Blog: Opinions

Imposter syndrome in cyber security

Sam Macdonald 10 Oct 2024

TL;DR

  • Imposter syndrome is the belief that you are undeserving of your achievements
  • Anyone can be affected by it
  • There are ways to cope

This write-up follows my presentation at BSides Ljubljana. The video is available here.

What is imposter syndrome?

Imposter syndrome is the psychological pattern in which a person downplays their achievements and believes that they are secretly a fraud undeserving of their achievements.

Can I be tested for it?

As imposter syndrome is not a medical condition there are no definitive tests or diagnoses for it. However, several questionnaires are available that can help determine if you may be experiencing imposter syndrome related thoughts.

What are there symptoms?

There are a multitude of symptoms that people report experiencing, some which are listed below, you may have experienced some or even all of them at different points.

  • Burnout from overworking
  • Fear of success or failure
  • Lack of self confidence
  • Sensitivity to small mistakes or criticism
  • Setting impossibly high standards
  • Crediting external factors for your success

Who does it affect?

There have been multiple studies since psychologists Pauline Rose Clance and Suzanne Imes introduced the term back in 1978. As with all studies, there are some contradictive findings, however it is generally agreed that:

  • 7 out of 10 people report feelings of impostorism
  • All genders are equally found to be affected
  • Some evidence suggests the perception of imposter syndrome reduces with age
  • Prevalent in professions where expertise or intelligence are highly valued

Imposter syndrome in cyber security

So why is it so prevalent in the cyber security community?

High expectations and standards

The constant pressure to perform at a high level and the fear of falling short can contribute to feelings of inadequacy and self-doubt.

Constantly evolving technology

The technology landscape is continually evolving, and staying up-to-date can be challenging. The need to learn and adapt quickly can be overwhelming, and feeling like falling behind can lead to imposter syndrome.

Fear of failure

Constantly striving for perfection can make even small mistakes feel like major failures, especially when the potential consequences seem severe. This often triggers negative self-talk and a deep sense of inadequacy.

Isolation

Since COVID, the shift to remote work has led to less spontaneous recognition for our efforts. As a result, we may feel more isolated, worry that our work isn’t being valued, and fear that we’re on the brink of being exposed as a fraud or losing our jobs, with others possibly discussing us behind our backs.

Personal experience

Now it is easy for me to tell you about imposter syndrome but the first step to addressing it is to first acknowledge my own personal experiences. These are some of the feelings I get whilst undertaking my work, sometimes I can experience just one but often it can be a combination.

  • Self-doubt – I am not good enough for this role
  • Am I a fraud? – my colleagues will notice I’m unable to perform my duties
  • Extensive procrastination – if I delay tackling my workload, then I’m unable to reaffirm my lack of skills
  • Overworking – putting more hours into a task means I can overcome my shortfall in abilities. I know it’s ironic when compared to the previous point
  • Overreaction to criticism – a colleague has finally found out I’m a fraud
  • Constant comparison to other people – my colleagues are much more skilled than I am. I do not belong here
  • Downplay accomplishments – I was just lucky or anyone could have achieved it

Coping strategies

There are many coping strategies to help combat moments of feeling like an imposter. I will detail two that I have been following that have helped me, but remember it is important to find one or a couple that works best for yourself.

The goal of these techniques is to replace unhelpful negative thought processes with more positive ones.

Cookie jar method

Now you may have heard of this one before or know it by a different name. I heard about it from the book “Can’t Hurt Me” by the ex-Navy SEAL David Goggins. This method is broken down into three parts:

Collect your cookies

Recognise your personal victories, no matter how small. It could be finishing a difficult project, pushing through a moment of fear, or simply offering a kind word to someone.

Fill your jar

Keep track of these victories, either mentally or by writing them down. These “cookies” represent your resilience, strength, and ability to handle challenges.

Reach into the jar

In moments of self-doubt take a moment to revisit your collection of “cookies.” Reflecting on these past achievements will remind you of your strengths and boost your confidence to face new challenges.

Personally, this is my favourite technique, adapting it to better suit my visual based learning. Using wooden bricks, I write the names of conferences that I have given talks at. The idea is to place them in a shadow box, that way when I’m having moments of impostorism I have a visual reminder that I am worthy of my role in the industry.

The hogwash list

Do you ever hold back from taking on a new project? Perhaps you immediately start making excuses as to why you’re unable to do it. This is imposter syndrome rising to the surface with great strength, the fear of failure is preventing you from even beginning to try. This technique is great to put everything in perspective, listing “obstacles” to success with sound reasoning as to why they may be irrelevant.

I’ve actually used this method, well a smart friend used it subconsciously on me when I was avoiding reasoning to make the switch to cyber security. Let’s run through how it works.

Goal – Write down the goal that you wish to achieve.

  • To become a penetration tester.

Obstacles – List the obstacles you believe are preventing you from achieving your goal.

  • Have no cyber security experience.
  • Unable to code.
  • Will not be able to write technical reports.

Hogwash – Under each “obstacle” list reasons why they are irrelevant.

• Have no cyber security experience.

Worked for circa 20 years in different IT support roles with a strong focus on keeping businesses and users secure.

• Unable to code.

Have had to continuously learn new technologies in order to support them, I am capable of learning new skills such as coding.

• Will not be able to write technical reports.

Written a multitude of training documents which have needed to be clear and concise.

Conclusion

If you ever feel like an imposter, remember you are not alone, it is reported that 7 out of 10 people report being affected.

There are various techniques to help manage these feelings, but finding what works for you may require some trial and error. While imposter syndrome may not completely disappear, you’ll become better equipped to handle the intrusive thoughts it brings.

Further reading