The imposter inside me

Last Update: Jan 09, 2022

Imposter Syndrome is defined by Wikipedia as an inability to internalize accomplishment, whereby individuals afflicted with it live in constant fear of being exposed as fraud’s.

I became aware of Imposter Syndrome when, in 2015 a close friend directed me to this post written by Scott Roberts. Upon reading it I immediately identified with the article and began to draw parallels with my own feelings that I have struggled with throughout my career.

The truth, you see, is that for as long as I can remember I have felt like a fraud masquerading as an information security professional. I have lived with the constant perceived threat that at any moment I would be discovered and my deception would be exposed; my incompetence laid bare for all to see.

This is imposter syndrome at its core; success is attributed to external factors such as luck and timing, while failure is internalized and seen as a result of self imperfections and flaws.

These feelings are particularly compounded in Infosec. Infosec is a profession that requires both broad and deep technical knowledge, allowing individuals to specialise in a multitude of disciplines including, but not limited to DFIR, penetration testing, reverse engineering etc. One need only look to conferences like BlackHat and Defcon and the calibre of speakers and talks to gain an appreciation of the level of skill in the community… and when viewing the technical prowess on display at these confererences I felt woefully lacking in comparison and found myself questioning what right I had to claim to be a part of the community.

Sadly, gaining an understanding of Imposter Syndrome does nothing to negate the feelings associated with it, but examining these feelings a little deeper I was reminded of a conversation I once had around the Dunning-Kruger effect. In essence, Dunning-Kruger states that:

  • Low skill individuals typically believe they are of a higher skill level than they actually are.

  • High skill individuals typically believe they are of a lower skill level than they actually are - primarily because they understand that they still have so much to learn.

The diagram below beautifully illustrates this:

../_images/the_curve.jpg

A big part of my feelings of inadequacy stem from what I’ve always perceived as the inferior path I took getting into InfoSec. I was fortunate enough to be involved around the birth of the Internet and had many friends involved in the hacking scene. While I focused on system administration and strived to gain a deeper technical understanding of systems and implement practical security measures in terms of that role, many of them instead focused on developing exploits and breaking systems; a role that I perceived as that of a true security professional.

Over the years I have invested a lot of effort into improving my overall knowledge and skill levels in an effort to increase my skills and mitigate my poor strategic start in Infosec, investing time into learning and practicing information security principles as both a defender and an attacker and I continue to work towards attaining greater levels of understanding in all aspects of computing and security.

Yet I still cannot shake the self-belief that I am less than others in my field.

A couple of days ago, Jeff Rotenberger posted this on Twitter:

../_images/success_in_infosec.png

I read this tweet. Then I read it again. And again.

It is of course absurd that success can only be achieved by following a set formula. Jeff is 100% right of course, and that’s the most devastating thing about Imposter Syndrome; knowing the truth, logically understanding and accepting it does nothing to silence the inner sceptic.

Then, today, I came across this talk by Micah Hoffman where he describes his own experiences with Imposter Syndrome. Watching the talk helped to further reinforce that many people feel the same way and I felt encouraged and empowered to share my own story and experiences. In the talk Micah also mentions another talk by Nickolas Means, which I would also highly recommend watching.

In this talk, Nickolas specifically mentions that while Imposter Syndrome is not something one can ever get rid of, he endevours to be a high functioning imposter, a concept which I really admire and something I will continue to work on in the months ahead.

One thing that does provide me some comfort is that regardless of who you are and how much you know, we all have something to learn. It is important to continue to grow as an individual and to never give up on the pursuit of knowledge.

../_images/true_wisdom.png

I wrote this post because I know others who struggle with the same feelings that I do. I look at them and I want them to know that they’re not alone and that I have only the deepest of respect for them and their skills.

We need to stop comparing ourselves to others and instead focus on constantly improving ourselves. We need to realise that we all have strengths and weaknesses. My strength in one discipline may be another persons weakness and as such we all hold value and worth.

I don’t know if I will always feel like an imposter but at least I know I am not alone. My hope is that this article will help someone, just as the resources I’ve linked throughout this article have helped me.

If you’re interested in more information (and some great talks) on this topic, make sure you check out: