getting started in the field, but it is a skill that is going to determine how far you advance in your career and what opportunities are available to you down the road.  And even with that said, there are many advanced and very successful cybersecurity professionals who are not strong in programming.

What is the best approach to learning to code for beginners?

Given that coding is not a critical skill that is going to prohibit you from getting started in cybersecurity, I recommend a two-phase approach to learning how to code, which is to 1) develop programming awareness, and then while you’re building some career experience, 2) develop programming proficiency.  You will notice that neither of these phases requires programming mastery. Programming mastery and high-level coding is not necessary for most cybersecurity positions and is best left to the dedicated programmers who code day in and day out and are creating applications or software solutions.

So, to beef up your programming ability, follow the two-phase plan outlined below.

Phase #1:  Develop programming awareness

As you get started on your career journey in cybersecurity, take a look at the entry-level job postings in your area.  You’ll probably notice that very few entry-level technical jobs list programming as a core required skill and that almost all do not have a cybersecurity-sounding job title.  When you are in this initial phase, keep in mind that security is a part of almost all technical positions now and that many employers still use general job titles for positions that are security-related.  The security of computer systems has been around well before cybersecurity became a common term.

As I have said in other posts, I believe that the best approach to getting your cybersecurity career started quickly is to start working in a more general technical support or information technology position, because when you’re getting started your skills are more general anyway, and hands-on experience in any related technical position is the best way to learn fast.  Also, the likelihood of someone coming out of college with no experience and jumping right into a job with a title like “Senior Security Analyst” is limited. Consider that at this beginning phase, we don’t have the skill or proven experience to be able to handle a high level of technical responsibility just yet. It is during this initial phase of your career that you want to build your programming awareness.  

What is programming awareness?  Programming awareness means that you can identify programming code, you understand basic programming constructs and components, such as if/then statements and loops and can read code and understand in general what the code is trying to do.

The best way to build your programming awareness is to get some structured practice, which means that you are learning programming by actually creating code and that you are introducing new programming concepts step by step as you go.  A great way to get structured practice is by taking an introductory programming course, either at a college or online. Online classes will probably be cheaper or possibly even free, and many are on-demand, which means you can sign up and start at any time at your convenience.  College classes are probably more structured and costly but are likely to have an instructor available to assist when you get stuck or your code doesn’t work.

Look for courses that are introductory programming courses or courses that are focused on the basics of the Python programming language (you can read our article about Python and cybersecurity here).  The Python language is very prevalent in cybersecurity positions that require coding and is a relatively easy language to learn. While I always recommend face-to-face classes for cybersecurity topics such as penetration testing, learning programming in an online class, whether through a college or not, is not an issue for most learners since programming coursework is easy to communicate via the internet and home computers can be used to code without a lot of software installation and configuration or security concerns.  Feel free to take an online class so long as you have the discipline to get the work done. Regardless of which learning method you pursue, make sure that your programming class has practical exercises that you can complete so that you can actually do the coding because the best way to learn code is to create code yourself.

Phase #2:  Develop programming proficiency

Our second phase of programming knowledge is to develop programming proficiency.  As mentioned above, programming proficiency does not mean that we are a fully qualified coder or that we are an expert in any given programming language.  

What programming proficiency means is that we can develop our own code with confidence, while using available resources such as textbooks or online examples, and we can troubleshoot code created by us or others.

A common example of a programming proficiency in the cybersecurity world is when a Cybersecurity Analyst creates a script in Python to automate repetitive tasks.  When someone creates a script in an example like this, note that this is a one-time effort and not something that they do all day long.

So, how do we go about developing our programming proficiency?  We want to take the same approach as we did in the first phase where we learned programming awareness, but take it to the next level.  Here we want to continue our programming education and develop our programming practice, and to do this a great path would be to enroll in an intermediate-level programming course.  Again, your options would include a college course or an online program, but now we want to make sure the course is not just teaching concepts but is focusing on the application of programming concepts to create solutions.  To determine if a class qualifies, take a look at the list of labs or projects contained in a course to verify that you’ll actually be building something.  

The good news about following this two-phase process is that by the time you’re ready to start on phase #2 and develop your programming proficiency, you have already been working in the field for a year or more and have had the opportunity to meet other professionals and get a feel for the different areas of specialization in cybersecurity.  You also will probably have a greater understanding of which of those areas are of interest to you, and if they require a heavy amount of programming knowledge.

What areas of cybersecurity require coding?

Even though you’re probably a few steps away from a job that requires programming knowledge, having an idea of what is out there on the horizon is not a bad idea.  The areas of cybersecurity that most often require coding knowledge are generally higher-level jobs that focus on some sort of software engineering or analysis or penetration testing (see our article on how to become a penetration tester here, complete with interviews).  Any job title that has the word engineer or developer in it would be a tip-off, but many other job titles may request programming skills as well.

In addition to those jobs, some other cybersecurity positions will use programming, specifically Python, for generating scripts for automation.  Of course, which positions specifically require programming skills will be on a case-by-case basis and will change over the years as the cybersecurity field continues to develop.

Related Questions

Does programming require a strong math background?   Since programming languages are built on logical structures and perform computation, a strong math background is beneficial for programmers.  This does not mean that you must have a mastery of calculus-level math, but an ability to handle college-level math concepts will be helpful.  You can read more about how much math is required to work in cybersecurity here.

What are some of the most common programming languages?   Most code in existence, and therefore the languages that programmers focus on, tend to be the following:  Python, Java, JavaScript, HTML, CSS, and derivatives of C, however, there are hundreds of other programming languages that have been developed and are in use.

About the author 

Matt Day

Matt Day is a cybersecurity professional with over twenty years of experience in the IT, cybersecurity, and technology training fields. He has a degree in Computer Information Science and CompTIA A+, Network+, Security+, Server+, CySA+, and Cisco CCNA certifications.