There are many different types of information security positions covering compliance to architecture. Do you think it is better for an information security professional to have actual development or programming experience?
I think it is very beneficial in many areas, and is good for increasing career opportunities. Here are a couple of examples:
Ron Parker CISSP, CCSP
I believe you can function without it, but it always helps to understand the people that you are working with.
I had 10 years dev experience before moving to a security role (also 10 years). I really see the difference in some of my security specialist colleagues especially when it comes to understanding the complex dependencies and effects that making changes in software has on other parts of a system. To many security consultants it is clear cut that the risk of a vulnerability overrides any other consideration, but the complexity of software especially in enterprise systems makes such decisions complicated. Understanding the development processes and the time it takes to verify knock-on effects of a change is essential and it is difficult to do if you don't have the experience.
I also see this in the CISSP materials on software development. The assumption seems to be that many developers do not care about security, although my experience is that this is far from being the case. Often it is the security education & training that is lacking and that is for all of us to address within our organisations.
The answer to all 'do you need or is it valuable questions' is very simple.
You do not need ANY particular experience or education to find a job. However, the broader and deeper your experience and knowledge the more opportunities that will be available to you.
Depth and breadth will eventually compete with each other. You CANNOT be a master of all. Do what you enjoy.
I enjoy people and hate head-down analysis. I could never be a hunter.
I lead down well, but lead up poorly, so the management, director, CISO chain is not good for me as politics becomes more and more of the job.
I am organized and a good mediator so I lead projects and programs and there are plenty of opportunities.
The answer depends on what you do --- including what you deal with in your line of work, your role in an organization, and your place in its hierarchy.
For example, a CISO should have excellent managerial abilities but wouldn't need technical skills, although having these or a good know-how is a definite benefit. A penetration tester or system analyst should have technical expertise relevant to systems being used, with acceptable communication and interpersonal skills.
Skills should be backed by experience, as was concluded in many posts in the community, including this one.
To analogize, a diplomat who's adept in multiple languages that are spoken where he's stationed would be better off than one who's dependent on an interpreter...
Thanks for your suggestions Sharad your blog is not now trending if you want to know DevOps interview questions just visit at Courseya:- https://www.courseya.com/