yup, I may be in that group
I totally recognize myself in these descriptions. I had been actively involved in the Swiss (Switzerland) infosec scene for a bit more than 10 years, I used to present at international conferences (talks, trainings and workshops) quite regularly. I also held local chapters for security associations. Although I always had very good feedbacks from my work, every instance of public work felt incredibly difficult and demanding to me, and pubic speaking was utterly stressful. I always felt my message was mediocre, and my content too basic in comparison to other professionals.
At the time EDRs were becoming a thing, the scene shifted to focus almost exclusively on exploit/detect/respond/recover. Protect and identify were (and are still) my passion, I was still eating threat modeling, architecture risk assessments, secure systems engineering/design, privacy engineering, etc. for breakfast, but I always got this feeling that both organizations and the community would rather invest their time and money in detect/respond and consider my message useless or insufficient. I started rejecting invitations to speak at events, I regularly reject freelance work because I convinced myself that I'd not deliver good enough quality.
Ten years forward, I'm not on the podium talking anymore, I'm in the dark corner of the conference arena or the meeting room, listening to my professional peers and colleagues. I very often feel I'm being shown mediocre work, lacking causality from all parts, but I just tell myself "don't jump into conclusions, you probably missed something they know better than you, it's not your fight and not your data."
Today? I moved from my 60-hourweek poorly paid consulting position to the security products wagon. I joined an editor, my top sellers keep making baseless and clueless promises to our customers but these don't care and keep throwing enormous amounts of cash at our face. I find this utterly indecent, sad, and frustrating, but hey: I get paid a fantastic salary, I support my family well, I don't have to think twice before purchasing anything, my manager is fond of me, and most of my time is spent assessing whether an alert is relevant or not.
I know deep inside I could have done brilliant things, but something happened that just shut me off and since that day, I feel like a professional failure. Not later than today, a conference host asked me if I wanted to say things at a keynote. I refused. I would never ask myself to speak at a keynote, I can't fathom what could ai say that risks would be interesting to an audience of 2000 security professionals who paid their seat
I can't tell if this is impostor syndrome or I'm a just being an arrogant jerk. But hey, as long as you install X and I get paid to manage your alerts, I get to travel business class in many beautiful places and put money aside for my two sons.
Can I complain?