Episode 33

full
Published on:

6th Nov 2024

Ep33: Do you really need to know Python or coding to be a great cybersecurity engineer?

Do You Need Coding Skills to Succeed as a Security Engineer?

In this episode, we debunk the myth that coding expertise, particularly in Python, is essential for success in cybersecurity engineering. While many claim that coding skills are a gatekeeper in this field, the reality showcases a wide array of roles such as governance, risk and compliance (GRC), security awareness, and SOC analysis, which do not require deep coding knowledge. The ability to write simple, logical instructions can be helpful, especially in application security or cloud engineering roles. However, mastering core cybersecurity skills like threat modeling, vulnerability assessment, and incident response often has a greater impact. Additionally, AI tools are making coding tasks more accessible. We encourage you to focus on the skills that matter most for your desired cybersecurity role and not be deterred by the myth of mandatory coding expertise.

00:00 Introduction: Do You Need to Know Python for Cybersecurity?

00:06 Debunking the Coding Myth in Cybersecurity

00:26 The Role of Coding in Specific Security Roles

00:59 Core Skills Beyond Coding

01:07 Non-Coding Roles in Cybersecurity

01:34 The Impact of AI on Coding in Cybersecurity

02:12 Essential Skills for Cybersecurity Professionals

02:38 Encouragement for Aspiring Security Engineers

---

I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.

--

--

Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:

Listen to Byte Sized Security

--

Support this Podcast with a Tip:

Support Byte Sized Security

--

If you have questions for the show, feedback or topics you want covered. Please send a short email to marc@bytesizedsecurity.show with the Subject line of "Byte-Sized Security" so I know it's about the podcast.

Connect with me on TikTok: https://www.tiktok.com/@bytesizedsecurity

Transcript
Speaker:

Do you really need to know Python or

coding to be a great security engineer?

2

:

Short answer.

3

:

No.

4

:

Many people claim that you must

know how to code or learn Python to

5

:

succeed in cybersecurity engineering.

6

:

Honestly, that feels like gatekeeping.

7

:

I've also heard people say that

you can't call yourself a security

8

:

engineer if you don't automate through

code, but that simply is not true.

9

:

Automation can be beneficial, but

it's not a requirement for every role.

10

:

Coding is important, especially in roles

like application security or staff,

11

:

product security engineering, where

you work alongside software engineers,

12

:

application security engineers.

13

:

Or cloud engineers on code reviews,

Python scripts, or product contributions.

14

:

However, insisting that every security

engineer needs to be a coding expert

15

:

just keeps talented people away.

16

:

In fact coding today often means being

able to write simple instructions clearly.

17

:

It's about logic and problem solving

rather than complex programming.

18

:

You can be an amazing security

engineer by mastering core skills,

19

:

like threat modeling, vulnerability,

assessment, and incident response.

20

:

There are many roles in cybersecurity

that do not require coding such as

21

:

governance, risk and compliance GRC.

22

:

Security awareness, training and

security operations center, SOC analysis.

23

:

Those rules focus more

on policies, process, and

24

:

monitoring rather than coding.

25

:

Not every cybersecurity role requires

deep coding knowledge or Python skills.

26

:

If you want to learn coding, or if

it's part of your desired role, go

27

:

for it, it will help your career.

28

:

AI tools, including AI

powered vulnerability.

29

:

linters are also making Python coding

help, more accessible than ever, which

30

:

is transforming how cybersecurity

professionals approach coding tasks.

31

:

You don't need to be a

coding genius to succeed.

32

:

Many of these tools can handle basic

to advanced code reviews, saving

33

:

time for security and software

engineers during final code review.

34

:

How much time is wasted on vulnerabilities

that require coordination between

35

:

teams for review and research.

36

:

AI can handle the initial work.

37

:

Allowing engineers with code literacy.

38

:

To resolve issues faster.

39

:

Focus on the skills that

really matter in cybersecurity.

40

:

Understanding system architecture,

performing risk analysis, building

41

:

a strong security culture and

using security automation tools.

42

:

Python can be useful, but

it's not always a requirement.

43

:

These are often the skills that

make the biggest impact, depending

44

:

on your cybersecurity role, you

may or may not need to know how

45

:

to code or use Python at all.

46

:

As a security engineer.

47

:

Maturing and cybersecurity means

understanding the person who meets.

48

:

100% of the job requirements.

49

:

Probably exaggerated on the resume

while you might hesitate to apply

50

:

with 60% of the qualifications.

51

:

Apply anyway.

52

:

If you're interested in breaking into

tech, remember that there are many

53

:

different paths into cyber security.

54

:

Without the gatekeeping.

Support the Podcast with a Tip

If you're enjoying Byte-Sized Security and finding these practical tips useful, please consider supporting the podcast with a small contribution. It costs $17 per month just to cover podcast hosting fees, and your support helps offset the costs of producing this security resource and keeping episodes free. Even a tip of $1-5 per month from loyal listeners adds up and allows me to continue providing great cybersecurity info. Please considering a donation. I appreciate you helping sustain Byte-Sized Security! Now back to the security tips..
Support the Podcast
A
We haven’t had any Tips yet :( Maybe you could be the first!
Show artwork for Byte Sized Security

About the Podcast

Byte Sized Security
Snackable advice on cyber security best practices tailored for professionals on the go
In a world where cyberattacks are becoming more commonplace, we all need to be vigilant about protecting our digital lives, whether at home or at work. Byte Sized Security is the podcast that provides snackable advice on cybersecurity best practices tailored for professionals on the go.

Hosted by information security expert, Marc David, each 15-20 minute episode provides actionable guidance to help listeners safeguard their devices, data, and organizations against online threats. With new episodes released every Monday, Byte Sized Security covers topics like social engineering, password management, multi-factor authentication, security awareness training, regulatory compliance, incident response, and more.

Whether you're an IT professional, small business owner, developer, or just someone interested in learning more about cybersecurity, Byte Sized Security is the quick, easy way to pick up useful tips and insights you can immediately put into practice. The clear, jargon-free advice is perfect for listening on your commute, during a lunch break, or working out.

Visit bytesizedsecurity.com to access episodes and show notes with key takeaways and links to useful resources mentioned in each episode. Don't let cybercriminals catch you off guard - get smart, fast with Byte Sized Security! Tune in to boost your cybersecurity knowledge and help secure your part of cyberspace.
Support This Show

About your host

Profile picture for Marc David

Marc David

Marc David is a Certified Information Systems Security Professional (CISSP) and the host of the cybersecurity podcast, Byte-Sized Security. He has over 15 years of experience in the information security field, specializing in network security, cloud security, and security awareness training. Marc is an engaging speaker and teacher with a passion for demystifying complex security topics. He got his start in security as a software developer for encrypted messaging platforms. Over his career, Marc has held security leadership roles at tech companies like Radius Networks and Vanco Payment Solutions. He now runs his own cybersecurity consulting and training firm helping businesses and individuals implement practical security controls. When he’s not hosting his popular security podcast, you can find Marc speaking at industry conferences or volunteering to teach kids cyber safety. Marc lives with his family outside of Boston where he also enjoys running, reading, and hiking.