Many people wonder about the importance of programming in cyber security. However, the fact is that most of the tools used in cyber security are written in code, and programming enables the development of new tools. Advanced tools provide more leverage and allow for a wider range of actions and change. Furthermore, knowing how to program provides the ability to modify existing software or craft something custom to solve specialized cyber security problems.
The best cyber security practitioners you'll encounter in the field are often the operator-developer types, who are hard to come by. Therefore, taking the time to learn some programming can enhance your ability in this area.
When I read about monitoring DNS traffic for signs of malicious activity in academic white papers, I wanted to develop a way to assign DNS queries in our logs with weighted risk scores. The risk scores were to depend on the number of subdomains, query length, and overall entropy of the query. However, since I did not know how to code, I had to chain together an incredibly massive Splunk query to calculate everything. Although it worked and discovered outbreaks on the network, it was pretty slow and bogged down the system. This experience prompted me to take coding seriously and patch up my skill gap.
It's not necessary to have a coding background in cyber security since most computer science programs focus on math and programming theory. I believe that learning scripting is a better starting point since it is quick to pick up and more practical for technical tasks.
For practice, a great resource is a website called runcode.ninja that offers scripting challenges in various programming languages.
No comments:
Post a Comment