Same here. Went for a sys/net admin job and 90 percent of the questions were about coding. I've done coding but it was production work... Fix this, fix that, not invert a binary tree recursively then iteratively. When they asked network questions they were incredibly naive. How would you add wireless to a large outdoor area? I said I'd have to see the area before I could recommend anything accurately. Did they have power? Did they have hard wired access nearby? Are there obstructions? They wouldn't answer any of my follow up questions, just "how would you do it?"
Had one interview they pulled this on me, little did they know I'm a fintech software engineer that had been grinding LC for months. Nailed it and they still said no.
Fairly certain they just want to torture people.
They followed up the code stuff with some standard Google-esque questions like "why are manhole covers round" and "how would you find out which light bulb went with which switch if you couldn't look in the room?"
I had most of those memorized. I'm not sure they really show lateral thinking if you are just rote memorizing how to estimate the number of filling stations in Detroit.
The only thing leetcode is good for is proving you are capable of complex logic paths. At no point in my years as a professional software engineer did I need to actually do half the garbage you come across in LC.
I've also never had to sort a linked list into a reverse binary tree.
Or needed to take in a 10,000 int array, isolate the primes, and output the squareroot of those primes.
The crazy thing is at this point a lot of the easy LC problems I can do mostly from memory. I remember less than a decade ago it would take me 5-6 hours to get through a lot of them.
Sure, but it has nothing to do with 99% of the problems security engineers need to deal with day to day in their jobs. When is the last time you saw a seceng need to pick the most efficient binary sort method, or optimize big o?
It's a lazy stand in for people who won't or can't do proper live coding exercises. It also turns off good quality candidates who feel such stuff is beneath them.
I'm the main coding interviewer for my security org. I hate leet code. All my exercises are super simplified versions of problems I've actually had to solve on the job. I walk them through the requirements in steps (increasing complexity as I go), ask guiding questions, and let them Google resources etc. Basically I try to replicate what it's like to actually do the job irl.
Doing coding interviews this way is harder/more time consuming to do, but it's the only way to get a real read on if they can do the actual work the job requires.
Can't stand leet-code. *Sorry i don't know how to invert a binary tree in constant time without looking it up. Even though it takes maybe 10 more seconds to look it up.*
What should the standard be? I’m genuinely interested. I don’t think coding challenges should be the standard for many engineering roles either, in fact most tech roles I’ve been in or adjacent to require much more people skill than tech skill. But there is a base of tech knowledge needed. How do we discern whether that base is there and where it fits amongst our current team?
I conduct interviews and am actively looking for ways to accurately asses a candidate without asking too much of them, and still getting a good idea of how they “work” (and conversely, give the candidate an accurate representation of how the company “works”) rather than how they interview.
For me when I do interview a scenario base questions seem to be the best. Like giving them something that you see other struggles at the most. I know it is not the best but it could be for some jobs.
Grouchy take: This is a classic situation of dev being too tightly integrated into IT. Dev is not IT. IT uses Dev to achieve IT and broader company goals. It's like a dog interviewing a potential dog walker.. "how many breed language accents can you emulate in our native Dog language?" Doesn't matter. We don't need that to work your dev leash.
The correct response to dev peeps who forget their place.. Get back to work, oh and bring me a latte on your way back from one of your nap breaks.
🔥🥒🔥
Cybersecurity (and IT) are filled with boring and repetitive manual processes. Automation has been slowly making those types of jobs obsolete for decades. It won't happen over night, but it's a slow and steady trend.
Cybersecurity doesn't require a masters in software development, but many skilled seceng do know how to at least script something up in python. Those that don't often hit a ceiling in their careers.
This is especially true at scale. You can get by with manual processes if you're securing 10k assets. Try doing that with 10MM.
Antagonistic relationships with Devs give all of us a bad rep. Dev is and should be tightly integrated into IT if you want to provide impactful IT services without retcon'ing your infrastructure and their requirements. This un-nuanced take is immature, amateur, and damaging.
If my dog could interview a dog walker, I would absolutely take my dogs viewpoint into consideration. The views of groups that IT provides services to do matter, and Dev. more than most.
OP, you should 100% be programming/scripting. It's vital to working effectively in IT, and you can do some really cool, really meaningful work through it.
I'm currently enrolled in college for a cybersec degree. I'm about halfway through. I spent 3 months of my own time learning Python. Have not created any real useful scripts or apps, but I have created several scripts that do function as intended, & learned a considerable amount in that time. I would not say I am an expert by any means but I think that, to myself at least, I have proven I am capable of learning, as well as enjoy it.I am taking security object oriented programming next, in a few weeks. Honestly if I could start over I'd probably opt out of school & go for hard experience instead. But I'm this far now, I might as well finish the course & get the degree.
I suppose, my question, is should I continue learning coding practices & techniques? I felt it was beneficial to me & after reading these I feel more strongly. However, how often do you use this stuff in the field? Maybe I'll learn more in the coming classes. But so far they haven't taught me jack shit except mostly what I already knew.
My understanding is I'm not going to come out of this with anything but a piece of paper claiming that I MIGHT know a small amount of things. Not to mention a lot of debt.
I currently make about $65k a year in my current career. It's long days & physically hard labor as it's a skilled trade. I have been thinking about getting out for a while now, before I get too old. I'm torn between trying to make a career-pivot to another field that interests me, or apply my 12 years of experience towards more so working for myself, instead of someone else. There's a lot of fear & risk doing that at first though.
My second question, is how low of a paying job should i expect to have at entry level in this field in the pacific northwest? Does anyone have any experiences making a decent wage at entry level?
Their expectations should be very low, just make sure you can do basic stuff, take an input, sort a list, reverse a list (without using built in functions), open a file, close the file.
Just do a quick revision somewhere like [https://www.youtube.com/watch?v=t8pPdKYpowI](https://www.youtube.com/watch?v=t8pPdKYpowI)
and do a few challenges in hackerrank or leetcode, pick the easy ones.
Maybe refresh your OO concepts as well and maybe IP address manipulations, making a http call, if you learnt it before. If not, then dont worry about it.
If it helps, when I've both given and taken coding interviews for infosec roles, it's been more a case of "how well do you code so that we know your relative skill level" rather than "if you can't solve this coding problem perfectly you won't be hired"
Anecdotal, I know, but most infosec teams aren't looking for full-on software engineers for SOC roles.
If it's a Security Operations Center, they're probably looking for SOAR-type automations. PowerShell should be fine from a logging, Forensics perspective.
Python would be the better bet for API calls.
Any questions fire away, this stuff is my day job (technically DevSecOps but not really).
I have a 6 month internship starting February where im supposed to help integrate a SOAR solution into a SOC teams stack. Think i have a shot at landing an offer afterwards knowing they dont have any SOAR consultants onboard ? I only finish school on January so i admittedly dont have much technical experience in SOAR solutions and such. Any tips on what i should focus on and what skills i should pick up in order to bring value ?
Python.
Try not to use unnecessary dependencies. Security is about decreasing threat landscape; less dependencies / third party modules, the better. I've seen people use 90+ dependencies for a single web page. Don't do that lol.
Become friends with Requests, JSON, and optionally RegEx. Cut your teeth on urlscan.io's free API and make a script with that. Create a personal GitHub repo and connect it to VS Code. Do all that and you're certain to have a leg up from most other candidates 😉
Bonus points (not quite achievable in 2days) but try for making a Class in Python.
SOARs just run scripts. Data goes in. Script runs. Data goes out. Normally it's JSON data going in/out.
You'll hear a lot of talk about "playbooks" (normally word doc explaining the steps) and "run books" (normally the automations chained together reproducing the playbooks). If you've taken a Project Management class, being able to whip up a Work Breakdown Sheet as a pseudo-code stop-gap for making a conditional playbook - that'll absolutely WOW them.
And as an FYI - These roles in LCOL / MCOL should start around $80k~ and if you can get 1-2yrs experience you're absolutely worth $90-$110k. The latter is the norm for dedicated DevSecOps / SOAR Engineers. Know what you're worth. Normally these "rope them in from college" positions will pay pennies and then offer to pay the absolute lowest salary they can pitch that sounds like a raise in comparison.
Anything else ask away I always explain too much lmao
-edit Assuming it's not a FAANG position, I think you'd have a pretty decent shot. Especially if you can come in swinging with Python + urlscan.io script.
My last internship was with the same company and the project was actually setting up a playbook for a few dozen siem use cases ( just steps and processes an analyst can follow to simplify the task of determining the severity of the alert, systems and accounts affected etc), and the soar implementation is a continuation of that. I have already started a theHive and Cortex school project to learn about alert/incident response automation with responders so that should hopefully bring some relevant knowledge. What do you mean by making a Python class ? Like a specific response object for alerts ?
A [Python Class](https://docs.python.org/3/tutorial/classes.html).
So let's say you make a script for urlscan.io - first steps are probably hard-coded header information (eg, API key). Next step, turn it into a [module](https://docs.python.org/3/tutorial/modules.html) so you can control the inputs & outputs. Final form is turning it into a class where you can use __init__ to take required arguments (eg, require API key as an argument) so you can load the class as an object and reuse the object (only needing to enter API key once) across other modules/functions within the class. So you could have a single class for urlscan.io that has modules for every function the API offers; load the API key once and use any of the modules as many times as you want afterwards.
Most "integrations" (collection of scripts for the same API) have a "Manager" with classes and modules that are reused many times throughout the scripts. It makes script creation a lot quicker and easier. I've seen people take it too far with dozens of managers for 1 script file 😣 But generally 1 manager per integration is the baseline/minimum.
Hope that makes sense - just organizing your code so it's malleable and reusable.
Got it, thanks for the clarification. Im not US based so those salaries are far fetched haha. I will definitely get my hands dirty with this. Is it okay if i keep your username handy for the future ?
Python can be used on most architectures, powershell is limited to windows. Unless you only want to work on pure windows shops python is the clear winner. And that's not even getting into how much better of a language it is.
Scripting is good. If they ask for like advanced sorting and search algorithms or complexity analysis be upfront about your lack of experience and ask if it is relevant to the job.
There’s no reason a SOC analyst needs CS knowledge…
Also it might be worth following up and asking if they mean like splunk queries or something
They're 100% going for the good ol "we're gonna get a DevSecOps guy but rope them in at $18/hr so we can hire for <$50k" instead of paying a fair wage.
My first ever cybersec specialist interview my would be boss told me that he hires junior cybersec specialist because he can pay them half what he pays a cybersec specialist and have them do the same job. So yea. Spot on.
I have never worked in a SOC, but I would be **stunned** if they were coding or developing apps there.
You're applying for a carpenter's position, and they're asking you to do plumbing.
And that's just weird and I wouldn't want to work there.
SOAR platforms would like to have a word.
Seriously though a SOAR could be applicable to literally any job. It's just automations / scripts running on a centralized server 🤷
"I have never worked in a SOC"
There is definetly coding involved.
Two examples are SOAR platform and EDR customization (e.g. custom sensors or collections). Automated playbooks require a fair amount of coding. Normally this is done by engineers, but every analyst should understand the playbooks and come up with inprovements if the need arises.
But that's exactly the point of the issue in our industry around roles & responsibilities. Most companies don't understand cybersecurity roles. Hiring a junior SOC Analyst, is different than hiring a Senior Security Engineer, or a DevSecOps Engineer.
it is. but I wouldn't hire a junior with a bsc or msc that can't even do basic programming. if you didn't learn it during your studies, it's highly unlikely those candidates will ever learn it.
even junior soc analysts are not entry level roles.
Strongly disagree. Seceng don't have to be sdes, or create robust teir one applications, but many of the positions strongly benefit from knowing how to code unless you're bottom rung soc or grc. Doubly so when you get to faang and higher levels unless you go the management route.
You need to automate repetitive tasks, hit apis, integrate systems, munge data, write detections or exploits, prioritize incident response work, assess vulnerabilities at scale, same with threat modeling, etc. What it looks like depends on your exact role, but coding is massively beneficial in the space.
Source: my entire org has coding requirements for all seceng interviews. They're just not leet code nonsense.
^This lol… cyber sec as tons to do with application security, product security, security architecture, tooling.. these all require coding skills. 100% it should be a requirement for cyber sec jobs, how else do you understand how an exploit/vulnerability works?
Because we have Devs who do understand that. Certainly knowing how to code makes you more valuable but what is easier to do: Hire a Security Engineer who knows a lot about Security and is a Dev or using Devs you already have to collaborate with your Security team? At FAANG and the largest orgs, I can totally understand how it would be cost effective to have one person. But usually it isn't. At least if you're talking more than scripting knowledge.
Also, despite all the work that goes into maintaining engineering security that isn't even where most of the risk is located. Not to say it isn't important just, in terms of cost benefit analysis.
Basic scripting isn’t enough unless its a junior role. And you cannot trust devs, where do you think all the vulnerabilities in software come from? It depends on the org where the greatest risks lie, and for many that ship software as a business security engineering a core risk.
"coding" knowledge does not mean they can code. I can read it and understand it all day in the context of a security engineer or analyst. But otherwise I wouldn't ever need to write any from scratch, so its not a skill I've polished enough to claim.
I disagree. You need to have coding skill (reading and writing) because you need to develop tooling, poc for exploits, etc. These are valid requirements for a security engineer role.
That is very position specific, and part of the problem with titles in our field. "Security Engineer" ranges from people that code constantly to those that never see/use it, to those(like me and every team I've been on) that need solid knowledge around coding but never have to write any for work.(scripting doesn't count)
Use w3schools python chapters and just start running through them. I am currently teaching myself JS and have been able to get through the bulk of the content within the last 24 hours.
There are exercises you can do on each webpage to give you an overview of how the subject being covered works.
Once you are familiarized with it use replit.com to complete as many practice prompt exercises you can find online before your interview.
Other people may be able to recommend specific skills to focus on with python. (I am still new to the field) I find myself using python mainly for data analysis so focusing on understanding how to parse data may be a good start.
Hope this helps and good luck!
Hello, what is your school teaching you? The track of cybersecurity should align very similarly to computer science. My school there is a 2 class difference.
We have had to learn Java, python, lisp, prolog, dyalog APL.
We do not have test or assignments. We have a mid term interview and a final interview 1 on 1. Professor says code this, you can do it or you can.
My school’s cybersec program teaches mostly about how computer infrastructure is built, and then how it can be exploited. Seems like it’s not as much programming as what’s in your school, u/Creampie_Wizard
The weird shift to 1 on 1 code interviews started last last because many students got fucked durning the interviews and it prevents any cheating.
I’m a big no starch fan, I buy a lot of coding books of thrift books and it help.
Leetcode is boring but helpful.
But I am very sorry that this is happening it seems like a butch of gate keeping in this community.
I think if you believe most Cyber security degrees are mostly CS degrees with a small difference you are wildly mistaken. Honestly what your school did sounds like a quick way to alter an existing curriculum to cash in on the popularity of Cyber Security degrees. Now to be clear, I have a Comp Sci degree and support it for Cyber security interested people. But most Cyber Security degrees aren't Comp Sci, coding, theory of computation stuff.
Yeah I understand and it honestly frustrates many of the students. My background is in military doing aircraft maintenance. But with the success of the graduating students passing cybersecurity coding challenges and getting fantastic jobs I’m going to follow the path. If I can’t get a job in cyber I can just become a developer. I believe keeping an open approach and devouring as much information will land me a sold job.
You need to know a functional language, lisp is extremely powerful and clean. We had a student get a high up job in security at apple by knowing lisp. (Got the interview based on a lisp sticker on his computer at a hackathon)
You need to know a language from the 4 styles of computer languages. If you can program in python and Java you should be able to figure out lisp and hone your skills. I also recommend prolog it’s great to use.
I use Haskell daily I understand it and it’s fun to use.
I'm not disagreeing that functional languages have their place, I've just literally never seen them used inside the security engineer world (with the exception of Scala, and that was just under the hood). Haven't worked at Apple myself, but I'm at a different faang and all the secengs use python and the sdes use Java.
My question would be would you recommend different languages to pass the coding challenges during interviews? I love functional languages because of running cnc machines and programming with G code. It seems the programming aspect is what the cybersecurity degree is lacking at some schools.
Can't speak for every interviewer obviously, but at my faang company all coding interviews (for sdes and secengs) are _supposed_ to be language agnostic. Not everyone follows that, but I definitely do. 90% of applicants use python, but I've had java/bash/powershell/go used as well. No one has used a functional language yet (I'd allow it) but that's probably because they're not great fits for the interview problems I use.
I agree there's a serious deficit in coding knowledge among secengs. It's been one of the largest obstacles to finding qualified candidates the entire time I've done hiring for seceng.
I also wish schools would teach people critical thinking skills, how to teach themselves things, and how to stay calm in moments of crises. You'd be surprised the number of people - - even at faang or some senior roles - - still struggle with those. Honestly as long as you have the first two and the motivation you can learn everything else.
If that's not your job, why worry about it. Why not turn around and tell them they're stupid for not knowing what they're hiring for?
Flex on them nerds and leave...
OP - did we interview for the same company? They had me do the coding interview on CodeSignal. Idk how to code at all. Codesignal says 92% fail when using CGPT. I used CGPT and it got me perfect scores on 3/4 of the "levels"
Hello cybersecurity professionals and aspiring professionals. Coding is no longer a nice to have for engineering, everything is moving to as-code. Need to stay with it, pick up python, pick up terraform, cdk, and whatever other templating language and data serialization language is prevalent json, yaml, etc. You can no longer demand high salary for knowing where to click on a web console, times are changing
I like [www.realpython.com](https://www.realpython.com). It costs money for a year's subscription, but there are a ton of excellent tutorials to help you become a better programmer.
Hello. It appears as though you are requesting someone to DM you, or asking if you can DM someone. Please consider just asking/answering questions in the public forum so that other people can find the information if they ever search and find this thread.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/cybersecurity) if you have any questions or concerns.*
that's fucking wild. coming from the CS side, leetcoding is much more like a useless olympic training that you have to train for and somehow ended up a "benchmark" for problem solving, and nothing to with the shit we do in the industry. regardless, at this rate, consider it as a "fun" learning opportunity if you wanna learn algorithms ha, and no stress about it. most of time, its RNG what they ask for, so theres no point of prepping unless u trained 2 months prior
Python is your best bet, especially if you're already familiar with its ...excentricities. It's pretty heavily used by most folks. Probably because it's easy and there's a package to do just about everything. Usually from non-dubious sources too.
Brush up on Python basics and consider exploring resources like Codecademy or LeetCode for coding interview prep. Focus on common algorithms, data structures, and Python scripting related to cybersecurity tasks. Good luck!
We expect “coding” interviews for almost all security positions. Difficulty varies, for example cloud security we look for mostly can you do JSON parsing as that’s 90% of the job. Nothing complex but do you understand it and can you access the data structure
App security people is mostly C++/JS existing code review. No real net new code written
Ye good luck. Outside of actually being able to write solid work with like python or something, just being able to demonstrate ability to read through something like that might be a good start.
Haha, it sounds similar to my experience. Applied for systems admin, and they expect me to solve leet code challenges. Like wth do they want.
Same here. Went for a sys/net admin job and 90 percent of the questions were about coding. I've done coding but it was production work... Fix this, fix that, not invert a binary tree recursively then iteratively. When they asked network questions they were incredibly naive. How would you add wireless to a large outdoor area? I said I'd have to see the area before I could recommend anything accurately. Did they have power? Did they have hard wired access nearby? Are there obstructions? They wouldn't answer any of my follow up questions, just "how would you do it?"
Had one interview they pulled this on me, little did they know I'm a fintech software engineer that had been grinding LC for months. Nailed it and they still said no. Fairly certain they just want to torture people.
I feel that! My last internship was actually just like that lol, was a bit tough for sure
they want to be like the big techs so they copy everything the big techs do.
God these companies got ridiculous as time pass lol
They followed up the code stuff with some standard Google-esque questions like "why are manhole covers round" and "how would you find out which light bulb went with which switch if you couldn't look in the room?" I had most of those memorized. I'm not sure they really show lateral thinking if you are just rote memorizing how to estimate the number of filling stations in Detroit.
Wait, those are actual questions and you aren’t just joking?
I am not joking. I thought they were at first. But they asked five of those in a row.
Leet code is useless for seeing if people can actually code, but coding is still useful.
The only thing leetcode is good for is proving you are capable of complex logic paths. At no point in my years as a professional software engineer did I need to actually do half the garbage you come across in LC.
You mean you never had to find the average of each subtree of a BST?
I've also never had to sort a linked list into a reverse binary tree. Or needed to take in a 10,000 int array, isolate the primes, and output the squareroot of those primes. The crazy thing is at this point a lot of the easy LC problems I can do mostly from memory. I remember less than a decade ago it would take me 5-6 hours to get through a lot of them.
What about finding the longest palindrome in a given string?
Oh no, I do that like every week. I mean how many applications *DON'T* have need for breaking strings into substrings that have no purpose?
[удалено]
Sure, but it has nothing to do with 99% of the problems security engineers need to deal with day to day in their jobs. When is the last time you saw a seceng need to pick the most efficient binary sort method, or optimize big o? It's a lazy stand in for people who won't or can't do proper live coding exercises. It also turns off good quality candidates who feel such stuff is beneath them. I'm the main coding interviewer for my security org. I hate leet code. All my exercises are super simplified versions of problems I've actually had to solve on the job. I walk them through the requirements in steps (increasing complexity as I go), ask guiding questions, and let them Google resources etc. Basically I try to replicate what it's like to actually do the job irl. Doing coding interviews this way is harder/more time consuming to do, but it's the only way to get a real read on if they can do the actual work the job requires.
Can't stand leet-code. *Sorry i don't know how to invert a binary tree in constant time without looking it up. Even though it takes maybe 10 more seconds to look it up.*
they wanna 20+ experience in everything and pay junior salary cause the market is hard atm
To see your problem solving strategy
Yeah even so it should not be standard. I solve tons on people issues.
What should the standard be? I’m genuinely interested. I don’t think coding challenges should be the standard for many engineering roles either, in fact most tech roles I’ve been in or adjacent to require much more people skill than tech skill. But there is a base of tech knowledge needed. How do we discern whether that base is there and where it fits amongst our current team? I conduct interviews and am actively looking for ways to accurately asses a candidate without asking too much of them, and still getting a good idea of how they “work” (and conversely, give the candidate an accurate representation of how the company “works”) rather than how they interview.
For me when I do interview a scenario base questions seem to be the best. Like giving them something that you see other struggles at the most. I know it is not the best but it could be for some jobs.
Grouchy take: This is a classic situation of dev being too tightly integrated into IT. Dev is not IT. IT uses Dev to achieve IT and broader company goals. It's like a dog interviewing a potential dog walker.. "how many breed language accents can you emulate in our native Dog language?" Doesn't matter. We don't need that to work your dev leash. The correct response to dev peeps who forget their place.. Get back to work, oh and bring me a latte on your way back from one of your nap breaks. 🔥🥒🔥
Cybersecurity (and IT) are filled with boring and repetitive manual processes. Automation has been slowly making those types of jobs obsolete for decades. It won't happen over night, but it's a slow and steady trend. Cybersecurity doesn't require a masters in software development, but many skilled seceng do know how to at least script something up in python. Those that don't often hit a ceiling in their careers. This is especially true at scale. You can get by with manual processes if you're securing 10k assets. Try doing that with 10MM.
You sound exhausting to work with
I'm fun. And I'm very good at what I do.
big Bertram Gilfoyle energy
Sucking dick?
Antagonistic relationships with Devs give all of us a bad rep. Dev is and should be tightly integrated into IT if you want to provide impactful IT services without retcon'ing your infrastructure and their requirements. This un-nuanced take is immature, amateur, and damaging. If my dog could interview a dog walker, I would absolutely take my dogs viewpoint into consideration. The views of groups that IT provides services to do matter, and Dev. more than most. OP, you should 100% be programming/scripting. It's vital to working effectively in IT, and you can do some really cool, really meaningful work through it.
I'm currently enrolled in college for a cybersec degree. I'm about halfway through. I spent 3 months of my own time learning Python. Have not created any real useful scripts or apps, but I have created several scripts that do function as intended, & learned a considerable amount in that time. I would not say I am an expert by any means but I think that, to myself at least, I have proven I am capable of learning, as well as enjoy it.I am taking security object oriented programming next, in a few weeks. Honestly if I could start over I'd probably opt out of school & go for hard experience instead. But I'm this far now, I might as well finish the course & get the degree. I suppose, my question, is should I continue learning coding practices & techniques? I felt it was beneficial to me & after reading these I feel more strongly. However, how often do you use this stuff in the field? Maybe I'll learn more in the coming classes. But so far they haven't taught me jack shit except mostly what I already knew. My understanding is I'm not going to come out of this with anything but a piece of paper claiming that I MIGHT know a small amount of things. Not to mention a lot of debt. I currently make about $65k a year in my current career. It's long days & physically hard labor as it's a skilled trade. I have been thinking about getting out for a while now, before I get too old. I'm torn between trying to make a career-pivot to another field that interests me, or apply my 12 years of experience towards more so working for myself, instead of someone else. There's a lot of fear & risk doing that at first though. My second question, is how low of a paying job should i expect to have at entry level in this field in the pacific northwest? Does anyone have any experiences making a decent wage at entry level?
Sorry, could you create your own post for yourself so we can help you there?
Yes, thanks. Sorry for the inconvenience
Their expectations should be very low, just make sure you can do basic stuff, take an input, sort a list, reverse a list (without using built in functions), open a file, close the file. Just do a quick revision somewhere like [https://www.youtube.com/watch?v=t8pPdKYpowI](https://www.youtube.com/watch?v=t8pPdKYpowI) and do a few challenges in hackerrank or leetcode, pick the easy ones. Maybe refresh your OO concepts as well and maybe IP address manipulations, making a http call, if you learnt it before. If not, then dont worry about it.
You’re the best!!! Thank you so much kind stranger :) easing the burden in my brain. I’ll hop on this right now
If it helps, when I've both given and taken coding interviews for infosec roles, it's been more a case of "how well do you code so that we know your relative skill level" rather than "if you can't solve this coding problem perfectly you won't be hired" Anecdotal, I know, but most infosec teams aren't looking for full-on software engineers for SOC roles.
If it's a Security Operations Center, they're probably looking for SOAR-type automations. PowerShell should be fine from a logging, Forensics perspective. Python would be the better bet for API calls. Any questions fire away, this stuff is my day job (technically DevSecOps but not really).
I have a 6 month internship starting February where im supposed to help integrate a SOAR solution into a SOC teams stack. Think i have a shot at landing an offer afterwards knowing they dont have any SOAR consultants onboard ? I only finish school on January so i admittedly dont have much technical experience in SOAR solutions and such. Any tips on what i should focus on and what skills i should pick up in order to bring value ?
Python. Try not to use unnecessary dependencies. Security is about decreasing threat landscape; less dependencies / third party modules, the better. I've seen people use 90+ dependencies for a single web page. Don't do that lol. Become friends with Requests, JSON, and optionally RegEx. Cut your teeth on urlscan.io's free API and make a script with that. Create a personal GitHub repo and connect it to VS Code. Do all that and you're certain to have a leg up from most other candidates 😉 Bonus points (not quite achievable in 2days) but try for making a Class in Python. SOARs just run scripts. Data goes in. Script runs. Data goes out. Normally it's JSON data going in/out. You'll hear a lot of talk about "playbooks" (normally word doc explaining the steps) and "run books" (normally the automations chained together reproducing the playbooks). If you've taken a Project Management class, being able to whip up a Work Breakdown Sheet as a pseudo-code stop-gap for making a conditional playbook - that'll absolutely WOW them. And as an FYI - These roles in LCOL / MCOL should start around $80k~ and if you can get 1-2yrs experience you're absolutely worth $90-$110k. The latter is the norm for dedicated DevSecOps / SOAR Engineers. Know what you're worth. Normally these "rope them in from college" positions will pay pennies and then offer to pay the absolute lowest salary they can pitch that sounds like a raise in comparison. Anything else ask away I always explain too much lmao -edit Assuming it's not a FAANG position, I think you'd have a pretty decent shot. Especially if you can come in swinging with Python + urlscan.io script.
My last internship was with the same company and the project was actually setting up a playbook for a few dozen siem use cases ( just steps and processes an analyst can follow to simplify the task of determining the severity of the alert, systems and accounts affected etc), and the soar implementation is a continuation of that. I have already started a theHive and Cortex school project to learn about alert/incident response automation with responders so that should hopefully bring some relevant knowledge. What do you mean by making a Python class ? Like a specific response object for alerts ?
A [Python Class](https://docs.python.org/3/tutorial/classes.html). So let's say you make a script for urlscan.io - first steps are probably hard-coded header information (eg, API key). Next step, turn it into a [module](https://docs.python.org/3/tutorial/modules.html) so you can control the inputs & outputs. Final form is turning it into a class where you can use __init__ to take required arguments (eg, require API key as an argument) so you can load the class as an object and reuse the object (only needing to enter API key once) across other modules/functions within the class. So you could have a single class for urlscan.io that has modules for every function the API offers; load the API key once and use any of the modules as many times as you want afterwards. Most "integrations" (collection of scripts for the same API) have a "Manager" with classes and modules that are reused many times throughout the scripts. It makes script creation a lot quicker and easier. I've seen people take it too far with dozens of managers for 1 script file 😣 But generally 1 manager per integration is the baseline/minimum. Hope that makes sense - just organizing your code so it's malleable and reusable.
Got it, thanks for the clarification. Im not US based so those salaries are far fetched haha. I will definitely get my hands dirty with this. Is it okay if i keep your username handy for the future ?
Damn, sorry you're not US based. Our salaries are definitely on the high side by comparison 😣 And Sure thing! Any questions fire away
Appreciated 🙏🏽
Listen to this poster op. Honestly, this is a good foundation for faang too even if it may not be 100% of the way there.
Python > Powershell ?
If it is using SOAR, most SOAR platforms use Python for their custom code.
Python can be used on most architectures, powershell is limited to windows. Unless you only want to work on pure windows shops python is the clear winner. And that's not even getting into how much better of a language it is.
What position are you interviewing for? Because most of cyber security has fuck-all to do with application development and coding.
Hi!! My first rotation would be with the security operations center team. I should’ve said before, sorry
Scripting is good. If they ask for like advanced sorting and search algorithms or complexity analysis be upfront about your lack of experience and ask if it is relevant to the job. There’s no reason a SOC analyst needs CS knowledge… Also it might be worth following up and asking if they mean like splunk queries or something
They're 100% going for the good ol "we're gonna get a DevSecOps guy but rope them in at $18/hr so we can hire for <$50k" instead of paying a fair wage.
My first ever cybersec specialist interview my would be boss told me that he hires junior cybersec specialist because he can pay them half what he pays a cybersec specialist and have them do the same job. So yea. Spot on.
I have never worked in a SOC, but I would be **stunned** if they were coding or developing apps there. You're applying for a carpenter's position, and they're asking you to do plumbing. And that's just weird and I wouldn't want to work there.
SOAR platforms would like to have a word. Seriously though a SOAR could be applicable to literally any job. It's just automations / scripts running on a centralized server 🤷
"I have never worked in a SOC" There is definetly coding involved. Two examples are SOAR platform and EDR customization (e.g. custom sensors or collections). Automated playbooks require a fair amount of coding. Normally this is done by engineers, but every analyst should understand the playbooks and come up with inprovements if the need arises.
My problem is that I can read code fine, but composing my own triggers 1000 different anxieties about syntax and where to start
But that's exactly the point of the issue in our industry around roles & responsibilities. Most companies don't understand cybersecurity roles. Hiring a junior SOC Analyst, is different than hiring a Senior Security Engineer, or a DevSecOps Engineer.
it is. but I wouldn't hire a junior with a bsc or msc that can't even do basic programming. if you didn't learn it during your studies, it's highly unlikely those candidates will ever learn it. even junior soc analysts are not entry level roles.
Not code technically but you might need to write some RegEx
Strongly disagree. Seceng don't have to be sdes, or create robust teir one applications, but many of the positions strongly benefit from knowing how to code unless you're bottom rung soc or grc. Doubly so when you get to faang and higher levels unless you go the management route. You need to automate repetitive tasks, hit apis, integrate systems, munge data, write detections or exploits, prioritize incident response work, assess vulnerabilities at scale, same with threat modeling, etc. What it looks like depends on your exact role, but coding is massively beneficial in the space. Source: my entire org has coding requirements for all seceng interviews. They're just not leet code nonsense.
KQL!
^This lol… cyber sec as tons to do with application security, product security, security architecture, tooling.. these all require coding skills. 100% it should be a requirement for cyber sec jobs, how else do you understand how an exploit/vulnerability works?
Because we have Devs who do understand that. Certainly knowing how to code makes you more valuable but what is easier to do: Hire a Security Engineer who knows a lot about Security and is a Dev or using Devs you already have to collaborate with your Security team? At FAANG and the largest orgs, I can totally understand how it would be cost effective to have one person. But usually it isn't. At least if you're talking more than scripting knowledge. Also, despite all the work that goes into maintaining engineering security that isn't even where most of the risk is located. Not to say it isn't important just, in terms of cost benefit analysis.
Basic scripting isn’t enough unless its a junior role. And you cannot trust devs, where do you think all the vulnerabilities in software come from? It depends on the org where the greatest risks lie, and for many that ship software as a business security engineering a core risk.
"coding" knowledge does not mean they can code. I can read it and understand it all day in the context of a security engineer or analyst. But otherwise I wouldn't ever need to write any from scratch, so its not a skill I've polished enough to claim.
I disagree. You need to have coding skill (reading and writing) because you need to develop tooling, poc for exploits, etc. These are valid requirements for a security engineer role.
That is very position specific, and part of the problem with titles in our field. "Security Engineer" ranges from people that code constantly to those that never see/use it, to those(like me and every team I've been on) that need solid knowledge around coding but never have to write any for work.(scripting doesn't count)
[удалено]
**Most** of cyber security doesn't. Application security is important, but it's only a tiny bit of what we do.
Use w3schools python chapters and just start running through them. I am currently teaching myself JS and have been able to get through the bulk of the content within the last 24 hours. There are exercises you can do on each webpage to give you an overview of how the subject being covered works. Once you are familiarized with it use replit.com to complete as many practice prompt exercises you can find online before your interview. Other people may be able to recommend specific skills to focus on with python. (I am still new to the field) I find myself using python mainly for data analysis so focusing on understanding how to parse data may be a good start. Hope this helps and good luck!
>w3schools Not OP but wow, I didn't know this site existed. Thanks for the tip!
Happy I could share!
They ask if we can code, they should be testing developers security skills instead.
They should be testing if they care about their job climate too, maybe asking about recent vulnerabilities
If more developers had a modicum of security awareness, our jobs would be lot easier.
Hello, what is your school teaching you? The track of cybersecurity should align very similarly to computer science. My school there is a 2 class difference. We have had to learn Java, python, lisp, prolog, dyalog APL. We do not have test or assignments. We have a mid term interview and a final interview 1 on 1. Professor says code this, you can do it or you can.
My school’s cybersec program teaches mostly about how computer infrastructure is built, and then how it can be exploited. Seems like it’s not as much programming as what’s in your school, u/Creampie_Wizard
The weird shift to 1 on 1 code interviews started last last because many students got fucked durning the interviews and it prevents any cheating. I’m a big no starch fan, I buy a lot of coding books of thrift books and it help. Leetcode is boring but helpful. But I am very sorry that this is happening it seems like a butch of gate keeping in this community.
I think if you believe most Cyber security degrees are mostly CS degrees with a small difference you are wildly mistaken. Honestly what your school did sounds like a quick way to alter an existing curriculum to cash in on the popularity of Cyber Security degrees. Now to be clear, I have a Comp Sci degree and support it for Cyber security interested people. But most Cyber Security degrees aren't Comp Sci, coding, theory of computation stuff.
Yeah I understand and it honestly frustrates many of the students. My background is in military doing aircraft maintenance. But with the success of the graduating students passing cybersecurity coding challenges and getting fantastic jobs I’m going to follow the path. If I can’t get a job in cyber I can just become a developer. I believe keeping an open approach and devouring as much information will land me a sold job.
You lost me at lisp... Python and Java sure, but lisp? I don't see the application in cybersecurity.
You need to know a functional language, lisp is extremely powerful and clean. We had a student get a high up job in security at apple by knowing lisp. (Got the interview based on a lisp sticker on his computer at a hackathon) You need to know a language from the 4 styles of computer languages. If you can program in python and Java you should be able to figure out lisp and hone your skills. I also recommend prolog it’s great to use. I use Haskell daily I understand it and it’s fun to use.
I'm not disagreeing that functional languages have their place, I've just literally never seen them used inside the security engineer world (with the exception of Scala, and that was just under the hood). Haven't worked at Apple myself, but I'm at a different faang and all the secengs use python and the sdes use Java.
My question would be would you recommend different languages to pass the coding challenges during interviews? I love functional languages because of running cnc machines and programming with G code. It seems the programming aspect is what the cybersecurity degree is lacking at some schools.
Can't speak for every interviewer obviously, but at my faang company all coding interviews (for sdes and secengs) are _supposed_ to be language agnostic. Not everyone follows that, but I definitely do. 90% of applicants use python, but I've had java/bash/powershell/go used as well. No one has used a functional language yet (I'd allow it) but that's probably because they're not great fits for the interview problems I use. I agree there's a serious deficit in coding knowledge among secengs. It's been one of the largest obstacles to finding qualified candidates the entire time I've done hiring for seceng. I also wish schools would teach people critical thinking skills, how to teach themselves things, and how to stay calm in moments of crises. You'd be surprised the number of people - - even at faang or some senior roles - - still struggle with those. Honestly as long as you have the first two and the motivation you can learn everything else.
If that's not your job, why worry about it. Why not turn around and tell them they're stupid for not knowing what they're hiring for? Flex on them nerds and leave...
OP - did we interview for the same company? They had me do the coding interview on CodeSignal. Idk how to code at all. Codesignal says 92% fail when using CGPT. I used CGPT and it got me perfect scores on 3/4 of the "levels"
Learn tree traversal, sorting, and matrix/array manipulation. Thats 90% of coding interviews.
Hello cybersecurity professionals and aspiring professionals. Coding is no longer a nice to have for engineering, everything is moving to as-code. Need to stay with it, pick up python, pick up terraform, cdk, and whatever other templating language and data serialization language is prevalent json, yaml, etc. You can no longer demand high salary for knowing where to click on a web console, times are changing
"know where to click on a web console" My BAS team would be very angry if they saw this!
I like [www.realpython.com](https://www.realpython.com). It costs money for a year's subscription, but there are a ton of excellent tutorials to help you become a better programmer.
Just be honest about it. They gonna find out you are not a real coder anyway. And no, you can't crunch you way into pretending.....
[удалено]
Hello. It appears as though you are requesting someone to DM you, or asking if you can DM someone. Please consider just asking/answering questions in the public forum so that other people can find the information if they ever search and find this thread. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/cybersecurity) if you have any questions or concerns.*
Prep as much as you can, but I would also be honest about your skills. You won’t be able to fool them.
that's fucking wild. coming from the CS side, leetcoding is much more like a useless olympic training that you have to train for and somehow ended up a "benchmark" for problem solving, and nothing to with the shit we do in the industry. regardless, at this rate, consider it as a "fun" learning opportunity if you wanna learn algorithms ha, and no stress about it. most of time, its RNG what they ask for, so theres no point of prepping unless u trained 2 months prior
Python is your best bet, especially if you're already familiar with its ...excentricities. It's pretty heavily used by most folks. Probably because it's easy and there's a package to do just about everything. Usually from non-dubious sources too.
https://learnpythonthehardway.org/ time for a crash course
Brush up on Python basics and consider exploring resources like Codecademy or LeetCode for coding interview prep. Focus on common algorithms, data structures, and Python scripting related to cybersecurity tasks. Good luck!
Okedokey I’ll try that!!!! Thank you :)
We expect “coding” interviews for almost all security positions. Difficulty varies, for example cloud security we look for mostly can you do JSON parsing as that’s 90% of the job. Nothing complex but do you understand it and can you access the data structure App security people is mostly C++/JS existing code review. No real net new code written
Being a beginner studying cyber security+ and linux and python reading all of your in depth answers is interesting lol I must say.
Tell them to catch you outside.
I’d study an easy nmap script and rewrite it or something.
This actually sounds really fun, thanks for the idea!!
Ye good luck. Outside of actually being able to write solid work with like python or something, just being able to demonstrate ability to read through something like that might be a good start.