Is learning low-level stuff (C, assembly) actually worth it for cybersecurity or is it overkill?

[Sarim78]

Select Topic Area

Question

Body

Hey all,

I keep going back and forth on this. I'm a CS student currently taking a data structures course in C, and I'm starting to wonder how much low-level knowledge actually matters in a practical cybersecurity career.

Some people swear by it, say you can't really understand buffer overflows, memory exploitation, or reverse engineering without getting comfortable at the C/assembly level. Others say most security work is tool-based and you can get far without ever touching a disassembler.

So I'm curious, for those of you working in security or deep into the learning path:

Did low-level programming knowledge ever directly help you in a real scenario?
Is it more relevant for offensive security (pentesting, exploit dev) than defensive roles?
Would you recommend a student prioritize it, or focus on networking + tool fluency first?

Not looking for the textbook answer, just want to know what you've actually seen matter in practice.

Thanks

[kabir2004]

My cutie patootie