Here is the usual disclaimer when it comes to technical posts; I am writing this from my own unique, personal experience, as a mildly experienced blue teamer. I do not claim to be in possession of the one and ultimate truth. I am simply sharing my experiences with the hope that it will help you and better guide your own efforts and your unique learning journey.
With that out of the way, this is the second of a series of articles where I plan to explain what common blanket statements used as vague (yet accurate) advice to newcomers in our industry have meant to me. The first article explained what “you need to learn Linux in order to work in cybersecurity” had meant to me at the time, which you can read here, and this one will address a similar sentiment around python.
As a cybersecurity professional, I often hear the phrase “you need to learn python” thrown around without much context or explanation as a piece of advice for people aspiring to join the field or people already in the cybersecurity field looking to level up their skills. It can be daunting to think about learning a new programming language, especially when you are already juggling a lot of other responsibilities and tasks, but providing simple guideance and context to that statement can make it less challenging and not as complicated or hard to reach as you might think.
Here is what has been behind the “you need to learn python” for me, thus far:
1 – Approaching it with the right mindset
One of the biggest misconceptions about learning programming is that it’s only for those with a natural aptitude for math and logic. While those skills can certainly be helpful, they are by no means a requirement. I used to feel like learning programming could be just out of my reach, or find many other reasons why I would fail or not fully understand what I was trying to accomplish.
The need for allowing oneself to learn was mentioned in a previous article, “4 Reasons I was failing at learning and why you may be“. Imposterism can reach peak levels when learning complex concepts like programming languages from zero, or starting long learning journeys from very basic principles. Breaking that barrier was the first step in my learning journey. To put it simply, automation and programming are skills that can be learned by anyone who is willing to put in the time and effort in a somewhat consistent basis.
2- Learning to navigate the vast amount of resources available
One of the things that I found most helpful when learning python was the abundance of resources available online. There are countless tutorials, courses, and documentation available to help you get started, and a lot of them are free as well. While this is undoubtly helpful and makes learning python more accessible than many other relevant skills, it can also quickly become overwhelming and finding the right content to trust and follow along through completion can be challenging.
I admittedly started too many video series, guides, and books before I settled for the following as my go-to resources to start learning python:
a) TryHackMe’s Python Basics Room (Free) : If you have read other articles in this site, you should know by now that I am a huge fan of the hands-on approach THM offers. In this room, you are introducted to many python fundamentals with guides that are easy to follow, and invited to complete multiple challenges via an in-browser code editor to practice these concepts.
b) Taggart Institute’s Python for Defenders Course (Free) : This course is definitely well structured for people that are completely new to python, going over some of the most important basics such as data types, lists and dictionaries, loops, as well as functions and classes.
c) Python Simplified and Codemy YouTube channels (Free). Though perhaps less organized than the courses above, these YouTube channels are great to learn fundamentals (data types, loops, operators, etc.) and also offer great step-by-step walkthroughs for real-life projects and additional areas like creating GUIs with Django, PySimpleGui or TKinter, which can elevate your skills.
3 – Getting somewhat familiar with the fundamentals
Let’s make an emphasis on that “somewhat”. The reason why I use that word is because I feel it is important to realize that learning to code or learning python is not all about memorizing syntax and memorizing lines and lines of code.
First and foremost, learning how to code is learning how to apply programming logic to tackle a specific challenge or reach a specific goal. While knowing and understanding foundational concepts is important and makes it much easier to perform the correct searches on Google or on the proper documentation, memorizing anything without a deeper layer of understanding will not scale.
That said, it is important to understand python basics like strings, lists, tuples, dictionaries, loops, functions, etc. These basics can be found in any entry level course, like the ones mentioned above. These concepts will stick in your mind because you will use them over and over, and, worry not, the more obscure ones will remain forever stored on the internet, only a good google search away anytime you need them.
4 – Github and previous code
Another aspect that was truly helpful in my journey to learn python was losing the fear to dive into Github and simply read other user’s code.
Using Github’s search engine, I would first search filtering by python as main language and find projects that were trying to solve the same challenges I was trying to solve at a much more basic level. I was able to learn a lot by simply looking at code that worked and adjusting my own code accordingly, or seeing new syntax that I would then Google to find out more about, etc.
Beyond that, Github repositories also help me find new project ideas. Simply searching broader terms like “cybersecurity“, “football manager” or other areas of interests for me can return many interesting repos I can get inspired by and come up with an idea for a use case to continue learning python once I cannot think of any, which has proven to be more efficient to me than engaging in never-ending mildly useful Google searches in search of inspiration.
5 – Figuring which approach was most efficient for me to learn it
There are generally two approaches to learn python: learning it from zero via a more traditional path and learning it as a way to fix or fit a specific use case. Personally, I found the latter approach to be the easiest and most motivating. Rather than starting with math operations and simple projects, I was able to learn python by tackling real-world problems and seeing the immediate impact of my code.
Of course, there are pros and cons to both approaches, and the one that’s right for you will depend on your goals and learning style. But if you’re feeling overwhelmed or intimidated by the thought of learning python, or simply having a hard time staying motivated while tackling some projects traditionally designed for beginners (calculators, etc.) I encourage you to try the use case approach. It might just surprise you how quickly you can pick up the basics and start using python to solve problems and automate tasks that impact your day to day, and how much working on real life challenges that relate to you or your line of work can help to stay motivated learning python..
Overall, learning python requires a combination of practical experience and dedicated study. With time and practice, you can become proficient in this powerful and versatile programming language. While “you need to learn python” is a blanket statement, it holds some truth. Learning python is a great idea if you work or plan on working in tech. Python remains a great programming language to learn as a beginner due to it being free, open source, and easy to learn due to its focus on code readibility.
While learning python from zero can definitely bring you out of your comfort zone, there are some strategies to bring some comfort back; focusing on solving challenges or issues that impact your day to day, using python on some fun non work related projects that you are passionate about (personal finance, videogames, etc.), and finding the right course or content to watch along the way can help ease your way.
These are my thoughts around my own personal journey to learn python. Did I miss any important point? Do you have any questions? Let’s continue the conversation either here, on Twitter @spapjh, or Mastodon (infosec.exchange) here.