Imposter Syndrome In Cyber Security
Photo by Bermix Studio on Unsplash
Have you ever felt like you didn’t stack up against your peers? Looked at a job posting you should be qualified for and still felt inadequate? Doubting your abilities? Questioning if you really belong or deserve the position you hold? All these things are perfectly normal as you go through your career and are varied examples of imposter syndrome.
New Hires and Imposter Syndrome
As a new security analyst five years ago I was very overwhelmed. My undergrad degree was in Electrical and Computer Engineering. I had a limited understanding of cyber security and a very narrow view from my limited experience in the industry. It took me two tries to pass the Security+ exam and I was struggling with concepts in my masters program because of my lack of experience in the industry. Security+ is considered an entry level certification, but for anyone new to cybersecurity it can be a daunting certification.
I was in a learning phase and did not have a high level of expectation or responsibility in my entry level role. I didn’t experience imposter syndrome because I wasn’t afraid to make mistakes or ask questions. My only goal was to prove to my employer they made the right choice hiring me and continue learning to add value to my team. I think many new cyber security hires can relate to this feeling. I didn’t begin experiencing imposter syndrome until I had a few years of experience.
Imposter Syndrome Taking a New Role
After a few years, I completed a master’s degree in Information Security and Assurance and found a new role with my company. I was interviewed and began the transition to a new team. This was the first time I truly began experiencing imposter syndrome. By this point in my career, I had a few certifications (Security+, CEH, GIAC GSEC) and a Master’s Degree in Information Security. I had been in the industry for three years and was moving to a new environment. I found myself questioning my abilities, comparing my skills to those required in the job requirements, and wondering how I would compare to the rest of my new team. On paper I looked like a good candidate, but was I really? Was I overselling my skills? Was I ready for this new position? Did my certifications or degree actually mean anything or was I just lucky?
Sign of Personal Growth
Having changed roles a few times since then, I can say -at least for myself- the feeling of self-doubt is there every time and does not get easier as you gain experience. If anything it grows as you gain more credentials. This feeling is an important factor in self growth. Moving to a new position should come with new responsibilities, toolsets, and focus. New things always bring a mixture of fear, doubt, and anxiety. These are all part of growing, like the first time you rode a bicycle or drove a car. These negative feelings come with positive feelings as well.
Transitioning to a new team or new company gives you the opportunity to learn from other people. This will help develop you into a well rounded security specialist and let you explore what works best for you (what do you want to do in the industry? What management/leadership styles work for you? What are your favorite analytical tools?). A new position should challenge you. Taking on new opportunities is how you grow and develop both personally and professionally. Feelings of doubt are normal in these circumstances and should be embraced as you take on roles outside of your comfort zone.
Dealing with Imposter Syndrome
Since imposter syndrome is normal, how do you deal with it? My personal experiences show feelings of self doubt in the industry are common. Cyber security covers a broad range of topics and skill sets. No one can expect to be a master of everything. Experts in the field may spend an entire career dedicated to one small subset or topic of security. The important thing is not letting these doubts overcome you and prevent you from pursuing what you want for a career. It is a fine line between being confident and overconfident in security, but you have to believe in yourself and your abilities.
Many of the world’s greatest athletes approach each race/game/tournament as a challenge against themselves instead of their opponents.
I think the same thought process can be applied to cyber security. You do not have to compete with anyone. If you are pushing yourself to be better every day, that is the best you can do. Recognizing you cannot possibly know everything, but improving your weaknesses goes a long way.
It is also important to take credit for your achievements. If your employer gives you a reward or praise for your work, take that at face value. You completed the Security+ exam or finished a SANS certification. You may not be an expert in that discipline , but you are more knowledgeable than you were the day before. Certifications coupled with experience in the industry will help build your resume and show your desire to learn and grow.
Key Points
Your career in cyber security is not a linear journey. Every person I have spoken to entered cyber security through a different path. Some come from entirely different fields (ranging from psychology to engineering). Others have formal college degrees and some are entirely self taught. No one’s path will be quite the same and everyone brings different experiences with them that add value to their team. Below are additional thoughts to consider as you work through your career and deal with your own versions of imposter syndrome:
Never downplay the role you fill in your organization. A help desk technician and a Chief Information Security Officer (CISO) may not carry the same duties and responsibilities, but both play a critical role in an organization.
Acknowledge your accomplishments, but keep an open mind that you can learn from anyone you meet (being close minded or bringing a “this is the way we have always done this” attitude is usually the wrong answer).
Approach new positions as a learning opportunity and identify ways you can use your unique skill sets to add value to the team.
Network with everyone you meet. Every new job opportunity will give you exposure to more people with varied backgrounds. Get to know them and learn from them. Finding mentors in cyber security is so important.
Conclusion
Acknowledge that feelings of self-doubt are normal, but do not let them stop you from taking a new role, presenting on your work, or speaking up during a meeting. You are not going through this alone ,chances are other people in your organization are experiencing the same thing. Find good mentors who are doing what you want to do. Speak with them about how they have handled similar situations in the past. Continue learning and approach every situation as a way to grow. Add some of your own techniques for overcoming imposter syndrome in the comments.
Everyone experiences imposter syndrome and finds their own ways of handling it. I hope some of my experiences and tips help you.
