Cybersecurity: a Formidable Contender

Cybersecurity is a uniquely challenging sector of Information Technology that requires an intimate understanding of numerous other specializations of the IT space, including networking, software engineering, architecture, cryptography, cloud computing, databases, etc. This is because all these vital branches of IT are also wholly capable of being vulnerable to loss of Confidentiality, Integrity, and Availability.

It is also unique in its rate of change – every day, the cybersecurity field is blasted with new concepts, defense measures, vulnerabilities, tools, and practices; all requiring the attention of internal security teams throughout the world.

Here are some staggering examples: in 2021, there were over 50 new CVE (Common Vulnerabilities and Exposures) entries released per day. As of late June 1st, 2022, there are over 177,000 CVE entries in the MITRE CVE records list. Additionally, as of this year, an estimated 560,000 new pieces of malware are detected per day.

That’s 204,400,000 new pieces of malware being detected per year!

The cybersecurity space is also experiencing a dramatic elevation to becoming an indispensable part of an organization’s business function, especially when considering the meteoric rise of cybercrime since the onset of the pandemic. For example, the FBI has reported a 300%+ increase in Cyber Crime since the COVID-19 Pandemic began.

Imposter Syndrome

As a consequence of cybersecurity’s uniquely challenging high level of complexity, high rate of change, and high rate of growth, it has an increased propensity to induce imposter syndrome among its community of security professionals.

This is worth attacking head-on.

Commonly, imposter syndrome is indicative of a good character attribute – intellectual humility – that became corrupted, run-a-muck, and morphed into intellectual insecurity. With a little calibration and hard work, imposter syndrome can be corrected and transformed back from the procedural and developmental burden that it is.

Calibrate and Hard Work

1. Understand that impostor syndrome is common among all your peers.

Imposter syndrome comes for us all – especially when there’s a perceived vertical ascension to a new role. It is also common among those who are new to an industry of high complexity, like cybersecurity.

Know this: you are more than likely not the only person among your peers (or even your supervisors) that feel or have felt this way to some degree.

2. Have a sure-fire understanding that your imposter syndrome does not reflect your competency

To successfully combat imposter syndrome, some psychological housekeeping is in order – one must understand that their imposter syndrome is independent from their competency. In other words, your perception of yourself being unfit doesn’t necessarily mean you are actually unfit. It is entirely possible that you are fully competent and capable to do this work, but due to some circumstances, you are unable to accurately assess your capabilities.

3. Intentionally seek out tasks that exceed your current domain of understanding.

A side-effect of imposter syndrome is the propensity to cling to tasks within one’s domain of strength and comfort – to limit one’s tasks & projects that help cultivate a sense of control and ease. Unfortunately, doing this doesn’t help the issue fundamentally: even though the comfortable tasks can be completed at a high level and with tactical excellence, the imposter syndrome still exists within that confined domain that you keep yourself within.
Seek opportunities that require research to perform – these tasks are in no shortage within this industry either. By completing these tasks, you expand what you are verifiably capable of. By intentionally decreasing your operational comfort, you begin to increase your operational capabilities.

4. Make a list of your technical “knows”– make sure to date this list.

Be honest and fair with yourself – often, people with imposter syndrome would have no issue filling up a “don’t knows” portion of the list, but have trouble compiling a list of what they do know; namely because they know more than they are willing to give themselves credit for.

What are your “knows”? These are things you know – not exhaustively, not in entirety – just things that are known by you. For example: “Windows Event ID’s”. Do I need to know every conceivable EventID by heart or need to know when EventID’s were created by Microsoft to include this in the “knows” list? No – I simply need to know about Windows Event ID’s to a practical degree.

Use previous tasks, projects, daily work, or just organic knowledge to assist you with creating this list. Be as granular as you’d like – but just follow the most important rule: Be honest and fair with yourself.

After some time (can be determined or serendipitous), go back and review this list. Providing you were diligent and employed a meritorious work ethic, you will find that you are able to expand on this list with ease. This confirms that not only are you more knowledgeable than you were prior but that you are indeed capable of rising to higher domains.

5. Seek out certifiable knowledge sources and curriculums

Involuntary-self-proclaimed imposters tend to have trouble validating their information intake and retention. In other words, although they might competently have the knowledge and capabilities necessary in a given scenario, they may benefit from an extra validating source to proceed with confidence. Because of this, leveraging the abundance of esteemed cybersecurity-specific certification programs can serve as a great remedy to imposter syndrome. All at once, this accomplishes a few things upon completion: you walk away with literal and certified confirmation of your knowledge, you expand your overall capabilities and expertise, and fortify the information you already had – all in a corroborated and certifiable fashion. Along with other major benefits, certifications can serve as a validation to oneself that they are indeed not an imposter in their space.

6. Adopt a better epistemological standard

You are not required to know everything, nor can you know everything – This truth, if adopted to its fullness, can pull one right out of their imposter syndrome. Although you will have some answers readily accessible, the standard should not be that one is required to have every answer readily accessible – especially in a fast-changing science like cybersecurity. Don’t bind yourself to the impossible standard of knowing everything – be confident in your ability to find the answer.

Conclusion

Imposter syndrome is no help to anyone. It serves as a speed bump in an industry that runs like a highway. Considering this, it is worth the effort to self-assess, strategize, and strive against it.

By taking these six steps and investing in yourself, there is a lower chance of continuing that mindset and becoming an even better cybersecurity analyst.

At CyberMaxx, we’re fully aware of this syndrome and encourage our analysts to take on more responsibility, have access to the training they’re desiring to grow, and encourage open lines of communication in order to make the team stronger.

Impose syndrome is a regular occurrence for most individuals, but it doesn’t have to be a permanent one.