cloud_security_icon-01.png

Impostor Syndrome in Cyber Security

Eli Migdal

Oct. 20, 2020

I created a survey on Linkedin surrounding Impostor Syndrome in Cyber Security, and it looks like a lot of us “suffer” from it, particularly when it comes to the cyber management level.

I see this entire “Syndrome” as a very interesting and even CRITICAL part of becoming a cyber-security professional at the executive level. I believe there is a curve of Confidence in Cyber Security, I aptly call it the “Eli Migdal’s Confidence Curve of Cyber Security Tech Vs Managerial Skills Vs Confidence” (I know – very original name).

imposter syndrome chart for executives
This chart in my experience works both for the Sys Admin route to CTO / CIO and the more cyber focused route to CISO.

But, it’s all about the timing – when does impostor syndrome start? And how can you catch it to use it to your advantage?

If I break down the chart to explain more about what this looks like in practice, you’d see something like:



(Years 2-6) – You are focusing on honing your “Techy Knowledge” and going hands-on as you grow your confidence alongside your tech skills.
(Years 7 – 9) – Your “Techy Knowledge and Skill” peaks and starts to plateau (in tech you will never know everything as it changes so quickly!) During this time your confidence level continues to grow, and your managerial skills grow more as you start to manage more people and teams directly.
(Years 10 -12) – This is where it usually gets “tricky” because your focus turns more to managerial skills and tasks. Your “Techy knowledge” starts to decline because it’s almost impossible to stay completely hands-on in tech and management simultaneously as your team size and responsibilities increase. This is where the first real signs of “impostor syndrome” start to show and your confidence starts declining.
(Years 13-15) – Your Managerial skill increases initially but starts to balance out and does not increase more as your confidence level is declining and you’re not maintaining “Tech Knowledge” levels. This is where you must “fix it” and get the charts rising again.
What is “Impostor Syndrome” in IT & Cyber – How does it feel ?:
It is usually all about your confidence level and self-doubt, usually, the following types of questions start popping into your head:

Am I really an expert? Am I really a Cyber Expert or an IT expert?
Can I really be responsible for something as big as securing an entire organization?
Can I really be responsible for the entire infrastructure and IT system of this organization?
Do others see me as an expert? Do they see me as a fraud?
If I don’t know something does this mean I don’t deserve to be here?
Does the bald look work for me or do I actually miss my hair? (ok maybe that’s just me)
Most likely some or even all of these questions have been through your mind at one point or another…

When it comes to technology, increasing your skillset tends to take time and the change is granular. But, when you’re shifting from techy to managerial or managerial to executive, there’s often a lot of sudden changes. This is usually a ‘sink or swim’ moment for many IT and Cyber professionals looking to become technological leaders. And a big cause of ‘impostor syndrome’ in my experience.

But to be honest, the real question is. If you suffer from impostor syndrome, is it really a ‘bad’ thing?
I think that in the IT & Cyber Realm we NEED to suffer from imposter syndrome, we need to embrace it. Otherwise, we will just be overwhelmed by the speed of how everything is changing.

The truth is, in cyber, everything changes so rapidly that no-one is ever going to know everything no matter how hard you try. Once you embrace the ‘impostor syndrome’ which is often a result of this, you can actually make it your friend and your secret weapon.

(credits to Nir Rothenberg for ‘secret weapon’)

Here are 6 bullet points on how to embrace imposter syndrome and make it work FOR YOU:
Understand that you can’t have ‘hands-on’ up-to-date knowledge on everything. In fact, the more you know, the less you actually know.
It’s very healthy in IT & Cyber to say “I don’t know – lets research and find out”. Being able to say this is a proper catalyst to constantly learning more and engaging with your peers, researching, and learning TOGETHER.
Now, this is a big one. Your'e ‘worth’ as an executive is not always ‘what you know’. It’s your capability to learn, adapt, and respond to changing landscapes quickly. Experience is the ability to deal with new scenarios and not the amount of knowledge you have (this is a completely different metric of success compared to technological job roles and many people don’t realize this change).
Remember – You are not being benchmarked for your knowledge, in Cyber and most of IT you are being benchmarked on your Skills to deal with challenges.

If you want to make it in the Boardroom, try to be a specialist in being a generalist. (Credits to David Varnai on this quote) You can not be a complete expert in “something” when that “something” is ever-changing.
There’s a reason that Academia doesn’t really work in Cyber Security at an executive level. Because learning “past methodologies” doesn’t give you the experience to work in the environment at board level or managing a team. It’s the real-life experience that will make you feel more confident. Rather than trying to put theories into practice.
Don’t doubt yourself but always challenge yourself. Ask “Did I really do everything I can on this subject? Did I engage with all my colleagues to find the best solution?
So if you ask me: “Eli – are you an expert?”

Usually, my reply is “Yes, I was an expert yesterday … today most likely I am not – let me learn something new and I’ll get back to you”

“Eli – Do you have Impostor Syndrome?”

My answer would be “I had it yesterday but today I learned something new and I am ALLLL GOOOD”

Ok, I have embraced the Impostor Syndrome, what actual steps can I do to increase my confidence in the Technological managerial realm.
Use the Impostor Syndrome – Rather than allowing it to doubt yourself and knock your confidence. Use it as a benchmark to accept something you don’t know and then drive your learning. Remember you can’t know it all, no one can, but imposter syndrome will empower you to do your maximum to learn something new every day. And this, in turn, will make you a much better leader.
Learn to speak in Business! learn about P/L, Assets, Liabilities, Revenue, Expenses, Equity, Net Profit, Net Loss, Profit Margin, Cash Flow, ROI, B2B, B2C, and no, you don’t need to do a PhD in economics. You are in Cyber and IT, find the resources, teach yourself as you did for any other subject in your professional realm.
Engage with your Managerial colleagues, its time to put the “Linux Console” aside for a while and work on your “soft skills”, your “soft skills” are critical in the Technological managerial world. Here’s an article on Soft Skills from Boardish: https://www.boardish.io/are-soft-skills-becoming-more-important-than-tech-for-it-cyber-pros/
After sections 1 & 2 are accomplished move to the next part – Talking in Business Risk. I have learnt that most decisions by C-Suite and Board members are done based on Risk Analysis and in most cases its financial risk. I wrote an article on the subject:
https://www.boardish.io/the-5-step-framework-for-cisos-starting-in-a-new-company/

I created the Boardish Methodology initially to help me swim in this deep water. To be able to get decisions from the C-Suite and Board and increase my Managerial communication skills. In doing this, it increased my confidence.

In our early years, our confidence grows as our technological abilities grow, the more “issues you fixed” the more confident you become. In the IT & Cyber Managerial realm, your confidence will grow with the number of executive decisions you are able to push through.

Connect your confidence level and benchmarking with decision making and you will see how sometimes your “impostor syndrome” grows but it just makes you feel better, stronger, and more capable!

Interest you

Announcing Public Preview of Redis Enterprise on Azure Cache

Redislabs

Nov. 21, 2020

Delivering new features to Azure Cache for Redis.
At RedisConf 2020 Takeaway in May, we announced our expanding partnership with Microsoft Azure and introduced Redis Enterprise as two new tiers on Azure Cache for Redis....

Shadow IT Is Bad... Or Is It?

Walter Beek

Nov. 17, 2020

Shadow IT is IT that happens outside the knowledge, governance and control of the IT department.
Analysts such as Gartner estimate that 30 to 50% of IT spend in large enterprises can be labelled as Shadow IT.

Cyber Security: What's right for your organization?

Dr. Wendy Ng

Oct. 20, 2020

A strategy is the foundation of a cyber security program; however, the implementation is key. The following recommendations should improve our leadership’s sleep patterns:

JOIN OUR MAILING LIST

2020 Nimbus Blog. All rights reserved.