When we (Rookie and Mark) sit down and go into one of those self-reflective modes, we often talk about things we wish we knew and so we figured it’d be a good idea to share some of those things. Hopefully maybe one person learns from our failings :) So, without further ado, this is the first post in the series of “Things I wish I Knew”.
One thing, I (Mark) personally wish I knew about was imposter syndrome, which according to Wikipedia is:
a psychological pattern in which one doubts one's accomplishments and has a persistent internalized fear of being exposed as a "fraud"
From exams in school to sports competitions, each house move, big “stretch” projects, every new role and becoming a parent, I’ve always had the feeling that I’m not good enough. This typically results in me striving to prove myself constantly, which typically works out well but when it doesn’t, it causes:
- me to burnout
- colleagues or friends to become frustrated as I may not be giving them enough space to grow and develop
You will find many examples with a simple search on the Internet:
- Impostor Syndrome leaves most tech workers feeling like a fake
- How often do those in InfoSec feel Imposter Syndrome (Twitter Poll)
- Impostor syndrome, burnout and the challenges of a career in security
- Imposter syndrome a real roadblock for cybersecurity
So why talk about this subject now?
On a series of recent 1-1s with more junior Rioters, I realised that being open about having “imposter syndrome” was incredibly beneficial. I have always tried to ensure that I have transparent and honest relationships with my reports, and knew many have imposter syndrome to varying degrees, however, Covid has emphasised how important it is to share my own vulnerabilities. For example, I was recently told that given I lead Security @ Riot, have a family and own a house in LA, I obviously have “my shit together”, lol :p After I picked myself up off the floor, I indicated that that wasn’t true and I explained some examples where I experienced “imposter syndrome” such as:
- every day when I was sitting in my class in university surrounded by many people who were considerably smarter
- asking my (now-) wife out
- becoming a manager
- actually every job move or promotion putting me out of my comfort zone
- it took me 12 years to get my first pure InfoSec role (<3 Rito)
- I often thought I wasn’t “l33t” enough or didn’t have a sufficient “offensive” skillset
- moving to the US (fairly terrifying and took a long time to adjust)
- buying a house
- and right now, I feel I work with people much smarter than me or when I’m collaborating with folk well outside of my SME (which to be honest, as a security person, can be quite a lot given how broad our problem space is).
As soon as I empathised and explained to my colleague that he/she was not alone in these feelings, there has nearly always been visible relief and relaxation. It’s important to realise and communicate that “most of us, if not all, feel imposter syndrome regularly”, without that feeling, it’s much harder to develop and grow.
Now, back to the 1-1, it’s obviously very important not to leave it there but to reassure:
- share your own vulnerabilities and worries
- point out strengths (but not just faint praise, as this will come across as disingenuous) and
- come together on a plan (e.g. challenging projects based on strengths but still challenging enough for growth, stuff to benefit mental health and self-confidence) going forward to support.
As a leader, this was just another lesson for me in being transparent, truthful about my own shortcomings or concerns, and being honest but kind in my advice.
There are many people more talented with greater achievements than me in InfoSec, and one thing that’s very common from my experience is imposter syndrome.Having it is probably healthy as it is typically correlated with humility, of which we need more of, however, too much of it prevents us from truly achieving what we can. Most importantly though, imposter syndrome frequently stops us from asking for help, which ultimately prevents growth.
As a community/industry, we often discuss how we can make InfoSec more welcoming, one way is by being open on how we have been or still are affected by imposter syndrome, and where possible, share our failings like my good friend Adam recently did. So yeah, if you’ve got imposter syndrome, you’re not alone.
Note: Moved from my old site - securityleadership.ninja - originally posted on 2020-07-15.