Infosec imposter syndrome is real. Here's something that can help
Talk about an insider threat
Black Hat Imposter syndrome plagues people across all professions — including the cybersecurity industry — and it's not going to get any better until individuals are willing to share their struggles and find tools to help overcome these feelings of inadequacy.
Vicky Ray, director of Palo Alto Networks' Unit 42 cyber consulting and threat intelligence group, says this topic has been on his mind for quite a while now. In an interview with The Register ahead of Black Hat, he said he hopes his conference talk on imposter syndrome will encourage people to open up about it and discuss solutions.
One of these, according to Ray, is the Japanese concept of Ikigai.
Ikigai (pronounced ee-key-guy) combines the words "iki" meaning life with "gai," which means value or worth.
Diagrams showing this concept use four overlapping circles representing what you love, what you are good at, what you can be paid for, and what the world needs. The intersection of these four circles is Ikigai.
This concept can help people find purpose in their professional lives, and also help overcome Imposter Syndrome among security professionals, according to Ray.
"There's so much pressure" on everyone working in security, Ray said. "We all have to put more of a focus on this issue because if we do that, I think we will find that we can unlock so many people's potential."
'Majority feel they are not good enough'
As part of his job, Ray gives a lot of talks at different events and conferences. Over the last several years, he's noticed a trend when people approach him after his talks that he says spans students who want to get hired as well as seasoned professionals.
"The majority of them feel they are not good enough," he said. "People are sharing a lot of these same issues with me, and that was the trigger point."
There are many reasons why these feelings of inadequacy creep into our professional lives and fill us with self-doubt. For one, the threat landscape keeps expanding with bigger and badder attacks and more ways to inflict maximum damage via exploits. The attack surface continues spreading with more connected devices and points of entry, and newer technologies like AI and LLMs require more knowledge from defenders — and present new methods for the baddies to compromise IT environments.
People start comparing themselves with so many other people, that creates more uncertainty and then you start questioning yourself
There's so much media, social and otherwise, on novel exploits and new techniques, and while all of this information can be helpful and inspiring, it can also be overwhelming.
"There are a lot of people sharing so many cool things online," Ray said. "But that also means that many people start comparing themselves with so many other people, and then that creates more uncertainty and then you start questioning yourself."
Applying the concept of Ikigai can help people find meaning in their lives and careers, and examining each of the four areas can pinpoint those in need of improvement, which can help pull individuals out of a professional slump or ease imposter syndrome, Ray said.
Looking at the top circle, what you love, was always easy for him. Ray fell in love with cybersecurity as a sixth grader in India after reading a Popular Mechanics article from 1984 in the local library about "computer wizards called hackers" who were helping fight digital crime.
"As I grew and learned more, I got good at it, and then eventually I was getting paid," Ray said. That checks two other circles. But the last area, "what the world needs," was lacking. "I realized where I had something missing," he said. It was this idea of "how do I make more of an impact globally, and give back to society."
Ray found this answer working with law enforcement: specifically Unit 42's collaboration with Interpol, and helping US and international cops bust business email compromise (BEC) rings, DDoS-for-hire services, and other cyber-crime organizations.
- Microsoft 'fesses to code blunder in Azure Container Apps
- What would sustainable security even look like?
- Let's play everyone's favorite game: REvil? Or Not REvil?
- Chinese tech titans' share prices slump after THAT Super Micro story
This also includes Operation Delilah, a May 2022 joint effort that included the arrest of a Nigerian national suspected of running a multi-continent phishing ring. In the last year alone, Unit 42 has been involved in operations resulting in the arrest of 12 other Nigeria-based BEC scammers.
"The impact that makes to the world — I can't express to you the kind of happiness or contentment it brings to me," Ray said. "This is my Ikigai. Of course, Ikigais change over time. But I'm balanced right now."
This isn't to say that Ikigai is the only solution to Imposter Syndrome, or that it will solve everyone's feelings of inadequacy, he added. "But I think it will go a long way, and give us more direction." ®