Over the past couple of weeks I’ve read a number of articles both in and out of the IT Security field and also attended talks which discuss Imposter Syndrome and the impact which it has had on the individuals giving the talks.
Imposter Syndrome is a term which was coined in 1978 by clinical psychologists Pauline R. Clance and Suzanne A. Imes which manifests itself by individuals not being able to enjoy the success of their achievements and leaves them living in a persistent fear of being exposed as a fraud.
Individuals often feel that their achievements are based on deception and making others believe that they are more intelligent than they really are.
Research indicates that both women and men suffer equally from Imposter Syndrome however men are perhaps more likely to internalise and bottle up these feelings of inadequacy rather than seek help and find a method of unburdening themselves.
Having worked in different fields in IT one of the aspects I most love about pentesting and the security sector is the open mindedness and inclusiveness of the individuals which work underneath its banner.
Although a number of new recruits into the field come via University and Graduate programs there is no set way into pentesting and the security sector. From postmen to plumbers, electricians to nurses everybody is welcome.
When new testers come into the field they are often full of enthusiasm and have two things on their mind, popping shells and getting root. It’s not until they’ve been in the field for a while that they start to see not only how wide but how deep the security field is.
In my personal opinion this is where the trouble sets in, once people realise how much they don’t know.
Co-workers are popping shells, routing traffic in impossible ways, writing scripts and taking part in talks, witnessing this is where the fear and self-doubt starts to set in, they start to ask themselves how can I ever do that, will I ever be able to do that and they tell themselves I’ll never be that good.
What struck me from the talks and papers I’ve read was I’ve not seen organisations talk more about Imposter Syndrome and ways in which organisations can help foster a better working environment; this is often something left for HR to deal with. In a number of cases if HR are having to deal with it, it can often be too late.
Pentesting is often regarded purely as a technical discipline, soft skills don’t get as much focus as the latest 0day exploit or PowerShell delivery technique.
I think senior staff members, management need to be more focused on the environments which they create for staff and take responsibility to help foster greater levels of trust within a team, they need to create a unit and not just a group of individuals.
In the military people aren’t called co-workers or colleagues or other safe words they are called brothers and sisters, they are family they stand side by side shoulder to shoulder. Brothers and Sisters of course fight and argue however they stand up for each other and take care of one and other, they trust each other.
There is no easy answer to solving Imposter Syndrome, however I believe if team members trust each other they are more likely to feel able to reach out to other members of the team without feeling stupid or inadequate. If team members have trust in their leadership I believe they will feel more confident and open in talking about what is going wrong without fear or recrimination or painting a target on their backs.
Creating an environment of trust amongst team members not only helps the team but builds confidence in individuals and helps develop great friendships. This energy then gets reinvested within the team because members ultimately feel better about themselves and each other.
As a business, individuals who feel trusted, who enjoy working with their colleagues are probably more likely to stay put which reduces churn and costs associated with rehiring.
The next time you feel like a fraud at work or one of your team members feels this way you’ll be able to reassure them that most other people feel exactly the same and have more understanding about how you can help them.