Imposter Syndrome in Cyber Security - How We Can Turn This Into Our Secret Weapon To Become Technological Leaders
*This article was also posted on Linked.
I created a survey on Linkedin surrounding Imposter Syndrome in Cyber Security, and it looks like a lot of us “suffer” from it, particularly when it comes to the cyber management level. (link to the survey here)
I see this entire “Syndrome” as a very interesting and even CRITICAL part of becoming a cybersecurity professional at the executive level. I believe there is a curve of Confidence in Cyber Security, I aptly call it the “Eli Migdal’s Confidence Curve of Cyber Security Tech Vs Managerial Skills Vs Confidence” (I know – very original name). which if you were to chart it out, would look something like this:
This chart in my experience works both for the Sys Admin route to CTO / CIO and the more cyber focused route to CISO.
But, it’s all about the timing – when does imposter syndrome start? And how can you catch it to use it to your advantage?
If I break down the chart to explain more about what this looks like in practice, you’d see something like:
(Years 2-6) – You are focusing on honing your “Techy Knowledge” and going hands-on as you grow your confidence alongside your tech skills.
(Years 7 – 9) – Your “Techy Knowledge and Skill” peaks and starts to plateau (in tech you will never know everything as it changes so quickly!) During this time your confidence level continues to grow, and your managerial skills grow more as you start to manage more people and teams directly.
(Years 10 -12) – This is where it usually gets “tricky” because your focus turns more to managerial skills and tasks. Your “Techy knowledge” starts to decline because it’s almost impossible to stay completely hands-on in tech and management simultaneously as your team size and responsibilities increase. This is where the first real signs of “imposter syndrome” start to show and your confidence starts declining.
(Years 13-15) – Your Managerial skill increases initially but starts to balance out and does not increase more as your confidence level is declining and you’re not maintaining “Tech Knowledge” levels. This is where you must “fix it” and get the charts rising again.
What is “Imposter Syndrome” in IT & Cyber – How does it feel ?:
It is usually all about your confidence level and self-doubt, usually, the following types of questions start popping into your head:
Am I really an expert? Am I really a Cyber Expert or an IT expert?
Can I really be responsible for something as big as securing an entire organization?
Can I really be responsible for the entire infrastructure and IT system of this organization?
Do others see me as an expert? Do they see me as a fraud?
If I don’t know something does this mean I don’t deserve to be here?
Does the bald look work for me or do I actually miss my hair? (ok maybe that’s just me)
Most likely some or even all of these questions have been through your mind at one point or another…
When it comes to technology, increasing your skillset tends to take time and the change is granular. But, when you’re shifting from techy to managerial or managerial to executive, there’s often a lot of sudden changes. This is usually a ‘sink or swim’ moment for many IT and Cyber professionals looking to become technological leaders. And a big cause of ‘imposter syndrome’ in my experience.
But to be honest, the real question is. If you suffer from imposter syndrome, is it really a ‘bad’ thing?
I think that in the IT & Cyber Realm we NEED to suffer from imposter syndrome, we need to embrace it. Otherwise, we will just be overwhelmed by the speed of how everything is changing.
The truth is, in cyber, everything changes so rapidly that no-one is ever going to know everything no matter how hard you try. Once you embrace the ‘imposter syndrome’ which is often a result of this, you can actually make it your friend and your secret weapon.
(credits to Nir Rothenberg for ‘secret weapon’)
Here are 6 bullet points on how to embrace imposter syndrome and make it work FOR YOU:
Understand that you can’t have ‘hands-on’ up-to-date knowledge on everything. In fact, the more you know, the less you actually know.
It’s very healthy in IT & Cyber to say “I don’t know – lets research and find out”. Being able to say this is a proper catalyst to constantly learning more and engaging with your peers, researching, and learning TOGETHER.
Now, this is a big one. Your ‘worth’ as an executive is not always ‘what you know’. It’s your capability to learn, adapt, and respond to changing landscapes quickly. Experience is the ability to deal with new scenarios and not the amount of knowledge you have (this is a completely different metric of success compared to technological job roles and many people don’t realise this change).
Remember – You are not being benchmarked for your knowledge, in Cyber and most of IT you are being benchmarked on your Skills to deal with challenges.
If you want to make it in the Boardroom, try to be a specialist in being a generalist. (Credits to David Varnai on this quote) You can not be a complete expert in “something” when that “something” is ever-changing.
There’s a reason that Academia doesn’t really work in Cyber Security at an executive level. Because learning “past methodologies” doesn’t give you the experience to work in the environment at board level or managing a team. It’s the real-life experience that will make you feel more confident. Rather than trying to put theories into practice.
Don’t doubt yourself but always challenge yourself. Ask “Did I really do everything I can on this subject? Did I engage with all my colleagues to find the best solution?
So if you ask me: “Eli – are you an expert?”
Usually, my reply is “Yes, I was an expert yesterday … today most likely I am not – let me learn something new and I’ll get back to you”
“Eli – Do you have Imposter Syndrome?”
My answer would be “I had it yesterday but today I learned something new and I am ALLLL GOOOD”
Ok, I have embraced the Imposter Syndrome, what actual steps can I do to increase my confidence in the Technological managerial realm.
Use the Imposter Syndrome – Rather than allowing it to doubt yourself and knock your confidence. Use it as a benchmark to accept something you don’t know and then drive your learning. Remember you can’t know it all, no one can, but imposter syndrome will empower you to do your maximum to learn something new every day. And this, in turn, will make you a much better leader.
Learn to speak in Business! learn about P/L, Assets, Liabilities, Revenue, Expenses, Equity, Net Profit, Net Loss, Profit Margin, Cash Flow, ROI, B2B, B2C, and no, you don’t need to do a PhD in economics. You are in Cyber and IT, find the resources, teach yourself as you did for any other subject in your professional realm.
After sections 1 & 2 are accomplished move to the next part – Talking in Business Risk. I have learnt that most decisions by C-Suite and Board members are done based on Risk Analysis and in most cases its financial risk. I wrote an article on the subject:
I created the Boardish Methodology initially to help me swim in this deep water. To be able to get decisions from the C-Suite and Board and increase my Managerial communication skills. In doing this, it increased my confidence.
In our early years, our confidence grows as our technological abilities grow, the more “issues you fixed” the more confident you become. In the IT & Cyber Managerial realm, your confidence will grow with the number of executive decisions you are able to push through.
Connect your confidence level and benchmarking with decision making and you will see how sometimes your “imposter syndrome” grows but it just makes you feel better, stronger, and more capable!
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.