I've been learning programming for about six years give or take a couple of months. Prior to that I was a power user of Linux, prior to which I was a power user of Windows, with a brief time period in which I was a noob after switching to Linux. I've been learning security for about twelve years but over the first six years I only went as far as one can go without being a competent programmer. However, my security knowledge spans more areas than computers and includes intelligence techniques like correlation to enumeration to linkability to intersection and so forth. I've been reading traffic analysis papers primarily in relation to networks like Tor for longer than six years as well.
No matter how much time I put into learning I always feel like there is a vast wealth of information outside of my grasp. It's insane how enormous the area of information technology is. I primarily know C and Rust, however I also know Ruby and PHP somewhat such that I could pick them up rapidly, seeing as I have hundreds of hours of study and practice into them yet thousands into C and Rust. I'm entirely self taught though, but my knowledge isn't entirely limited to programming languages as I've also read numerous indirectly related books of various quality (textbook being the highest quality, of which I've read only a few, with Oreilly and even more so Elsevier style books being just below textbooks in quality, of which I've read numerous, all the way down to basic tutorials). For example, I've read probably six books on relational databases, though that is essentially declarative programming as far as SQL goes. I've also year several books on software architecture, two or three on cryptography, and more language generic texts on software design patterns and anti patterns, security oriented programming, one book on algorithms and data structures I certainly need to read another in that area but I've implemented hash tables, bloom filters, and doubly linked lists in C. I also know a lot about general computer security such as isolation, correctness, randomization, ASLR, DEP, SECCOMP, namespaces, etc. And I've read dozens of academic papers related to security, cryptography, and traffic analysis.
I've also hung out in pertinent IRC channels for like a decade or longer and listened to probably thousands of hours of semi skilled and skilled individuals discussing pertinent topics.
I'm not particularly skilled with math, enough that I can put together cryptographic systems from a whitepaper with some amount of effort but although I've used math to implement things in whitepapers with mathematical specifications I've typically not had to go very low level into mathematical implementation. For example I may snap together a blind signature scheme, but the really hard mathematical algorithms to implement are provided to me in say an elliptic curve library, such that I don't need very deep an understanding of the math. I should really learn math to a superior degree, but I've really not found much need for it as my basic understanding has been enough for me to implement even things like blind signatures from an elliptic curve library, and I don't really need to implement my own elliptic curve library. Maybe eventually I will run into some problem that requires more advanced math than I can learn or figure out on the fly over the course of a couple of months, but so far I've not particularly needed general mathematical knowledge beyond some very early college level or late high school level concepts like logarithms, modular arithmetic, recursion I suppose, and similar such things.
The most recent thing I'm implementing is called EquiHash I believe, it's a memory hard proof of work. I've not actually started it yet but it is next on my to do list. The white paper has quite a bit of math in it, it may end up being one of the most mathematically advanced papers I've implemented but I am thinking I will be able to do it, though maybe this will be the thing that my lack of advanced math knowledge finally fucks me on.
