Do InfoSec Folks Need to be Able to Write Code?

I ran a poll on Twitter recently, trying to ask this question in an open way, to see what people thought. I was surprised that a lot of folks not only voted, but also shared some strong opinions. This was the final vote count:

To be of value to #infosec community, must contributors be able to write code?

— Kate Brew (@securitybrew) September 28, 2017

I tried to make it OK to vote "yes", since the InfoSec community is typically open and inclusive of all kinds of people, and I didn't intend for a "yes" vote to be construed as negative. Not sure I accomplished that goal, but in any case the comments offered were maybe even more telling of the community's views than the numeric result of the poll.

The question turned out to be much more controversial than I expected. Several people were adamant that coding, especially writing scripts to automate tasks, is an essential part of the InfoSec job. Then there were others who had more of the attitude of “it takes a village”, and suggested that many different skills are of value to InfoSec professionals.

Coding skills are clearly both valuable and valued

This poll changed my views on the necessary skills I would recommmend for those aspiring to work in InfoSec. The ablity to write code to automate processes would be advantageous for anyone trying to get into the field. At the same time, so would a background in network engineering, system administration or help desk. There are many paths that lead to InfoSec careers. Not everyone that works in InfoSec comes from a coding background, but the comments suggest that those who do find it helpful. And while not everyone in InfoSec is proficient in coding/scripting, this ability sure seems to help those who are.