The Joys of Python

The Joys of Python

I’ve been working in the IT industry for almost 20 years now and all of that experience has been on the infrastructure and support side of things…server administration, network administration, consulting, and most recently some management. Programming has never been my strong suit, other than writing the occasional script to automate an administrative task. As I began my journey into InfoSec, I kept reading and hearing over and over how important it is to have solid coding skills if you want to be successful. Coding skills will help you build/modify your own security tools, understand what’s going on under the hood of the software apps you work with and contribute to open source community projects on Github.

The general consensus is that the most useful and easiest to learn programming language for a new security professional is Python, so that’s the language I decided to tackle first. Having skills in Ruby and PowerShell (which I have dabbled with a bit) are also important, but we all have to start somewhere. How does a non-coder become an actual coder who can build things that are useful in an InfoSec career? I’ll let you know as soon as I find out! But seriously, I have made some progress in learning Python, so I thought I’d share a little bit about that here in case anyone else is contemplating the same path.

 

Why Python?

The experts tell us that Python is one of the most readable programming languages out there. Rather than having to memorize a bunch of arcane commands, most of the Python commands are in plain English…easy to read, understand, type and remember. The learning curve is also gradual, not steep like most other languages. You can start learning a few basic concepts that actually perform functions, and then build on those to create more and more sophisticated applications.

There are so many good security tools written in Python already, and your new coding skills will allow you to modify those tools for your own needs. There are tons of libraries and modules you can download and import to increase functionality. Once you get up to speed you can even write your own and share them with the rest of us.

 

What Can You Build With It?

The biggest benefit to learning Python as it relates to Information Security is automation. You can use it for data analysis and save tons of time parsing through information you need to review by writing a script that finds and organizes what you need to see.

You can take often-repeated tasks and create tools that make them happen automatically whenever you need it. You can conceivably put together entire workflows to save lots of time in various parts of your job. For OSINT or pen testing, you can write scripts to gather information from online sources for you.

 

How Do You Learn It?

Python.org has a great beginner’s guide, but I found the most benefit from a video training course called “Python 3 Network Programming” at the GNS3 Academy site. I like it because it covers the fundamentals first and then switches gears into using Python to build interesting and useful apps including automation to read/write network device configs, a subnet calculator and even a network packet sniffer.

Sitting there memorizing commands and syntax has never been enjoyable or effective for me, but building actual useful tools that solve problems definitely keeps me interested and is great practice for the real-world work environment. If you’re new to coding like me, focusing on an end result or a problem to solve is a great way to learn and stay motivated.

 

Additional Learning Resources

If you’re looking for variety, here are some other Python learning resources I found during my research. I may go through one or more of these courses next:

CodeAcademy – Learn Python 3

Cybrary – Python For Security Professionals

The Automating OSINT Python Course

 

What’s been your experience with learning Python? Any other good resources or tips you would recommend? I’d love to hear about it in the comments below.