Cyber-skill Gap: Why Cybersecurity Practitioners Need to Know Python!
We interviewed a few Cybersecurity, Cloud Computing and Application Security Managers from different organizations for our Cybr Podcast. One of the skills everyone felt was important to succeed in cybersecurity was Python.
Over the past two years – and in the past two months – I’ve heard this from Network IT Managers, to Network Admins, Cloud Engineers, seasoned Cybersec professionals, leaders and students. Everyone sees “Python” as a key skill to build.
The good news is that apparently any experienced programmer can learn Python pretty quickly, according to python.org, and it’s supposed to be easy for beginners learn as well!
What is Python?
Python is an open-source general-purpose programming language that some described as object-oriented scripting language that often gets applied in scripting roles. It’s designed to be easy to read and simple to implement. Since it’s free to use, anyone can modify or create extensions for the Python language, as well as use it for commercial applications.
- Python is considered a scripting language, like Ruby or Perl.
- You can use it to create Web sites, Web applications and GUI-based desktop applications.
- Developers can use it for front-end or back-end development projects, but people “typically use it for back-end development projects.
- You can focus on core functionality of the application by taking care of [and automating] common programming tasks.
Is Python a “Scripting Language”?
People often use the word “script” instead of “program” to describe a Python code file, but O’Reilly uses the terms “script” and “program” interchangeably, with a slight preference for “script” to describe a simpler top-level file, and “program” to refer to a more sophisticated multi-file application. That said, yes, it is a language that can be used to “create scripts”, but is it really just a “scripting language”?
People who have trained with O’Reilly over the last decade tend to think of the following when they hear Python being referred to as “a scripting language”:
- Shell tools – You can use Python to code operating-system-oriented scripts used to perform tasks such as processing text files and launching other programs. Python programs can and do serve such roles, but this is just one of dozens of common Python application domains. It is not just a better shell-script language. It’s more!
- Control language – Some think of scripting as a “glue” layer used to control and direct (i.e., script) other application components. In this case, you would deploy Python programs in the context of larger applications. For instance, to test hardware devices, Python programs may call out to components that give low-level access to a device. Similarly, programs may run bits of Python code at strategic points to support end-user product customization without having to ship and recompile the entire system’s source code. Python’s simplicity makes it a naturally flexible control tool, but it’s not just a control language.
- Ease of use – For most people a “scripting language” refers to a simple language used for quickly coding tasks. This definitely describes Python. Python enables much faster program development than compiled languages like C++. You can explore incremental programming using Python for faster, intermittent development cycles. That said, Python is not just for simple tasks. Rather, it makes tasks simple by its ease of use and flexibility. Python has a simple feature set that also allows programs to scale up in sophistication as needed, which makes it good for completing quick tactical tasks and longer-term strategic development projects.
So, is Python a scripting language? No. You can use this fast, flexible programming language for “scripting” as a mode of development, but it’s definitely not the only application domain in which it can be used.
Python is Popular!
In a recent survey, 84% of Python users in our survey use Python as their main language, while for 16% it’s their secondary language.
Check out some additional usage statistics here, or find more information on global adoption of Python in this Cybr blog!
Why is Python Popular With Your Peers?
I’ve read a number of other position papers, blogs and interviews, and it appears that in addition to being “easy to learn”, even as a first language, Python’s versatility is the characteristic that makes it a popular, useful and sought-after skill. People like that it can be used to accomplish so many things and support so many different use cases, requirements and environments.
You can use Python to support web and game development, machine learning, artificial intelligence, scientific computing and academic research. Some even said that “Python is the only major programming language that makes machine learning easy.”
Because you can use Python at almost every stage of a development project – from using it to create the application, test it, and prepare the project environment – a single skilled Python developer could address the entire software development lifecycle from start to finish.
It enables developers to perform more activities at a higher rate, which means Python can require fewer developers to support a project. Of course, that means reduced project costs, faster project completion, and more cost-effective maintenance and support.
Most developers use it for both work-related and personal projects!
Different Perspectives on Python’s Popularity & Why People Us It!
I wanted to share some of the insights I collected during my own effort to better understand the role and significance of Python within the industry.
Perspective #1:
UpGrad shared in a recent blog post that the following Top 10 Reasons for Python’s popularity:
- Easy to Learn and Use
- Mature and Supportive Python Community
- Support from Renowned Corporate Sponsors
- Hundreds of Python Libraries and Frameworks
- Versatility, Efficiency, Reliability, and Speed
- Big data, Machine Learning and Cloud Computing
- First-choice Language
- Flexibility of Python Language
- Use of python in academics
- Automation capabilities
Check out that post after you finish reading this one for an explanation of these benefits and resources!
Perspective #2:
Edureka outlines their Top 10 Features & Use Cases for choosing Python as a first programming language. Their reasons include:
- Python’s popularity & high salary
- You can use it in Data Science
- IT teams use it for scripting & automation
- Python used with Big Data
- Python can enhance your Software Testing
- Computer Graphics in Python
- Python plays a vital role in AI coding
- Developers use it for Web Development
- Python is portable & extensible
- It’s simple & easy to learn
You can read more about these use cases and features here!, but the 10th item on this last list stuck out to me. I keep hearing that over and over, so I had to explore that a little further from myself! Not being a developer myself, I wanted to SEE AND EXAMPLE of what “SIMPLE & EASY” looks like to help me wrap my brain around that! Here’s the example I found! Yes, it’s definitely simpler. It ALMOST makes me think I could even learn how to script using Python!
You see, “simple and easy to learn” is our mantra here at Cybr. We want to help make cybersecurity simple, easy and less scary for everyone to learn – so we can all do our part to keep ourselves, our kids, our communities, our customers and our companies a little safer from cybercriminals and exploitation. So, I am in love with that characteristic, and will definitely be looking for some free resources to help our community members learn Python if they don’t already know it!
Perspective #3:
According to Learning Python, 3rd Edition by Mark Lutz, the primary factors cited by Python users seem to be these, based on teaching Python to 200 groups and 3000 students over the past decade:
- Software quality – Python code is designed to be readable, and as such easier to reuse and maintain than other scripting languages. Python code uniformity makes it easy to understand, even if you did not write it.
- Developer productivity – Python boosts developer productivity many times beyond compiled or statically typed languages such as C, C++, and Java. Python code is typically 1/3 to 1/5 the size of equivalent C++ or Java code set. That means there is less to type, less to debug, and less to maintain after the fact. Python speeds up development time because it runs immediately without a lengthy compiling and linking steps
- Program portability – Most Python programs run unchanged on all major computer platforms. Porting Python code between Linux and Windows, for example, is usually just a matter of copying a script’s code between machines. Moreover, Python offers multiple options for coding portable graphical user interfaces, database access programs, web-based systems, and more. Even operating system interfaces, including program launches and directory processing are more portable in Python.
- Support libraries – Python comes with a large collection of prebuilt and portable functionality, known as the standard library. This library supports an array of application-level programming tasks, from text pattern matching to network scripting. In addition, Python can be extended with both homegrown libraries and a vast collection of third-party application support software. Python’s third-party domain offers tools for web site construction, numeric programming, serial port access, game development, and much more.
- Component integration – Python scripts can easily communicate with other parts of an application, using a variety of integration mechanisms. Such integrations allow Python to be used as a product customization and extension tool. Today, Python code can invoke C and C++ libraries, can be called from C and C++ programs, can integrate with Java components, can communicate over frameworks such as COM and .NET, and can interact over networks with interfaces like SOAP, XML-RPC, and CORBA. It is not a standalone tool.
- Enjoyment – Because of Python’s ease of use and built-in toolset, it can make the act of programming more pleasure than chore. Although this may be an intangible benefit, its effect on productivity is important.
Of these factors, the first two (quality and productivity) are probably the most compelling benefits to most Python users, according to O’Reilly.
Why Your Peers Use Python
Here are some insights, observations and opinions shared by Programmers, Cybersec Specialists and Python practitioners.
How Does Python Compare to Language X?
Let’s take a quick look on what one Python expert has to say about how it compares to the other programming languages he’s used. Mark Lutz, author of Learning Python has been using Python since 1992 and feels the comments here reflect the common experience of many developers who have taken time to explore what Python has to offer.
- Is more powerful than Tcl. Python’s support for “programming in the large” makes it applicable to the development of larger systems.
- Has a cleaner syntax and simpler design than Perl, which makes it more readable and maintainable, and helps reduce program bugs.
- Is simpler and easier to use than Java. Python is a scripting language, but Java inherits much of the complexity and syntax of systems languages such as C++.
- Is simpler and easier to use than C++, but often doesn’t compete with C++, either; as a scripting language, Python often serves different roles.
- Is both more powerful and more cross-platform than Visual Basic. Its open source nature also means it is not controlled by a single company.
- Is more mature and has a more readable syntax than Ruby. Unlike Ruby and Java, OOP is an option in Python—Python does not impose OOP on users or projects to which it may not apply.
- Has the dynamic flavor of languages like SmallTalk and Lisp, but also has a simple, traditional syntax accessible to developers as well as end users of customizable systems.
Especially for programs that do more than scan text files, and that might have to be read in the future by others (or by you!), many people find that Python fits the bill better than any other scripting or programming language available today. Furthermore, unless your application requires peak performance, Python is often a viable alternative to systems development languages such as C, C++, and Java: Python code will be much less difficult to write, debug, and maintain.
Syntax-simple & Easy To Learn:
One of the key ideas behind Python was to create “easily readable code”.
- Python code resembles spoken English and depends on the use of proper indentation, which makes it easier to read and more structured.
- The clean syntax and readability are what make it a good language to learn for beginner programmers or cybersecurity practitioners. Once you know Python, you can create solutions quickly and others can easily understand what you’ve created.
Versatility:
Python is an easy programming language for beginners, but it also has all of the power and resources needed by advanced programmers to do their work – making it a versatile language to learn.
- You can literally do everything in Python, and there are tons of projects that are built with Python.
- Once you learn it, you can find uses for it in web development, data science, machine learning, AI, web scraping, game development, scientific and numeric computing, and the list goes on.
Portability:
The standard implementation of Python is written in portable ANSI C, and it compiles and runs on virtually every major platform currently in use. For example, Python programs run today on everything from PDAs to supercomputers. As a partial list, Python is available on:
- Linux and Unix systems
- Microsoft Windows and DOS (all modern flavors)
- Mac OS (both OS X and Classic)
- BeOS, OS/2, VMS, and QNX
- Real-time systems such as VxWorks
- Cray supercomputers and IBM mainframes
- PDAs running Palm OS, PocketPC, and Linux
- Cell phones running Symbian OS and Windows Mobile
- Gaming consoles and iPods
Endless Opportunities:
Python is a great addition to your skill set no matter where you career ends up taking you. Python is being used by many big companies as it is simple, versatile and easy to maintain.
- If you want to learn coding but haven’t decided what to do with it then Python is the obvious option. As it gives you a choice to switch between different fields with its flexibility.
- It’s being used at…. Facebook, Google, NASA, Quora, Amazon, Reddit, Netflix, Dropbox, and Instagram to name a few. These companies make use of Python where ever they can. Python’s growth is spread pretty evenly across industries.
- Most startups prefer Python as well, because its user-friendly, simple, scalable, robust and innovative.
Open & Community Supported:
- It is open source! You can leverage any aspect of Python for any project.
- Python has a large user community of developers to tap into. Reach out if you run into issues while learning the language or working on a project.
- You’ll find Python community members on forums, Q&A sites, Twitter, Facebook pretty much everywhere.
- Community members will give you advice when needed. You can even ask them to use your code to find bugs that you can’t find.
- According to StackOverflow the volume of visitors to questions about Python on their site is increasing more rapidly than any other, claiming Python to be the fastest growing major programming language in the world.
Why is Python Scripting a skill you need to succeed in Cybersecurity?
IT teams are constantly being asked to “do more in less time and with fewer resources”. Automating tasks is one of the best ways to achieve this because it it allows you to increase efficiency and mitigate the risk of human error by performing routine tasks faster, more consistently and with fewer people. Any time you can automate manual, time-consuming, error-prone functions, it’s a win! Automation is your friend…and something worth learning [especially if it gives you increased control at no additional cost]! Python gives you this power!
Students often ask… “Do you need programming skills for a career in cybersecurity?” They answer is not always yes, as there are MANY cybersec roles that can be performed by people those of us who are less technical. But, if you are serious about becoming a skilled cybersec practitioner, the answer is yes! You will need some programming skills for a successful long-term career in cybersecurity.
Programming skills help offensive and defensive Cybersec practitioners to do their jobs better!
Programming knowledge is needed to analyze software for vulnerabilities, identifying malicious software, and other tasks required for cyber security analysts. However, the coding skills required will vary depending on what you want to specialize in: web app security, software security, malware analysis, network security, or computer forensics.
Net-net…programming skills gives you an edge over other security professionals without those skills!
Acknowledgments
- Naushad’s Blog Post – https://medium.com/datadriveninvestor/5-reasons-why-i-learned-python-and-why-you-should-learn-it-as-well-917f781aea05
- https://phoenixts.com/blog/do-you-need-programming-skills-for-a-cyber-security-career/
- https://www.springboard.com/blog/best-programming-language-for-cybersecurity/
- https://www.edureka.co/blog/10-reasons-why-you-should-learn-python#scripting
- https://www.upgrad.com/blog/reasons-why-python-popular-with-developers/
- https://www.upgrad.com/blog/python-challenges-for-beginners/
- https://medium.com/@mindfiresolutions.usa/some-limitations-of-python-6f5370fc215f
- https://www.monterail.com/blog/is-python-slow
- https://inventwithpython.com/blog/2012/07/09/16-common-python-runtime-errors-beginners-find/
- https://squareboat.com/blog/advantages-and-disadvantages-of-python#:~:text=Database%20Access,a%20little%20underdeveloped%20and%20primitive.
- https://www.oreilly.com/library/view/learning-python-3rd/9780596513986/ch01.html
Thank you very much for presenting a brilliant article.
Indeed I am in agreement with your synopsis that aspiring Cybersecurity professionals do need to grasp a handle on python programming as an additional subset skill. As with everything the motivation is entirely dependent upon the motivations as well as the ICT industry requirements.
Glad you enjoyed the article! Thanks for sharing your thoughts on it!