One of the biggest problems in the security industry is a misconception that security and computer science are the same. They aren't at all.
If you're doing low level design of crypto algorithms, you need to know math. If you're doing appsec reviews or pentests, then a background in software development might help (but is not required).
But there is an entire world of security roles out there that are essential to implementing security that have nothing to do with math or compsci. The security industry right now has a huge problem with gatekeeping, where they think you can't even begin to think about security unless you're already a top-tier principal engineer, and it's led to a huge drought of talent in security roles across the board.
And yet, (correct me if I'm wrong), a good security person does not need to understand cryptography. He should have some basic understanding of how to apply it, but the knowledge of it's internals and the math behind it is pretty much useless.
Yeah from the outside looking in, to me the biggest requirement is one of mindset, thinking like an attacker, thinking of all the possibilities… in that sense very much like the qualities for a good QA person
true, crypto(graphy - wow, been so long since i've typed it that I've just realized crypto has now been bogarded for something else).
theory vs applied but I think its still true the mindset of a hacker is still very different. ie similar to the whole IT vs dev
If you're doing low level design of crypto algorithms, you need to know math. If you're doing appsec reviews or pentests, then a background in software development might help (but is not required).
But there is an entire world of security roles out there that are essential to implementing security that have nothing to do with math or compsci. The security industry right now has a huge problem with gatekeeping, where they think you can't even begin to think about security unless you're already a top-tier principal engineer, and it's led to a huge drought of talent in security roles across the board.