What Cybersecurity Professionals Really Need to Know About Programming
Written by: University of Tulsa • Dec 8, 2023
Cybersecurity professionals are often portrayed in popular media as elite hackers, typing furiously on keyboards late into the night to outwit spies and thieves. The reality of cybersecurity careers is very different from the myths that occupy the public consciousness. Cybersecurity experts are information technology professionals who deploy specific technical and soft skills, but the myths surrounding them have created a great deal of confusion about what skills are relevant in the field.
The online Master of Science in Cyber Security from The University of Tulsa teaches skills for cybersecurity careers of all kinds. Program graduates are prepared to meet the high demand for cybersecurity professionals and work in subfields such as incident response, security testing and cybersecurity management. Across the board, cybersecurity professionals work closely with computer systems, databases and networks. They protect these systems and the sensitive data they contain from outside attacks. They share many technical skills with other information technology and computer science professions – but does that include computer programming?
Do you need programming skills for cybersecurity work? ¶
The short answer is: It depends. There are many cybersecurity jobs and they all require different skillsets. Some cybersecurity professionals use programming skills frequently, but others never write a line of code in their whole careers. That’s because cybersecurity professionals do different types of work.
Some monitor network and computer activity, watching for security breaches in intrusion detection. Others build secure networks, selecting the proper hardware and software solutions to create secure systems. Still others test existing networks to expose vulnerabilities and report them to their peers and supervisors, who implement patches. This is sometimes called ethical hacking, and it’s the closest real cybersecurity professionals get to their fictional counterparts. There are also professionals in the field who do much less technical work. Non-technical responsibilities include educating the public on security issues, ensuring compliance with best practices, managing cybersecurity projects or overseeing cybersecurity teams.
How likely it is that a cybersecurity professional needs programming skills depends largely on job titles. Penetration testers spend almost all their time carrying out mock attacks on computer systems. They may use programming languages to automate attacks, just as a real hacker would. Cybersecurity managers, on the other hand, spend their time managing security teams and guiding security policy at their organizations. They aren’t likely to use any computer programming in their work. Other professionals, such as security systems administrators, use specific technical skills but seldom write code.
Those who want to launch cybersecurity careers should not be dissuaded by the popular image of the lone white-hat hacker coding at a breakneck pace. While workers in the cybersecurity field typically have high-tech know-how, far fewer have sophisticated computer programming skills.
Critical skills for cybersecurity careers ¶
Instead of computer programming, aspiring cybersecurity professionals should focus on learning the following skills:
Cloud security ¶
People and major corporations readily store sensitive information on the cloud. A report from data protection firm Arcserve predicts that 100 zettabytes – or 50% of the world’s data – will exist in the cloud by 2025.
The cloud offers incredible opportunities for information accessibility, but it also opens data up to new vulnerabilities. Cloud security has become an essential skill for IT security experts as more data migrates to the cloud. Cybersecurity professionals use many technologies, policies and security tools to protect the cloud and its data. Anyone aspiring to work in the field should become comfortable with cloud technologies such as Amazon Web Services, Google Cloud Platform and Microsoft Azure – three of the world’s largest cloud platforms.
In a report from the International Information System Security Certification Consortium (ISC2), 40% of cybersecurity professionals surveyed say that cloud computing security skills are necessary. The cybersecurity curriculum in the M.S. in Cyber Security program at The University of Tulsa teaches these skills in courses such as Network Security Concepts and Applications. In that course, students learn how to keep data secure as it travels across dispersed networks.
Risk assessment ¶
Although cybersecurity professionals in popular media usually leap into action when they detect intruders, real-world cybersecurity professionals identify and mitigate cyber threats before they occur. Most cybersecurity professionals use historical trends and news about the latest malware and cyber attacks to evaluate the threat landscape and anticipate future risks.
Nearly 30% of cybersecurity professionals in the ISC2 report said that risk assessment, analysis and management skills were important in the field. Students in TU’s M.S. in Cyber Security program learn about the information security risks organizations face and different security threat mitigations in Defensive Cyber Security Technologies. In Security Audit and Penetration Testing, they learn to assign risk metrics to threats from vulnerabilities and exploits and apply defensive practices against the major classes of attack.
Security analysis ¶
Security analysis is the other side of risk assessment. Where risk assessment looks outwards at potential security threats, security analysis looks inward at vulnerabilities in an organization’s information systems. Security analysts can identify possible security breaches, such as firewall openings or human error. They identify and repair those vulnerabilities before hackers can use them.
About 28% of cybersecurity professionals in the ISC2 report also said that security analysis was a crucial skill, placing it on par with risk assessment in terms of importance. Students in the M.S. in Cyber Security program at TU take Information Systems Assurance, where they design analysis methods for information systems. They also learn auditing and testing methodologies for information systems in Security Audit and Penetration Testing.
Governance, risk management and compliance ¶
Cybersecurity professionals are an organization’s primary line of defense against cyber attacks, but responsibility for information security extends across the entire corporate governance system. Governance, risk management and compliance (GRC) refers to policies and practices for managing risks. This skill set involves a variety of individual talents, from deploying comprehensive guidelines that govern security risks to ensuring those guidelines are followed throughout an organization. Some come from cybersecurity management best practices, but others are strict legal requirements.
In the ISC2 report, 26% of cybersecurity professionals rated governance, risk management and compliance skills essential. The University of Tulsa’s M.S in Cyber Security students can take the elective Cybersecurity Law and Policy to learn about data security regulation, security breach laws and other relevant cybersecurity policies.
Should you learn programming for cybersecurity? ¶
Unlike cloud computing security and risk management, programming is not a foundational cybersecurity skill. Instead, it is a tool that can open specific career paths in cybersecurity or make a person’s existing cybersecurity skills more effective. Think of programming like a nail gun – you don’t need a nail gun to build a house, and having one won’t suddenly make you a homebuilding expert. However, if you already have homebuilding skills, learning how to use a nail gun can make some aspects of homebuilding faster and more effective.
Aspiring cybersecurity professionals don’t need programming skills to work in the field, but those skills could make them more competitive for the best cybersecurity jobs. The good news is that many resources are available for independently learning computer programming. Professionals with a deep understanding of cybersecurity concepts and IT or computer science backgrounds can quickly learn how to apply programming to those concepts independently.
Cybersecurity professionals who want to learn programming should focus on the C family of languages, which are the backbone of many computer operating systems and pieces of software. These include Java, which appears in many software and web applications; a scripting language such as Python, which can be used to automate security tasks and analyze data; and SQL, which can protect against attacks or carry out mock attacks as a part of penetration testing.
Programming skills are not required to become a cybersecurity professional, but learning these programming languages can open the door to higher-level cybersecurity roles, such as cybersecurity software engineer, incident responder or penetration tester.
Tulsa’s M.S. in Cyber Security program teaches necessary skills for cybersecurity careers ¶
Anyone pursuing a career in cybersecurity must learn skills specific to that field. These skills are necessary for everyday practice and cybersecurity certifications, which are required for many jobs in the cybersecurity industry. Computer programming is a distinguishing skill on resumes, but it’s not enough to help someone land a cybersecurity job on its own, nor is it necessary in many cybersecurity jobs. The National Initiative for Cybersecurity Careers and Studies (NICCS) identified 52 distinct roles in the discipline, many of which require no computer programming skills whatsoever.
The online M.S. in Cyber Security program from The University of Tulsa teaches current IT professionals or others with a computer science background the cybersecurity skills necessary to work in the industry. The program features small classes, allowing students to get the most out of world-class faculty leading the way in cybersecurity research and education. TU also enjoys relationships with top IT employers, including Amazon, Instagram and Google, giving students access to career-driving networking opportunities.
This rigorous program can be completed in 20 months at a part-time pace, so current IT professionals can continue working while they begin their cybersecurity careers. From there, they’ll have a strong foundation from which to learn the programming skills necessary to go into cybersecurity software development or step into roles that involve automation, security engineering or penetration
Scholarships and financial aid are available. Apply today to start your cybersecurity journey or attend an enrollment event to learn more about admissions requirements and the online student experience at TU.