Impostor syndrome is real, here’s what I’ve learned about it
During the summer of 2019, I participated in an internship that was the most educational work experience of my collegiate career. I learned all kinds of useful skills and techniques from Splunk and threat hunting, to how to be productive while working from home. However, there was one lesson I learned during my very first week that’s stayed in the back of my mind as an integral part of my experience.
In my first week, I visited the offices of my new employer to meet people, get gear, and go through the onboarding process. Since it was a small company and I was the first intern, everyone was curious to see how this would turn out. Amd though it was exciting to finally be able to see the real-world applications of what I had been learning in the classroom, beneath the excitement, I felt a lot of pressure to prove myself and justify them hiring me as their first intern.
As the week progressed, I started to realize that I didn't feel fully prepared. Though I was comfortable with the concepts of cybersecurity on an academic level after a few years of learning it in school, something felt off. I felt as if I didn’t belong there, or like there were more intelligent and qualified people that should have gotten the opportunity I had gotten. I felt guilty about being there, and like I was destined to disappoint.
Impostor Syndrome
What I was dealing with is called impostor syndrome. If you spend any amount of time talking to people in infosec, you’re likely to come across someone that’s willing to admit they’ve been in the same boat as I was that summer.
Impostor syndrome is the false belief that you’re a fraud, and it’s a matter of time until you’re found out and given the boot. You might feel guilty like I did, anxious, or a number of other feelings.
In my experience, this is generally temporary, but it can last for years if left unchecked. I’ve gone through similar waves of doubting my ability more recently, especially as I take on projects at work and continue work on my YouTube channel. Sometimes I feel the further along I make it in this industry, the more evidence can be used against me to prove that I should never have made it that far.
Constantly having these thoughts run through your mind is stressful, and that anxiety can do one of two things: it can compound and destroy you, or it can be used as fuel. That stress can also be the reason a lot of people feel intimidated and choose not to get into infosec (or any other difficult field, for that matter). Despite their accomplishments and intelligence, they count themselves out before they even have a chance to prove themselves in the professional space
Impostor syndrome is a brutal thing that, I believe, isn’t talked about enough. I’ve seen some cybersecurity pros talk about it on Twitter, but it’s definitely not a topic that’s mainstream within cybersecurity circles.
The fact is, there’s only so much time in the day, and there are so many challenges in the cybersecurity field that it’s hard to actually make room for this issue. That said, I hope I’m making at least some room right now, by sharing my experience and starting the conversation.
Impostor Syndrome Snowball Effect
Like I mentioned earlier, there are two big ways that the anxiety brought about by impostor syndrome can be handled. The first would be the anxiety compounding and destroying you.
Obviously, I don’t mean literally, but it can kill career ambitions, curiosity, and excitement, among other things. Impostor syndrome, when not dealt with, can create a feedback loop where you’re constantly reminding yourself that you don’t belong, you don’t fit in, nobody believes what you say, and nothing you do will matter.
These are all lies.
Cybersecurity (and IT in general) can be pretty hard at times. You aren’t alone in thinking that. Sure, some people might appear to be having an easier time than you, but they have their own struggles that they are dealing with as well. When it seems like someone is breezing through something that frustrates you, consider that they might’ve specialized in that particular topic or they’ve been around longer, and that’s why they’re having an “easier time”; they already went through the learning process that you are experiencing.
I had to learn that I don’t know everyone’s backstory, so if someone is flying through a problem I was struggling with, they probably already put in the work of studying and learning how that problem works and how to remediate it.
This stuff takes work, practice, and time.
When I got started, I had to really grind my way through some classes and subjects that were fundamental to how computers work. They were difficult! I’m not a natural math guy, I’m more of a politics and history guy, so I felt incredibly out of place in one particularly tough math class with a bunch of people who seemed to be digesting this crazy information much better than I could.
In this class, I felt like I didn’t belong in there or even the cybersecurity degree program. My professor spent so much time yelling at us for not asking questions, then when someone would ask a question, she would respond with “that’s a dumb question, we already covered it.”
To add insult to injury, I got a D on my midterm. Ouch. The weight of that felt like enough to end my cybersecurity career before it even started.
The amount of information that is thrown at a cybersecurity newbie is intimidating, and it is a big reason why a lot of people don’t see cybersecurity as a viable career path for themselves; it simply seems too hard.
Impostor Syndrome is Fuel
The second way to deal with impostor syndrome is to use it as your new source of motivation. I felt out of place and fraudulent both in my math class and at the start of my internship. I wanted to hang my head, pack up, and go home. Instead, I chose to let these experiences energize me and learn everything that I was expected to know.
Instead of surrendering and walking away from that math class, I asked to meet with my professor outside of class to get help, and turns out she was completely willing to help me and a few other students having trouble. After putting in time and work, I ended up finishing the semester with a 90% in the class.
With my internship, instead of counting myself out the second that I felt ill-equipped, I spent a lot of time reading and catching up on concepts that I needed to know, but wasn’t yet taught. I learned about threat hunting, how Splunk worked, and how to use the Splunk Processing Language to create helpful dashboards. I learned a ton during that internship, and it was all real-world material that I’ve built on since.
How am I doing now? I’m in the exact same cycle as before.
I still deal with impostor syndrome. I can point to a couple of times recently, once at work and once while working on my YouTube channel, where I felt like I should just cut my losses and take off.
I said it at the beginning; cybersecurity is hard. I’ve been learning more and more every single day since I decided to jump into this field. It’s given me a ton of headaches and frustration, but along the way, I’ve acquired so much and I feel like I can finally keep up in more advanced conversations.
This feeling has become fuel to me. Each time I’ve had the negative thoughts and frustrations surface, I ultimately end up choosing to learn something invigorating that puts it all at ease.
It has also helped to know that other cybersecurity professionals out there deal with this, too. I’m not alone in feeling like an impostor, there are a ton of studies on impostor syndrome being a huge issue in the cybersecurity world.
We’ve created a cultural image of hackers and cybersecurity professionals as being inherently gifted people that know how computers work because their personality is that of a computer. We forget that, in reality, even the most gifted professionals are human beings, and they struggle with human things.
Heck, Elliot Alderson dealt with some level of impostor syndrome, and he hacked E-Corp!
How we choose to deal with impostor syndrome can vary, but what matters most is that we are able to diagnose it and talk about it openly. Maybe in writing this article about my battle with impostor syndrome, I can help someone reading this.
Besides, even if I am an impostor, I want to make sure I’m a damn good one.
If you enjoyed this breakdown, consider checking me out on YouTube and Twitter. I post cybersecurity content on YouTube every week and would love to get to know you more on Twitter.
