What is Imposter Syndrome?
An actual definition of it:- Impostor syndrome (also known as impostor phenomenon or fraud syndrome or the fake experience) is basically the feeling of not belonging or the worry of being found out that you don't know what you're doing. These feelings make sense for those of you who are undercover spies or folks who sell snake oil. Mostly for everyone else though it's irrational fear and not needed!
This post takes a tangent from the common agenda of tutorials and write-ups, a lot of my posts are surrounding how to get into the industry, what to look at and how to up your game in some areas. However, besides all the learning paths, one thing that I have heard a lot from folks breaking into the industry and folks already working in it is; Do I really belong here?
Asking the Questions
Throughout today I've spoken to a lot of people and asked the question what makes them feel the way about being a fraud in different situations. A standard answer is that people know more than you & that you might feel inferior based on your knowledge of that particular subject matter. Or the inverse where you feel that way but the other person is in the exact same situation, think of the graphic below as where you stand in reality.
You're not Alone
At some point or another EVERYONE has felt a fraud in some situation even if they don't want to admit it. It is a case of understanding that you're not alone in your feelings, and if you can recognise it, then it's the first stage of making things better.
I find quoting folks a bit cliche however the quote from Einstein radiates the truth that everyone feels the same way at some point or another. Actually working on this post has been a bit of an imposter syndrome experience, like imposter-ception, feeling like a fraud, writing about feeling like a fraud.
Working in infosec/pentesting/hacking/security, you will likely encounter a lot of individuals who feel the same way but rarely let on that they do. Recently I sat an exam and the others sitting the exam were, like me very nervous (even though they'd sat it before and passed); this got me thinking. How many individuals does imposter syndrome actually affect? And, how can we collectively as an industry work to change that?
Do you ever sit on a test or in a meeting with clients and just think, "one of these days I'm going to be found out I know nothing!", yeah? Me too and many other folks do too. It's not just exclusive to infosec either, I have many friends who are in other industries who have been doing what they do for twenty plus years who feel the same way.
Overcoming the Fear
The first step forward that you can take is to understand that you know your stuff. No matter how long you've been doing it. Whether you're just starting out or have been working for twenty years, if you were really a fraud would you have gotten this far without losing the rag?
Coming to terms with yourself; rationalising that you do know actually know subject matters no matter how much doubt there is, it might not be everything about a topic, however, think of every day as a school day, there will be peaks, and there will be troughs in your learning path.
How the Industry Can Help
As an industry and in general I think the best way to go about helping is to recognise and praise folks where praise is due. Don't be afraid to tell someone that they're doing well or that you appreciate the work they're doing in a particular area. Not everyone knows that they're great, or even believes that what they do is making a difference/helping others.
We're human after all, and no matter the subject matter; it doesn't need to be security, this applies to everything and anything ask questions, keep learning. Help others where you can and just be genuine about things, try to be honest when you don't know.
Remember it's all in your head, believe in yourself. Treat Every Day as a school day, an opportunity to learn something new or an opportunity to pass on knowledge. Be yourself, don't compare yourself to others, accept that being wrong doesn't make you a fake or a fraud it is human nature; we can't be right all the time(no matter how hard we want to be!).
Subscribe to Adventures In Information Security
Get the latest posts delivered right to your inbox