Dave Shackleford has some concerns that most information security professionals nowadays don’t have the software development/coding/hacking background that’s necessary to be really effective in this field. While it’s hard for me to say who does or doesn’t have these skills, I completely agree that they can be critically important when it comes to information security.
Having a background in software engineering makes you a lot more productive when discussing secure coding with full-time software developers. Also, the ability to whip up a quick Python or Perl script to munge through some log data can be a huge time saver, especially in a tense incident response situation. I personally spend good bit of time creating software that other analysts can use to do their jobs more efficiently. Automation is a force multiplier!
Read his blog post for Dave’s full opinion and some good links.
Related posts:
