Not all cybersecurity roles require coding, but it can be a valuable skill. Should certifications like Pentest+ or SecurityX include more emphasis on programming, or is it a niche skill?
Learn Coding for Cybersecurity?
- Thread starter precious
- Start date
If programming were to be included on the exams, what language would you use to
make the assessment? An additional challenge would be how to go about assessing
the coding? Considering multiple approaches could be taken to code something. If a
question requires some code that involves a looping construct, I might be more proficient
at using a "while loop", and others may be more adept at using a "for loop". And looping
syntax is only the beginning of differences to be assessed.
Whether it's a niche skill or not can certainly be debated. However, niche skill notwithstanding,
the variations in programming styles, I believe, would set the stage for some very heavy lifting
in terms of exam assessment.
The End!!!
Beautiful saying.....Maybe we just stick to testing exploits and leave the coding debates for the devs
Only generally. Sure, programming is part of security, but it's not the end all, like the question intimates. And if you're going to assess programming knowledge, then what language do we plan to use? How will you assess that, given that there are a myriad of approaches in programming?
/r
/r
True! Picking a language is tricky,...... as JavaScript helps with understanding XSS attacks (executing malicious code in browsers), SQL is key for SQL Injection (injecting malicious queries), and Python aids in crafting custom exploits or automating tasks........while we don’t need a deep dive into coding, a little programming knowledge makes these attacks way clearer.....No need to test all languages-just enough to connect the dots between code and vulnerabilities.
Better. I appreciate the higher quality post in reply, rather than simple low-quality statements of agreement sprayed all over.
I would tend to agree that having some knowledge of basic programming helps in cyber defense. I'm also of the persuasion that "to a carpenter, everything is a hammer, nail, and wood". Programmers are going to tend to the belief that "more programming is better", where someone who spends his time pouring over logs or runs a SIEM is going to prefer more topics about SIEM and SOAR.
This is why having a balance is important. No certification will EVER prepare a person for the complexities of a job. Instead, they will have REQUISITE knowledge for which they can apply skill. Very rarely is anyone ready on day one.
/r
Very beautiful explanation!... Thanks for clarity... Now am feeling like am in OTW classroom
OccupyTheWeb-Author of Linux basics for hackers
Both PenTest+ and SecurityX require a basic understanding of Bash, PowerShell, and Python. They are explicitly listed in the exam objectives.
Maybe CompTIA could do a distinct cert, there is a decent Python course "Artificial Intelligence for Cybersecurity" at uCertify
Yes you are right!....However, I was wondering if there is an argument for expanding the programming aspect in these certifications, especially for individuals looking to specialize in areas like exploitation or custom tool development...............Do you think a deeper dive into programming could benefit those pursuing more advanced roles in penetration testing or cybersecurity?
That's an interesting idea! A separate certification focusing more on programming, e.g Python, could help individuals looking to specialize in areas like automation or AI in cybersecurity.
I do not. CompTIA is vendor and technology-agnostic. The certs are starting points, not destinations. They should be paired with other non-CompTIA vendor-specific certifications, such as MS Azure, AWS, Cisco, Palo Alto, Red Hat, etc.
Great point!... Pairing foundational certs with vendor-specific ones does provide a more well-rounded skill set. Thanks for the insight!
I thought I heard something about CompTIA doing some certification offerings with respect to programming and languages. However, concrete material on this is still speculative at present.