Whether you are a would-be professional, a security enthusiast, or a seasoned veteran, the truth is that the tech landscape is constantly changing. The purpose of this article isn’t to force any programming language upon you, it’s to offer up perspectives on why you might want to look at each one.

My daughter asked me the other day why there are so many languages. I told her they’re just like tools you buy at the hardware store — there’s a tool for every job, and many tools you can use for the same job. Sure, you could flip your screwdriver around and hammer a nail into place very poorly and you would technically get the job done, but using a hammer would be a lot less stupid. Ok, on to the list.

1. Python

Python has been at the front of the game for quite a few years now. It’s a general purpose, server side scripting language (meaning it doesn’t have to be compiled) that been used for thousands of security projects. The majority of security tools and PoCs you will find are written in Python, and with good reason: it’s super easy to pick up and use. Not to mention, there are tons of amazing modules being developed every day to help you tackle nearly any problem. Even if you don’t plan on using it, you might want to learn how to read/modify scripts with Python. Chances are, you’ll end up doing just that at some point.

2. Javascript

Everybody hates javascript. I use it everyday and I love to hate it. But, there’s nothing out there that does the same job and has the same amount of popularity with developers. This is the point, really. Every major browser supports it, and pretty much every web developer is using it. If you’re going to be doing web app pentesting, bug bounty hunting or otherwise, not knowing javascript is going to hurt your ability to do your job well. Cross Site Scripting (XSS) is one of the most common vulnerabilities on the web, and guess what? It’s primarily a javascript-based attack.

3. Powershell

I just gagged a little, sorry. I’m not a huge Windows fan, and most of us aren’t anymore, but that doesn’t change the fact that Windows will be the front-runner for years to come. Banks will use Windows XP until the wheels fall off, and the federal government uses Windows (usually not XP..) throughout all of their departments. So what can powershell do for you? Everything but wipe the tears from your eyes. It’s a powerhouse for post exploitation of a Windows machine, and can do some cool stuff like dumping ADFS user emails and helping with user privilege escalation.

4. Assembly Language

This isn’t for everyone. Literally, you won’t all have to use this. But, any security list would be incomplete without talking about Reverse Engineering. There are some pretty awesome tools to help with RE, like IDA and Ghidra, but some assembly is still required. Forgive the pun, and look at assembly language if you’re interested in malware and RE.

5. Ruby

Yeah, I said it. Ruby. Now fight me. Some of the biggest security tools are written in Ruby (ever used metasploit?), and for good reason: it’s a lot like Python, super easy to use and has a ton of community support. Not to mention, there’s some pretty cool overlap between security and app development if you ever want a side gig. This last spot was a hard one to fill, so let me talk about some that didn’t make the list.

Honorable mentions

Golang/Go: A powerful language that compiles to a stable, super fast executable that is cross-platform compatible. Tools like GoPhish are written in Go. C (not C++): The tried and true standard. I almost put this in the list for RE, because knowing C will for sure boost your prowess with RE and malware.

3. HTML & CSS: These are NOT programming languages, but could have made the list along side Javascript if I wasn’t too embarrassed to include them. Knowing how to use them properly and improperly will help with web app pentesting.