I think learning Computer Security without learning some programming and systems is like majoring in mechanical engineering while trying to avoid physics - it's hard to get a deep level of understanding and you rely on generalizations and abstractions.
How can you truly understand a buffer overflow attack without having some knowledge about pointers? Kudos to taking the time to try to understand as much as you can about your field.
You can't expect to be competent at information security / computer security without being at least decent at programming. There are many different kinds of concentrations, like application security (which could be native code or web apps or both), network security/defense, penetration testing, forensics, etc.
Programming can play a big role in all of those, though. Everyone should have a good fundamental understanding of assembly and C, good knowledge of at least one scripting language, and an ability to write and test web applications. Else you're either doing some really specialized work, or more likely, you're a beginner and/or incompetent.
Absolutely. I think your example puts this more eloquently than my point. Having the deep understanding and background is really critical. Everything else can be added on top and as you go while in the field.
How can you truly understand a buffer overflow attack without having some knowledge about pointers? Kudos to taking the time to try to understand as much as you can about your field.