The Art of Efficiency, IT Security and Programming
by Ramece Cave, Solutionary
Over the past few years, I have heard a couple of specific comments about IT security professionals and their ability to write code. In one capacity or another, whether it is a fellow IT security professional or manager, I heard that being able to write computer programs in this industry is an act of laziness, or not an efficient method for manipulating and analyzing data.
The comments seemed to indicate that the speakers thought the skill has no place, does not fit, and is persona non grata. Security geeks are not programmers. I would liken this to watching a two-headed purple Siberian Whispering Hamster sing Broadway show tunes. It may be fascinating, but just does not belong. Of course, everyone knows two headed purple Siberian Whispering Hamsters only sing songs from the top 40 playlist. If you are of this mindset (the programming aspect, not the hamster), I ask you to reconsider your position.
Now, more than ever, programming is becoming an essential skill in the IT professional’s arsenal, and as a direct result, in the IT security professional’s arsenal as well. Yes, there are multitudes of applications/equipment available to handle nearly every situation. But here’s the rub; that annoying, in your face, not accepting my friend request, adverb “nearly”. What if your company cannot, or is unwilling to, purchase that tech gear/application for any number of reasons: budgetary, priorities, not useful at current time, frugalness, just because, etc? Of course, I am speaking hypothetically and this never happens.
Sometimes it can be easy to forget that the products that make this industry great and booming probably started as an idea doodled on a napkin or a whiteboard. Or, someone just got tired of doing something manually or fighting with an existing tool and took a stand, buckled down and turned a manual process into a work of efficiency, perhaps even a true work of art. From then on, with proper care and feeding, it grew into a powerhouse; one of those indispensable tools that we all use today.
Today with the troves of data and logs collected in an IT infrastructure, IT professionals are required to improvise and think more on their feet, adapting to any situation. Even a basic understanding of programming, whether writing scripts or compiled code, can help find that needle in a haystack, that one piece of information that your go-to tool cannot provide or extract. This does not mean your favorite tool is inferior or flawed. It may just be missing that one feature you need at that particular moment. Programmers and designers can only speculate so much about the needs, wants and uses a particular application will have. Having the ability to augment a product by writing a plugin or supporting application can help bridge the gap.
In a previous blog I wrote about creating custom packet analyzers. Using a similar methodology I wrote a script to search thousands of packet capture files looking for a specific connection. At the time, I did not have access to a commercial analyzer, and the files were not indexed in a database, but stored in a plethora of directories. Was this an efficient method of analyzing the data? Some people in the group thought not, but I thought so, and my manager at the time agreed.
We could discuss this topic until the cows come home, but the decision to program, or code, if you prefer that term, comes down to the individual and what they want to accomplish. They will need to find that balance between whether something should be automated with specialized code or continue to be done manually. This truly depends on the task at hand and the level of effort required. If one day you find yourself single stepping through a log or manually checking dozens of files, maybe you should ask yourself if there is a better, more efficient way to complete this task?
For more information contact your NCA trusted advisor at: firstname.lastname@example.org call us at 1.800.604.6536.