As a young professional in cybersecurity, do you often feel so dumb that you can’t understand some concepts? Maybe my experience can help.

My Background

I studied Information Security in college. We had the usual foundational CS and math courses, along with cryptography. Back then, the security field seemed straightforward—either you were an attacker or a defender—even though I had no idea how either actually worked.

Later, I interned at two companies, where I learned about web pentesting and Active Directory security. I thought I was cool because I could “hack a machine.” But I fell into the certification trap and stayed there for years. I believed that once I got my OSCP, I’d land a great job and be set for life. The truth? I never passed the exam and I still got a decent job.

Since I did well in undergrad, I came to the U.S. for grad school. That’s where I met some truly smart people and started to realize how far behind I was in core computer science. Professors assumed cybersecurity students were already programming experts, but I wasn’t. I struggled. I knew all about vulnerabilities, attack methodologies, and bug bounty business, but I had no idea how the technology worked under the hood. I never read the source code.

Eventually, I landed an internship and then a full-time role as a cloud security operations engineer. I didn’t need to pass LeetCode-style interviews, unlike my SWE friends. But because no one expected me to code, I quickly got bored with the repetitive work. Worse, I noticed that developers looked down on security. They were the ones fixing bugs and our findings were often seen as annoying or low-priority.

Pros and Cons

With all these doubts, I began to ask: what if I became a developer? Would that be smarter?

As a Cybersecurity Professional
Pros:

  • Learn about cool attack techniques.
  • Feel like a hacker.
  • Easier path to senior roles (since I already had experience).

Cons:

  • Spend a lot of time arguing about insecure configs.
  • Most tools are just scripts, not real software.
  • Lower salary compared to SWE.

As a Software Engineer
Pros:

  • Build useful, impactful tools.
  • Fewer pointless meetings.
  • Gain deeper understanding of how products really work.

Cons:

  • Honestly, it’s harder than security, as you’ve got tons to learn.

Eventually, I switched to a dev role within the same department and it completely changed how I saw both fields.

Engineer vs. Analyst

YouTube and LinkedIn made it seem like cybersecurity and software development are totally separate careers. That confused me for a long time. But now I see: security is part of the software development lifecycle. The real distinction is not “security vs development,” but rather analyst vs engineer.

  • The analyst finds the problem.
  • The engineer solves the problem.

Both roles matter, but I prefer writing code.

Since switching, I’ve learned so much about how software actually works. I even started reading the source code of new CVEs. And you know what? HackTheBox got easier—and more fun—because of my web dev skills.

Summary

Always aim high because there are no shortcuts. I skipped LeetCode and missed the SWE opportunity early on. I avoided development skills, and that became the bottleneck in my security career.

If you’re like me, if you want to be a great hacker, become a developer first. You simply can’t skip that step.