Skip to main content

Impostor Syndrome


"Do you not know, my son, with how little wisdom the world is governed?”

― Axel Oxenstierna, Lord High Chancellor of Sweden to his son who feared holding his own as a peace delegate at the Peace of Westphalia


I find that people in the Information Security field often believe that others are smarter than them, or more educated or experienced than them. But my experience has been the opposite. 

When I got my first official IT job in a NOC in 2016, I assumed that the people I would be working with were experts in their field. I had studied hard, worked harder, to make sure I understood the technology I was responsible for and was excited to step into my role. 

Without sounding haughty or thinking too highly of myself, I quickly learned that many of my peers did not care about the job, or the technology. It was a means to an end, and their career had ended the moment they decided that it was a means to an end. 

My yearly evaluations quickly reflected that I was operating above my peers and should be eligible for promotion. So I began applying for junior engineering roles within my org.  After 2 years and leading an automation project for my current role, a position opened I was able to move into a security engineering role. 

Again, I assumed that my coworkers would be experts in their field. Instead, I found that I was working at or above expectations and that coworkers were coming to me for assistance, education, etc... 

I was astounded. I thought that I had stepped into a role where I would be junior, some of these people had been employed for years in the security engineering teams. Surely they should be leading me? 

This behavior has repeated. And its not unique to me. I'm not a special snowflake or some super cyber specialist.

As a member of the information security community, if you care about your career, if you're passionate about technology, about privacy, about internet freedom, about how tech can make lives safer, you're already performing above peers. 

Those passions end up inundating your behaviors. Pushing for safer computing standards. Safer softwares. Safer design templates. Safer user interactions. 

You're not only good enough to be in your role, or a higher one, but better than the people who are there and don't care. 

Throw impostor syndrome out the window, don't you know with how little wisdom the world is secured? 

Popular posts from this blog

LibWebP (CVE-2023-4863)

Here is a non-exhaustive list of possible mitigations to prevent the exploitation of CVE 2023-4863 in the LibWebP library. This library has a heap buffer overflow available across all operating systems, most browsers, an exceptional number of Electron framework applications. This CVE is rated a 10 after previously being rated 8.8. This was due to an original disclosure from Google stating that Chrome was the only effected application. After investigation, it was discovered that all instances of the LibWebP library were vulnerable across all platforms. A similar CVE ( 2023-5217 ) is pending analysis for the VP8 webstream video format (a sister library to libwep.) As working proof-of-concepts are generally available to the public and Google and Apple both acknowledge threat actors and spyware vendors making use of the vulnerability, it is essential that you begin reviewing and patching all business critical applications. Patch Browsers, All of them All major and minor browsers acr

Show And Tell

Once a week, our security team gathers everyone into a meeting and shares the last week’s worth of security related news and any new security initiatives. This one hour may be the most valuable meeting we attend and has the greatest impact on successful security outcomes. What is it? We call ours a Security Show & Tell. (You can call it whatever fun and exciting name fits your corporate culture.) Regardless of the name, the goal is to set aside an hour each week to share three kinds of security stories and our response to them. Stories that are in the news. Stories that impact our work. Stories that impact our lives. Author’s Note: There’s some helpful tips below on how to gather these stories.  Why you should do it There’s a lot of great reasons to do this, but I want to drive home a few really important ones. How many times has this happened to you? You wake up, open , and begin scrolling only to find out that $Vendor has a nasty zero-day and organiza

Savory Dutch Babies

Ingredients: 1/4 Stick butter 1/2C AP flour 3/4C room temp milk 3 room temp eggs Salt pepper mace nutmeg allspice etc if you want it Blend it or whisk it until homogeneous  Put a castiron in a cold oven at 425°.  Remove when preheat finishes and melt in a 1\4 stick of butter.   Pour in batter.  Top with parm and fresh herbs.  Cook 15m.