Do you need to learn to code to work in cybersecurity?

Are you interested in a career in information security? It's normal to wonder how long you would spend learning different skills to get there, especially coding. But, allow me to be brutally honest here: asking if you need to code to work in security is like asking if you need to learn to cook to work in a restaurant.

No, you don't need to learn to code. But I think you're starting with the wrong mindset.

Let me explain. When I first started in security, I was paired with another intern. In the early days, people would ask us why we applied for the internship. I responded "Mr Robot". My colleague? "I don't like to code". That always sounded odd to me. Doesn't he know he will be spending his days talking about other people's code anyway? Guess who got hired at the end.

Nowadays, I see an industry on LinkedIn dedicated to encouraging aspiring cybersecurity professionals to "break into" the field with self-learning tips. Many of these influencers sell training modules, of course. The messaging remains: "You don't have to be technical!", "Many sectors don't require you to code in security!" Yes, but the optimistic tone sets the wrong expectations! It's not a profession where all you need is good people skills and to show up on time: some computers malfunction when they receive funky inputs, and your job is to either fix them or evaluate how much it will cost to do it. In the end, it's always about code and computers.

The irony is that I work in the part of security which does not require in-depth technical knowledge: compliance. Despite never having read a line of code, I know many talented individuals who thrive in the sector. Yet they all show passion for data and technology and don't shy away from discussions about encryption ciphers or functional tests.

Can a restaurant staff be truly fulfilled by their work if they don't like food? Sure, they may not be able to cook, or even read the recipes, but one has to feel the satisfaction of seeing people having a pleasant meal, don't they?

If writing code does not interest you, mustn't you at least be curious about the intricacies of computing systems? I sure hope you do, because all your day-to-day discussions will focus on virtual machines, API gateways, and volatile memory allocation.

Where am I trying to get? Cybersecurity at its core addresses technological concerns. If an individual does not have passion for this aspect, I believe they will not sustain the hardships of the job, which I've documented.

Coding is a sticking point. I get it. Coding is not the same as "interest in technology". My biggest surprise as an inexperienced teacher was seeing my students struggle with my coding assignments. Code punishes. If the script does not run, it's a failure; same as a car that does not ignite. I had to question my belief that a cybersecurity analyst needed good programming skills to perform in the job market.

What is my conclusion? I still see coding as a fundamental asset. If this skill set truly does not interest you, which alternatives can you bring to the table? Negotiation skills, business acumen, legal knowledge, process automation, and human psychology are some examples I can think of. But it would be best if you also made peace with the limited options of "non-coding" cybersecurity professionals.

Yes, security might look attractive thanks to the hacking culture. A TV show drew me in! But it's the technology problems that keep me going. How about you? What drew you in? Or what sustains your passion?