The ability to code is not a necessity for a career in cybersecurity. However, if you don’t have a solid understanding of basic programming concepts and the ability to code in at least 1 programming language, you will be limited in your options. If you’re interested in automation or an overall versatile language for security, python is definitely your best bet. But other languages do have their uses and C/C++ is one of them. Many applications and exploits are written in C/C++, which makes it very useful to a security professional.
History of C and C++
The difference between C and C++ can be confusing if you’re not familiar with the history. C is the original language and was created back in the 1970s. C is a low level programming language, this means that it allows you to interact more directly with the computer and have more control over how your programs operate. For example in low level programming languages you are responsible for the memory management of your program (how much memory your program uses) and if you do it incorrectly the program will get an error. But high level languages like Python and Javascript have built in features that take care of memory management for you. It may seem like high level languages are overall better but not having full control can lead to less efficient programs and less overall options when programming.
C++ is an enhancement of C that was created in 1985, while it is derived from C it is a unique language. It can support classes and objects while C cannot and is overall faster and has better performance than regular C. Since both languages are so closely related, employers will expect you to have working knowledge of both languages.
C/C++ in Cybersecurity
Within cybersecurity C/C++ are great for analyzing malware and finding vulnerabilities in existing software. A large amount of malware is written in C/C++, malware analysis is the process of looking at the source code of malware to identify its purpose, reverse engineer it or find indicators of compromise (IOCs). Having a good understanding of C/C++ will allow you to read and understand malware written in that language, which is a valuable skill.
The next area is in finding vulnerabilities in existing software. During the Software Development Lifecycle (SDLC), the source code should be manually reviewed for vulnerabilities. Being able to read and understand C/C++ code, combined with knowledge of common security vulnerabilities would allow you to review source code and find vulnerabilities before an application gets pushed to the market.
Other Uses of C/C++
In addition to Cybersecurity, C/C++ is also useful in the development of mobile applications. It’s one of the few, if not only languages that can be effectively used to create both IOS and android applications. Unlike languages like Swift, that were designed specifically for one platform C++ allows you to create efficient, quality applications for both platforms.
Final Thoughts
While programming is not a prerequisite for working in Cybersecurity it can be very useful to know. C/C++ in particular is good for malware analysis and finding vulnerabilities in code that was developed using C/C++. If you have a good understanding of programming combined with knowledge of secure coding practices, you will have a valuable speciality to any company that develops software. Additionally, you will have the foundational knowledge to develop mobile applications for IOS and android.