blog.johlem.net

Why Build Your Own Security Tools When Everything Already Exists

The obvious objection to building your own security tools is that everything already exists. There is a tool for every task, most of them mature, many of them excellent and free. Building your own looks like reinventing wheels — effort spent reproducing what you could simply download. And yet practitioners who build their own tools consistently find it worth it, for reasons that are not about the tool existing or not. Building your own tools encodes your methodology, fits your exact need, deepens your understanding, and gives you something you fully control and trust.

This is the case for building, even when the toolbox is already full.

Reason 1: it encodes your methodology

The deepest value is that a tool you build encodes how you work. Your methodology — the specific sequence of steps, the particular checks you always run, the way you like output structured, the decisions you make in what order — is knowledge that otherwise lives only in your head and has to be re-performed manually every time. Building a tool captures it: your approach becomes executable, repeatable, and consistent.

This is the same leverage as scripting, taken further. A general tool does what its author thought useful; your tool does what you do, in the way you do it. For recurring work — the assessment you run repeatedly, the methodology you apply on every engagement — encoding it as a tool turns hard-won expertise into something that runs the same way every time, frees your attention for judgment, and (for a team) makes your approach shareable and consistent across people. The tool is your methodology made executable.

Reason 2: it fits your exact need

Existing tools are built for the general case; your need is often specific, and the gap between “almost what I need” and “exactly what I need” is where building wins. Security work is endlessly varied, and you constantly hit situations where the available tool does most of what you want but not quite — wrong output format, missing a specific check, not integrating with your other tools, making an assumption that does not hold for your case.

A tool you build fits your exact need because you built it for that need. The composability point from minimalist tooling applies: building a small, focused tool for your specific case, that integrates exactly with your workflow, is often faster and better than bending a general tool to fit. You are not reinventing a wheel; you are building the specific wheel your specific vehicle needs, which the general wheel never quite fit.

Reason 3: it deepens your understanding

Building a tool to do something forces you to understand that something deeply — far more deeply than using someone else’s tool does. To automate a technique, you must understand the technique’s mechanics, its inputs and outputs, its edge cases, what success and failure look like. The act of building is an act of learning, and the understanding it produces is the kind that makes you better at the underlying work, not just at running tools.

This is the antidote to the script-kiddie failure mode. Someone who only runs others’ tools can produce the motions of security work without the understanding; someone who has built a tool to do the thing understands the thing. Building your own tools is, among other things, one of the best ways to genuinely learn — the understanding required to build is the understanding that makes you competent. The tool is valuable; the understanding gained building it is often more valuable.

Reason 4: you control and trust what you built

A tool you built is one you fully control and trust. You know exactly what it does — no hidden behavior, no surprising assumptions, no black box. For security work, where understanding and trusting your tools is part of doing the job correctly, this matters:

This connects to the data-sovereignty and control-boundary thinking that runs through serious security practice: a tool you control is one fewer thing you must trust someone else about.

The honest counter-case

Building is not always right, and a credible argument admits when to just download:

The judgment: build the small, specific, recurring thing that encodes your methodology and fills a real gap; download the mature, complex, general thing. Most of the value of building is in the former.

The takeaway

Building your own security tools is worth it even though everything exists, for reasons orthogonal to existence: it encodes your methodology into something executable and consistent, it fits your exact specific need where general tools almost-but-don’t, it deepens your understanding in the way that separates competence from button-clicking, and it gives you something you fully control and trust. The understanding gained and the methodology encoded are often worth more than the tool itself.

The reframe to carry: build the small specific recurring thing that captures how you work and fills a real gap — not to reinvent mature platforms, but because the tool encodes your methodology, fits your exact need, teaches you deeply, and is yours to control and trust. The toolbox being full is not the question; whether your specific way of working is encoded, understood, and controlled is.


An independent piece by johlem.net — IT security consulting, Luxembourg. Custom security tooling and methodology.