cldrn

I think you should understand that this field is huge and that there are several specializations that you could enjoy. Play around with everything until you find what you love doing the most. Realize that you will never stop learning.

Howdy,

Paulino Calderon here, co-author of Practical IoT Hacking, I got late to the party and it seems we can't edit the post at the moment but here is my proof: https://imgur.com/BEQAaoW

I would say that any programming language becomes very useful and with time you will start picking more up pretty fast so don't think too much about it and start coding in whatever language you find yourself most comfortable.

Now, depending on the field you pick, programming could become more relevant or not. In application security, programming knowledge helps you immensely when doing security assessment as you are already familiar with the dos and don't's of a language and how the data flows. Even if you don't do source code reviews, you need to understand common data structures, operations, and dangerous operations in that particular technology.

Another thing I notice in the industry is that people with programming knowledge are not limited by the tools they use. Very often things don't work as planned and you need to patch or create new functionality to exploit a target.

Focus on understanding basic operations, data structures, network I/O and start automating any task that you think could save you time in the long run. Then you will start coming across situations when there is a better technology for your needs and you will pick up that language too and so on...

I am a long time follower of Internet of Shit on Twitter, I recommend you follow that account if you are not doing that already. When we got a smart water bottle to showcase some of the common problems with BLE implementations, we were in for a big surprise. Quite shocking how a simple device to remind you to drink water has serious privacy implications.

I used to root for the "Stop using SMB1" campaign [1] by Ned Pyle and the blue team part of my heart was happy when they finally disabled it by default. Sadly, I still see it often in corporate networks...

Nowadays, LLMNR, WPAD, basically any protocol or functionality that makes it easy for local attackers to gain a foothold in a machine.

[1] https://techcommunity.microsoft.com/t5/storage-at-microsoft/stop-using-smb1/ba-p/425858