Imposter Syndrome in cybersecurity is more common than you think

Imposter Syndrome in cybersecurity is more common than you think Image 1
Imposter Syndrome in cybersecurity is more common than you think Image 2

Have you ever felt underqualified for a cyber security position i.e. a technical promotion, lateral move from blue to red or stepping up to ‘Head of’? Ever thought that some of the highly talented security people around you are in another league? If the answer to these questions is yes, then you’re not alone. Regardless of the type of cyber security job you currently maintain, imposter syndrome in cyber security is very common.

FACT - Cybersecurity is a highly stressful environment! The stakes are high, and the pressure is on. No matter how many security certifications you have successfully completed, it’s only natural to experience the occasional wave of doubt or insecurity about your skills. When the going gets tough, you may even feel as though you’re underqualified, even though you’re perfectly capable of handling the situation at hand. The fluid threat landscape, constantly changing technology and competitive work environment inherent to the field quite often triggers imposter syndrome.

Ego is also a major issue in the cybersecurity world. The very nature of the attack-defence culture drives this ego hierarchy where everyone is competing and comparing. With this constant uncertainty and fear of judgment, some security professionals can end up operating in a constant cycle of self-doubt.

So what is imposter syndrome, what causes it and how do you overcome it to help your career progression?

Imposter syndrome is a psychological issue that many humans suffer from to some degree. As a form of self-doubt, some successful cybersecurity professionals believe they’re unworthy of their success. These professionals see their success as possibly due to luck, rather than being a reflection of their talent, work ethic and commitment. Many highly successful security professionals share this feeling. Despite what those outside of the security industry may perceive, the further these professionals climb in their career, the further they admit to spiralling into imposter feelings.

So what are some of the key causes of Imposter Syndrome?

  • Stressful Workplace - Security professionals are required to regularly learn new skills to keep pace with new threat landscapes. Some of the long hours associated with SecOps or incident response to a major breach often compounds the situation.
  • No Formal Paths to Become a Cyber Security Expert – Despite what some may say, there’s no clear path to becoming a security expert, despite progress in recent years. With the expansion of the security industry those without degrees can enter and access the security job market. Pseudo industry-standard certification exist, but the lack of advanced formal training to support highly skilled professionals from other compatible industry sectors is lacking.
  • A Big Breach - Security professionals have the critical role of defending organisations from a wide range of threat actors, and failure to do this can trigger imposter syndrome.

So how can Imposter Syndrome be overcome?

People with imposter syndrome are sometimes hard to spot in the workplace. They may feel like the best team contributor of the quarter, but to the trained eye they may tend to lay low and not ask too many questions. They may also avoid sharing ideas, accepting new challenges or avoid networking with the broader tech community. Here are some tips to tackle imposter syndrome.

  • Find a Mentor - Breaking the silence and expressing your feelings is a big step forward. Find a mentor who can listen to you. It’s not necessarily about offering solutions, it can just be a more experienced industry person who understands the challenges you face on your current project.
  • Set Achievable Goals - Setting up realistic goals is an important step to overcoming imposter syndrome. Aim to leverage your strengths and manage your areas that require development. Tick off the small milestones to help you focus on one task at a time.
  • Learn From Your Failures - Failures are essential and can be beneficial for career advancement. If you focus on what you’ve learned rather than the outcome, you will realise your strengths. Learning to recognise mistakes and mitigate future risks is integral to cyber security. For security experts, failure can often lead to innovation and help prevent massive data breaches in the future.
  • Upskill Regularly - Never stop learning. Upskilling will help cyber security professionals navigate the ever-changing threat landscape. Schedule your day in such a way that you always have time for self-improvement (even 30 mins can be productive). Maybe consider enrolling in a coding bootcamp, researching in detail some of the 2023 worst cyber-attacks, or even working on your soft skills/presentation skills.

Although imposter syndrome was discovered >40 years ago, it’s still alive and well in 2023. It can affect security professionals at any level and at any time of their career – graduate all the way to CISO. If you have experienced imposter syndrome, back yourself, find a mentor if possible, commit to ongoing training & development and channel your inner strength to overcome it.

The Decipher Bureau effect - If you need support finding the right cyber talent or workplace in the year ahead, contact our team of specialist cybersecurity recruiters at the Decipher Bureau here or via LinkedIn.