Best Programming Languages for Cybersecurity Professionals

Do you find your cybersecurity career is limited by your inability to program?  Few of the cybersecurity professionals I know personally know how to program, with the exception of those who work in a programming environment.  If you are considering learning to program, what languages are best for a cybersecurity career?  Do you need more than one? Where is the best place to start?

Prepare by setting up a couple practice systems to work with, and using  Windows and Linux virtual machines would be a good way to go.  Fatal accidents are easy to repair, and spinning up a new VM takes a few minutes.

There are also great training resources, many of them free, on places such as Cybrary, UDemy, and

Shell Scripting – Probably the best place to start is with a scripting language.  In Windows this will be Powershell.  In Linux it will be Bash.  These days, Windows allows Bash scripting natively, so you may not need to have a Linux system handy to practice with, at  least not right away.

Powershell is based on earlier Windows coding environments such as Basic and Virtual Basic.  There are a lot of new exploits that take advantage of the power and permissions available in Powershell, so learning how to script in Powershell has both practical (automation of repetitive tasks) and tactical (blue team and red team uses) applications.

Bash is the Linux version of shell scripting, and again is a handy tool for both practical and tactical uses.

C – Of the classical programming languages, C is a programming language that has been used for over 50 years.  Unix was the first machine-portable operating system, and C was used to program for Unix.  There are still new cyber-exploits being released that are written in C.  If you like to begin at the beginning, this may be for you.

Python is the most popular programming language, and has cross-platform capabilities that means programs and exploits coded in Python will run on virtually and system.  If you want your skills to follow the crowd, this is for you.

PHP – Like Python, this is a very popular programming language.  It is used by over 80% of websites.  The popular CMS WordPress is written almost entirely in PHP.  If your career leads you into protecting websites and web applications, this is for you.

JavaScript is another popular programming language that is used in websites and applications.  Fluency in JavaScript can help you interpret, write, and correct errors in JavaScript code that can lead to exploits such as Cross-Site Scripting (XSS), Cross-Site Forgery Request (CSRF), and SQL Injection.

SQL or Structured Query Language is not technically a programming language, but most modern databases run on some version of SQL.  Modifying SQL queries can lead to SQL injection attacks, which can lead to loss of database contents, or even the takeover of the server.

Starting with a scripting language is probably the easiest way to learn code writing conventions.  Moving on to programming language choices, if you work in a server environment, I would suggest Python.  If you work more on the web, then PHP and/or JavaScript should be your preference.  If you work in databases, then SQL.

Good luck on your quest to learn how to program!

More information


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.