JavaScript and web development are key skills for security pros, says Vladimir de Turckheim
JavaScript is one of the most commonly used coding languages in web development.
"Anytime you want to build something — any web application, any website — you must choose JavaScript," says Vladimir de Turckheim, Infosec Skills author and data engineer at Datadog. "There's almost no alternative in web development. Virtually every company in the world and anyone doing anything on the internet is using JavaScript."
Other technology drives the server side and is used for things like database access, but the web interfaces to interact with that technology are likely JavaScript, says Turckheim. That's why it can be beneficial for IT and cybersecurity professionals to spend one or two years working in web development.
FREE role-guided training plans
"If you focus your career in security, chances are you will meet web development at some point, and not having an understanding of how the web works will penalize you and limit your ability to communicate with web developers."
Understanding the position of web developer can help you understand how to apply security best practices. Likewise, knowledge of security best practices can help your career as a web developer.
"If you want to carry on in web development, understanding web security will give you a heads up compared to anyone else in the industry," says Turckheim. "You will be hired not only because you can build applications, but also because you can build applications that have fewer chances to be broken into."
And that makes you a more valuable asset.
Learning JavaScript security
Turckheim recently released a JavaScript Security Learning Path in Infosec Skills. It focuses on areas of security that are more up to date or lesser known.
"There is little content on the internet on how to secure or use some of these mechanisms, so I would recommend taking a look at the courses — even if you have experience in those areas," says Turckheim. "I'm going to teach you the gap between traditional web security and web security today."
Turckheim, who is an active member of the Node.js Security Working Group and an official Node.js collaborator, also teaches a Writing Secure Code in Node.js Learning Path.
"Every experience in Node.js is relevant in JavaScript," says Turckheim. While JavaScript as a programming language is used in front-end development, Node.js is used to build server-side applications. "I'd say that 99% of the people I know who use Node.js know how to build applications in the browser too."
The JavaScript Security Learning Path is valuable for Node.js developers and security analysts, as well as those who deal predominantly with JavaScript, says Turckheim.
JavaScript security: What to expect
Turckheim designed his courses to prioritize the most current and relevant information while also reviewing more foundational concepts.
"The things I repeat or go deeper into are probably the most less-known parts," notes Turckheim. "The things I cover faster might still be complicated, but there is enough literature online already to help you learn." He likes "to focus and spend the most time where the resources are hard to find and the learning gap is harder."
Topics covered in his Infosec Skills courses include:
- Web application security principles and their implication in actual JavaScript codebases
- The security model of browser applications
- The impact of security headers and modern XSS mitigation techniques (including trusted types)
- The basis of Node.js security
- How to set up a serverless JavaScript project and implement best security practices
- Common attacks against modern websites (including clickjacking attacks)
Turckheim — who designed security mechanisms used in JavaScript, Python or Google PHP applications — created the JavaScript security path to be relevant to all career roles involving JavaScript development and security.
"You're going to put something on the internet. Do you know what security problems this can lead to?" he asks. "I would recommend this learning path to anyone who has anything running on the internet."
Applying JavaScript knowledge to your career path
JavaScript is a valuable skill set, but it's just one tool in your toolbelt.
"If you learn JavaScript as a language, you will want to learn either front-end or back-end development," says Turckheim. "Anything you learn in the backend will be relevant — if you do JavaScript in the back-end — but front-end development also requires knowledge of HTML, CSS and modern web frameworks."
Lastly, Turchkeim highlights the benefit of talking to people who have the career you want.
"If you have an idea what your dream job is two years from now, sit with someone who already has this dream job. Contact them. People are actually incredibly open to talk about their job and to tell you what you need to learn. Then apply for that job in two years."
- Expert instruction
- Hands-on labs
- Unlimited access
In this Series
- JavaScript and web development are key skills for security pros, says Vladimir de Turckheim
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity