It's of varying importance depending on what field of security you're talking about, but generally it's the chasm that separates entry-level security folks from the rest.
Using systems administration as an analog, there exists a class of sysadmins who can't write even basic scripts. Their ability to troubleshoot or problem solve are limited to using predefined tools. Whole categories of tasks will be infeasible for them to accomplish (mostly because of the amount of time it would take to do them manually, not necessarily because they are technically impossible).
Lacking the ability to do any programming limits their job prospects to the bottom of the sysadmin barrel. That being said, programming isn't necessarily a prerequisite for their job, it's just a ceiling.
Going back to security, most tasks benefit from the ability to automate some part of them. I come from application security, where that frequently manifests in having to quickly piece together tools for interfacing with a specific protocol or API. Application consulting exacerbates that even more, because you'll usually have to do all of this in a very short amount of time, so that you can spend the allotted assessment time actually doing the assessment, and not trying to get your tools to work with the environment.
Using systems administration as an analog, there exists a class of sysadmins who can't write even basic scripts. Their ability to troubleshoot or problem solve are limited to using predefined tools. Whole categories of tasks will be infeasible for them to accomplish (mostly because of the amount of time it would take to do them manually, not necessarily because they are technically impossible).
Lacking the ability to do any programming limits their job prospects to the bottom of the sysadmin barrel. That being said, programming isn't necessarily a prerequisite for their job, it's just a ceiling.
Going back to security, most tasks benefit from the ability to automate some part of them. I come from application security, where that frequently manifests in having to quickly piece together tools for interfacing with a specific protocol or API. Application consulting exacerbates that even more, because you'll usually have to do all of this in a very short amount of time, so that you can spend the allotted assessment time actually doing the assessment, and not trying to get your tools to work with the environment.