Coding Skills and Security Administration

Know how to code and take your computer security effectiveness to next level

Do coding skills help you with the general routine and daily security administration of computer systems and networks?

Yes. Regardless of the fact that ‘scripting’ which is (used to be) a crucial skill to manage computer systems and networks, coding skills is not only fundamental to understanding the details of computer security, but also fundamental to the security administration of computer systems and network.

Cyber security ecosystem is more than CIA and describing it on the paper. In order to understand the elements of computer security we need to be fully skilled with the fundamental of computer science which is truly software and hardware.

I am not telling you need to learn machine language and assembly because that is for someone dedicated to deal with lowest level of security like finding flaws and writing patches for operating systems and kernels, but one still need more than basic level of at least some scripting languages like PS (PowerShell), WSH (Windows Scripting Host), Bash, Python… to handle the security administration if not digging into details.

Some other coding skills helps your setup, configure, troubleshoot and generally operate smoother than other admins:

Java: knowing Java even if you wouldn’t want to write one single line of code is crucial because there are hundreds of thousands of utilities and backend systems coded purely with Java so it is so easy to understand them once you master Java.

JavaScript: you may find it funny how HTML with JavaScript can help you in security administration. Once you start digging into security aspects of many applications you will find HTML crucial and super helpful.

PHP: it is helpful if you are dealing with web apps in general. There are millions of web apps running with this powerful language.

SQL: any knowledge around any flavor of SQL is so helpful and if you deal with databases regularly then it is a must to know how to code SQL directly or via a host interface like PHP.

I personally put Python as a must only if you want to develop as well. In other words, knowing Python is very helpful only if you are going to specifically develop for a customized environment and integrate other systems and utilities.

What I can tell you generally is specialty is of course very important with any aspect of computer science that you are going to be the subject matter person for it, but whether we like it or not, it is critical to know about all fields of computer science to be able to manage a tech environment sufficiently.

For example, one can’t be an expert with networking if doesn’t have full knowledge of SSH so probably won’t be able to fully operate a network securely if is not capable of administration part. Coding skill is not a preference, it is critical to security administration.

Commitment: The Sole Reason Behind Hackers Supremacy

Would you put more complex firewall rules when internal nodes are vulnerable due to initial default insecure setup, or setup numerous security tools while setting up more and more insecure nodes at the same time?!

the mechanic and dynamic of hacking is blurry to typical IT guru…

  • Are Hackers ahead of entire IT security industry?
  • Why the balance between two parties of has been shifted a long ago?
  • What made a big gap when there was not such a huge difference in 90’s?

it’s a false hope believing that sunny side of the cyberspace is controlling the cyber-planet! Malicious hackers are way ahead and that’s why we spend so much time on safety rather than focusing on legitimate needs of cyber-society!

Many factors are involved in Hackers Supremacy: knowledge (original or fake), intelligence, team work with genuine sense of community, nature of operation, goal and its outcome (destructive or constructive), originality of source code… but I have noticed there is only one effective factor as the most significant to matter, something that took hackers’ community to a totally different level of control, and changed the balance between Jedi and Sith forever: Commitment! Hackers are simply more committed to do their job!

We send our top IT talents to learn hands-on hacking techniques, encourage IT administration to deep dive into dark web, and all company crew to learn security essentials, and still it takes one man to bring the entire company technology infrastructure down to knees, all because the mechanic and dynamic of hacking is blurry to typical IT guru. Here is an analogy to human body: consuming more and more vitamins and hope to have a healthier cells physiologically, while body is creating cancerous cells. That is ignoring root cause and going after fixing the issue without considering symptoms! But result would be misleading because even with cancer, still vitamin C has a positive effect on the patient!

focusing on defining more complex firewall rules, versus Not setting up vulnerable nodes with default insecure configuration!

Software with every piece of code is the foundation of any modern computerized system (basic ha?) and that’s where we have problem: creating vulnerable code at the first place, and that’s where “Commitment” comes to equation: software community wants to release, in rush, with limited to zero knowledge of security, dealing with very high-level and complex API, no test, immature or illogical software development process, no code review…but hackers are committed to review developers code for them, and they find those cancerous cells inside body of the software!

Even worse, while hackers are committed to find and Exploit those software flaws, developers are committed to release newer versions with more focus on functionality rather than fixing the foundation. No doubt it is tedious and sometimes impossible, because if the flaw is within the design, there is no time for developer to step back and fix something natively insecure, to the point that sometimes developers prefer to completely leave the insecure code behind and go for a brand new baby code, where they fall into same illogical development process, or even they may use some boilerplate codes from previous practice (more likely insecure artifacts).

focusing on setting up numerous security tools in an environment, versus stop adding insecure nodes to the same environment!

Code Review is the best way to get ahead of hackers and of course that’s software developers’ mission to culturize and popularize the practice in earliest stage of coding, and for IT administration, they need to fully understand the mechanic of software they are using. Remember that today’s IT crew are more like software operators, so it is reasonable to have operators fully aware of the machine they are driving.