You’re going for an important meeting and think — “I’m not good enough!”

You’re going to speak on stage and say to yourself — “What if I get caught out?”

You’re having a discussion with a peer group and have this feeling — “I don’t belong here!”

Imposter Syndrome is a feeling that one may have when they undermine their success and doubt their own abilities and accomplishments.

As per English dictionary —

Imposter Syndrome

im·post·er syn·drome [ im-pos-ter sin-drohm ]

anxiety or self-doubt that results from persistently undervaluing one’s competence and active role in achieving success, while falsely attributing one’s accomplishments to luck or other external forces.

A person having these feelings persistently fears of being exposed as a ‘fraud’.

Imposter syndrome can kick in at any time during your career. Even though others may perceive you to be successful and a high achiever, the feeling is only internal to you and no one from the outside can see or feel the same way you do from the inside.

The first time you hear about imposter syndrome, it feels like we are talking about some form of a disease or an illness, at least this is what I thought when I had heard about it for the first time. However, the reality is far from it, and it is not a disease or an illness in any form or shape.

How Imposter Syndrome may impact Security Professionals?

Technology moves at a fast pace and the cybersecurity field is evolving at an even faster rate. This may pose challenges for security professionals in many ways, including —

• Cybersecurity field is vast and therefore it may not be possible for anyone to learn or know everything. There may be people with different skill sets at different levels, however, this may wrongly give someone the impression that others know more than what they do.

• The evolution of new threats and countermeasures can overwhelm security professionals and they may feel that they can’t keep up and start to feel left behind.

• The more you grow in your career, the more you learn about different aspects of cybersecurity. While the breadth of your knowledge grows, it might be difficult to gain an in-depth understanding of everything you do or know, potentially resulting in you believing that you’re not good enough in any of these areas anymore.

• Due to cybersecurity skills shortage, security professionals working in the field may sometimes have to take on extra job responsibilities, resulting in knowledge gaps in areas they may not have worked on before, and this might become overwhelming at times for some people.

• It is common understanding that attackers have to get it right only once to conduct a successful attack, whereas the cybersecurity professionals defending systems and organisations have to get it right 100% of the time. This results in them believing that they need to know it all or else they are not doing their job properly.

All these factors may negatively impact on how cybersecurity professionals see themselves in comparison to others in the field. Sometimes, they may wrongly assume that everyone else knows more than what they do, whereas, in reality, everyone else is most likely in a similar situation as them.

Imposter Syndrome — Imagination vs Reality

Having self-doubt in your abilities and accomplishments can be quite draining and may result in stress and anxiety. This may even result in a burnout if you try to learn it all by yourself and try to be an expert at everything you do in cybersecurity.

I’ve been working in the industry for almost two decades and have learnt a lot over the years, and still feel that there is so much more that I do not know. Not knowing what I do not know should not undermine what I have learnt and accomplished over all these years.

Steps You Can Take to Combat Imposter Syndrome

In hindsight, Imposter Syndrome if taken positively, may help improve your situational awareness and to act as a catalyst to identify opportunities for further professional development.

Understand your strengths and weaknesses. Know your limitations.

Understand your technical strengths and weaknesses based on your previous career history. Understand your career goals, and the expectations from your current role and job responsibilities. Based on this, channelise your energy to improve on areas that align with your short and long-term career goals and job responsibilities.

In cybersecurity, you will always find that someone else is more knowledgeable than you on a particular subject. This is perfectly fine, since they may have different experience than you, and one thing to remember is that no one knows it all. That should not even be the goal since this is only going to result in a burnout. This also helps you to appreciate the accomplishments of other people.

Understand your limitations and accept these, in which case, it might not feel like you will get caught out, since you have already acknowledged and accepted your limitations. Understand who you might reach out to in your peer group for help on subjects that are not aligned with your own core skill sets.

Being mindful will help you to be aware of and to adjust to your surroundings

Someone once told me that you can compare imposter syndrome to ‘jet lag’. This is only a temporary condition while you’re still trying to adjust to your new surroundings.

You may sometimes have these feelings when you’re starting a new job, attending a new seminar or a conference, or interacting with a new peer group for the first time. It is obvious to feel out of place in the beginning. However, take this as an opportunity to understand your new surroundings, identify learning opportunities, and areas for further improvement, which in turn, helps you with your career progression and to become a better security professional.

At the same time, you need to be mindful not to become too complacent once you have adjusted to your new surroundings and not to fall in a ‘know-it-all’ trap and stop learning, which leads us to our next point.

Develop a continuous and focused learning programme

Sometimes, it may feel that the more you learn, the more you find that you know very little. However, use this to your advantage and have a continuous and focused learning programme in place. If you know how much you know and where the gaps are in your knowledge, you can work towards filling those gaps and be more confident about yourself.

The quickest way to shorten your career in cybersecurity is to become complacent and stop learning, and therefore, avoid being in this situation. At the same time, make sure that you don’t get overwhelmed and keep a fine balance between your learning and other work and personal commitments.

Active participation and positive contributions in your profession

Go out of your comfort zone. Easier said than done, however, taking small steps in areas, such as, reading, writing, active participation in peer group discussions, speaking in front of small and familiar group of audience, or participating in a mentorship program (acting as a mentor or a mentee) will help you overcome your negative feelings. You can start small and grow as you feel more confident over a period.

I have recently started writing on Medium and this has helped me improve my understanding of the topics I write about and to identify gaps in my knowledge, which I then go away and research before I write about these.

I have also started a mentorship programme on LinkedIn where I mentor people who are looking to start a career in cybersecurity. This helps me to impart my skills and knowledge to make a positive contribution to the profession and to make a positive difference in someone else’s life, while at the same time, helping me identify gaps in my knowledge and to improve on my own skill sets.

In a nutshell, imposter syndrome may not always be as bad as you might think. Being mindful may prove it to be a blessing in disguise to help you with your professional development.