back to article Infosec imposter syndrome is real. Here's something that can help

Imposter syndrome plagues people across all professions — including the cybersecurity industry — and it's not going to get any better until individuals are willing to share their struggles and find tools to help overcome these feelings of inadequacy.  Vicky Ray, director of Palo Alto Networks' Unit 42 cyber consulting and …

  1. cornetman Silver badge

    I should perhaps point out that sheer humility and feelings of inadequacy can sound very similar.

    I don't doubt that some people clever people suffer from genuine Imposter Syndrome, but just because someone admits that they don't feel up to the job doesn't mean that they aren't being humble or even that they aren't genuinely correct in their being incompetent.

    1. Pascal Monett Silver badge

      Somehow, I doubt that someone truly incompetent worries too much about being incompetent.

      He's incompetent, so he doesn't know how incompetent he is.

      To actually worry about being incompetent, I think you have to have a pretty good idea of what you should be competent at.

      1. cornetman Silver badge

        I wouldn't confuse incompetence with stupidity.

        Certainly a stupid person can be incompetent, but an incompetent person isn't necessarily stupid.

  2. claimed Bronze badge

    Hunger is essential

    To feel satisfied is to die.

    That is all I have to say on this topic (…for the moment, later I will no longer be satisfied with this comment)

    1. Spazturtle Silver badge

      Re: Hunger is essential

      "later I will no longer be satisfied with this comment"

      And quite rightly so, since you forgot to put a full stop at the end.

  3. cantankerous swineherd

    seems to me that imposter syndrome is a valid response, since secure computing is an impossible goal, certainly so far as the internet is concerned.

  4. Greybearded old scrote Silver badge


    In my case I can't see any spot where all four even can overlap.

    As David Graeber pointed out, the most useful jobs are frequently the worst paid. What, you want money as well?

    In my current $WORK, I'm coding tools for 'people herders' to carry out marketing. (Is that two or three corners on the Bullshit Bingo Card?) What can I say, I'm a code whore.

  5. Greybearded old scrote Silver badge

    Second thoughts

    I'm wondering how ikigai can actually help. If the set of things I'm paid for doesn't overlap properly with the set of what I'm good at, how does drawing the venn diagram convince me otherwise?

    Did I miss something?

  6. Anonymous Coward
    Anonymous Coward

    yup, I may be in that group

    I totally recognize myself in these descriptions. I had been actively involved in the Swiss (Switzerland) infosec scene for a bit more than 10 years, I used to present at international conferences (talks, trainings and workshops) quite regularly. I also held local chapters for security associations. Although I always had very good feedbacks from my work, every instance of public work felt incredibly difficult and demanding to me, and pubic speaking was utterly stressful. I always felt my message was mediocre, and my content too basic in comparison to other professionals.

    At the time EDRs were becoming a thing, the scene shifted to focus almost exclusively on exploit/detect/respond/recover. Protect and identify were (and are still) my passion, I was still eating threat modeling, architecture risk assessments, secure systems engineering/design, privacy engineering, etc. for breakfast, but I always got this feeling that both organizations and the community would rather invest their time and money in detect/respond and consider my message useless or insufficient. I started rejecting invitations to speak at events, I regularly reject freelance work because I convinced myself that I'd not deliver good enough quality.

    Ten years forward, I'm not on the podium talking anymore, I'm in the dark corner of the conference arena or the meeting room, listening to my professional peers and colleagues. I very often feel I'm being shown mediocre work, lacking causality from all parts, but I just tell myself "don't jump into conclusions, you probably missed something they know better than you, it's not your fight and not your data."

    Today? I moved from my 60-hourweek poorly paid consulting position to the security products wagon. I joined an editor, my top sellers keep making baseless and clueless promises to our customers but these don't care and keep throwing enormous amounts of cash at our face. I find this utterly indecent, sad, and frustrating, but hey: I get paid a fantastic salary, I support my family well, I don't have to think twice before purchasing anything, my manager is fond of me, and most of my time is spent assessing whether an alert is relevant or not.

    I know deep inside I could have done brilliant things, but something happened that just shut me off and since that day, I feel like a professional failure. Not later than today, a conference host asked me if I wanted to say things at a keynote. I refused. I would never ask myself to speak at a keynote, I can't fathom what could ai say that risks would be interesting to an audience of 2000 security professionals who paid their seat

    I can't tell if this is impostor syndrome or I'm a just being an arrogant jerk. But hey, as long as you install X and I get paid to manage your alerts, I get to travel business class in many beautiful places and put money aside for my two sons.

    Can I complain?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like