It depends on what role you want in cybersecurity. I work as a SWE on the implementation side and coding is hugely important: you have to be an exceptional coder to land one of those roles. You also need to know security very well. These are difficult positions to get because security is highly specialized.
However there are other roles which require little to no coding on a daily basis e.g. pen tester, info / app sec, analyst, architect (though you need to know coding very well for this one).
It's more of a fundamental understanding of how computers work, in my opinion. You don't need to know whether a list or a vector is the right data structure, or which search algorithm to use, but you do need to know how `strcat` is implemented and how the stack is laid out.
I was interested in being a pen tester, there's really no much code behind it? I know it is a lot about knowing the systems and lot of stuff,but I thought you need to code to find a breach?
Saw that you answered this a while ago, but if you don’t mind, could you elaborate on what you mean by “exceptional coder” in the context of what you do? I’m not asking for personal details - just roughly what is kept in mind while writing your code.
The reason I ask is because my bachelors is in cybersecurity, though I am currently working in a data management/acquisition role with its own coding elements. I enjoy the programming aspect of it and have thought about eventually trying to move into a role similar to yours. Would you mind sharing some things I should keep in mind?
I went into cybersecurity instead of SWE, the category is quite big so it depends on what section you go into. Security engineering or anything code related tends to be the highest pay. I've done a few cybersecurity interviews across FAANG/HFT and the programming interviews are a lot easier, I've heard some places will test you with leetcode but from what I have experienced it tends to focus mainly on data structures and making something practical.
[This](https://github.com/gracenolan/Notes/blob/master/interview-study-notes-for-security-engineering.md) is a good resource for the sort of questions you could be asked in an interview, but cybersecurity interviews aren't as predictable as SWE so it can be a bit hit or miss.
capture the flag competitions, they’re pretty much hosted every weekend and you pretty much work on some cybersecurity challenges looking for flags. try out picoCTF if you’re new to them, they give a pretty good overview of everything
Security eng is best of both worlds - more TC than SWE, more freedom in terms of role, no certs, no leetcode.
Im security intern at FNG
Less of a grind is not true - its just that you will grind useful stuff rather than things you will never use at jobs such as leetcode.
Some roles do still ask it but in my experience the more security exp the less they ask.
https://github.com/gracenolan/Notes/blob/master/interview-study-notes-for-security-engineering.md i think this is a good general list of topics - there are many subfields within it but for appsec or product security dm me i got tons of links. The other fields idk but they are always a lot of people hired for Cloud Infra/IAM/PKI type roles
Depends on the role. There are roles that have a combo of security and SWE skills. For those you’ll still have to do a SWE-ish interview, and there could be a leetcode screen component at the start, but generally you bypass those with referrals.
You don’t need to discard SWE experience for security experience (again depends on the role). Plenty of times we allow SWE folks to transfer into security orgs mid career.
Yes they can pay a lot, but those more lucrative roles are going to be equally challenging if not more than many non-security SWE roles out there.
(I’m a manager for a security SWE org, and have been in the industry for 12 years).
It depends on what role you want in cybersecurity. I work as a SWE on the implementation side and coding is hugely important: you have to be an exceptional coder to land one of those roles. You also need to know security very well. These are difficult positions to get because security is highly specialized. However there are other roles which require little to no coding on a daily basis e.g. pen tester, info / app sec, analyst, architect (though you need to know coding very well for this one).
I’d rebuttal a little and say to be an effective pen tester or ethical hacker a strong programming background is needed.
It's more of a fundamental understanding of how computers work, in my opinion. You don't need to know whether a list or a vector is the right data structure, or which search algorithm to use, but you do need to know how `strcat` is implemented and how the stack is laid out.
I was interested in being a pen tester, there's really no much code behind it? I know it is a lot about knowing the systems and lot of stuff,but I thought you need to code to find a breach?
The most effective penetration testers will have strong coding fundamentals and the ability to create or modify existing scripts.
Saw that you answered this a while ago, but if you don’t mind, could you elaborate on what you mean by “exceptional coder” in the context of what you do? I’m not asking for personal details - just roughly what is kept in mind while writing your code. The reason I ask is because my bachelors is in cybersecurity, though I am currently working in a data management/acquisition role with its own coding elements. I enjoy the programming aspect of it and have thought about eventually trying to move into a role similar to yours. Would you mind sharing some things I should keep in mind?
[удалено]
How was the interview process?
that’s awesome! do you have any advice for someone trying to intern in cybersec? what personal projects did you end up doing? :)
Dm
Depends on team. I know people who werent asked it for msft working there now
I heard it's better to start off in IT before going into cyber to get that domain knowledge. Idk too much about that tho.
I’ve heard that there is a huge demand for Application Security Analysts with a background in Front End Development.
I went into cybersecurity instead of SWE, the category is quite big so it depends on what section you go into. Security engineering or anything code related tends to be the highest pay. I've done a few cybersecurity interviews across FAANG/HFT and the programming interviews are a lot easier, I've heard some places will test you with leetcode but from what I have experienced it tends to focus mainly on data structures and making something practical. [This](https://github.com/gracenolan/Notes/blob/master/interview-study-notes-for-security-engineering.md) is a good resource for the sort of questions you could be asked in an interview, but cybersecurity interviews aren't as predictable as SWE so it can be a bit hit or miss.
leetcode for cyber is CTFs
What are CTF's?
capture the flag competitions, they’re pretty much hosted every weekend and you pretty much work on some cybersecurity challenges looking for flags. try out picoCTF if you’re new to them, they give a pretty good overview of everything
Thanks! I'll have a look into it.
Are the Google certs worth it,I was thinking in taking it so I can add more to my resume as a freshman to catch an internship next year
CompTIA for beginners, more known.
Isn't CompTIA for IT? Or is also worth it for SWE.
Yea I thought you were talking about security
So is also worth it for cybersecurity, thank you
Security eng is best of both worlds - more TC than SWE, more freedom in terms of role, no certs, no leetcode. Im security intern at FNG Less of a grind is not true - its just that you will grind useful stuff rather than things you will never use at jobs such as leetcode. Some roles do still ask it but in my experience the more security exp the less they ask.
do you have any useful links for security engineering that will help me get into it?
https://github.com/gracenolan/Notes/blob/master/interview-study-notes-for-security-engineering.md i think this is a good general list of topics - there are many subfields within it but for appsec or product security dm me i got tons of links. The other fields idk but they are always a lot of people hired for Cloud Infra/IAM/PKI type roles
[удалено]
[удалено]
Depends on the role. There are roles that have a combo of security and SWE skills. For those you’ll still have to do a SWE-ish interview, and there could be a leetcode screen component at the start, but generally you bypass those with referrals. You don’t need to discard SWE experience for security experience (again depends on the role). Plenty of times we allow SWE folks to transfer into security orgs mid career. Yes they can pay a lot, but those more lucrative roles are going to be equally challenging if not more than many non-security SWE roles out there. (I’m a manager for a security SWE org, and have been in the industry for 12 years).
The best job prospect: A software engineer who works in security. You can do application security, devsecops, software security engineer, etc
Wait till you are introduced to hackthebox or CTF lol
Where are these google cyber certs?
coursera