All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-imposter-syndrome/)
For CISOs and other security leaders, suffering from imposter syndrome seems inevitable. How can you ever be really confident when there's an endless stream of threats and a landscape that changes without your knowledge?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest David Peach (@realdavidp), CISO and head of privacy, The Economist Group.
Thanks to this week's podcast sponsor, F5.
CISOs are dealing with the increasing sophistication of cyber attackers that are taking advantage of their applications. Find out how F5 helps organizations expand their security and see the unseen by watching the F5 Security Summit webinar. View it here.
On this episode of Defense in Depth, you’ll learn:
- Imposter syndrome is a feeling of not being as good as you purport to be or others perceive you to be. Almost all security professionals, especially CISOs, have moments of imposter syndrome.
- The root of the problem is underestimating your contributions.
- Imposter syndrome can debilitate a security professional. But the opposite is also dangerous. If you don't question your ability and think you alone can solve things and others perceive that you can do that as well, that's a disaster waiting to happen.
- The relentless change of technology and threats can overwhelm a professional and feel that they can't keep up. There's a sense of you will always be behind.
- It's not a sprint, nor a marathon. Security is an infinite game. There's no winning and no moment of relief, but looking at it as a journey you can see success along the way.
- There is an outside pressure that CISOs know more than they actually do, and at the same time they don't want to disappoint management, the business, or the team.
- Imposter syndrome can be seen as a positive when it leads to self awareness and improvement.
- Be smart enough to know how little you do know and accept it, but still stay on that journey to keep learning more.
- You can't teach the person who thinks they know it all.
- The flipside is you rarely get congratulated for your work as a security professional.