Your Own Worst Enemy - Beating Imposter Syndrome

[Music] hi everyone you have the dubious honor being my first ever bsides talk thank you um yeah look I'm going to try and get through this quickly because I realize we are over time but thank you so much for attending uh I don't know how bad the other session was but I appreciate you being here in fact starting off with humor is pretty much a very good indicator of imposter syndrome so if you're not aware of imposter syndrome it isn't technical I have no code in my slide uh I went to my comfort zone which is non-technical those of you who know me I am part of a sales sort of organization so you know talking to PowerPoints my

thing but imposter syndrome is essentially that feeling that am I good enough to do this and I think it's something that is so prevalent in cyber security in uh life in general and most people have um experienced it in one way shape or form at some point so if you think about you want to get into cyber security you want to try a new job you want want to try and uh something new you want to go and look U for vulnerabilities throw back to the previous one um am I good enough to do this and it's it's that there's no evidence to say you can't in fact there's generally evidence to say you're very good at what you do but you just

can't shake that feeling and give you an example of that this is when I started my slide deck you'll notice That's Thursday evening about 22 midnight I delayed it for as long as possible don't look at my steps or heart rate please but I I delayed it as as long as possible cuz I thought do I really want to do this I only actually submitted talks because we didn't have that many and I wanted to kind of bump up the numbers and then it was accepted am I good enough to do this is this something I can actually do what if someone in the audience calls me out and and and says I'm wrong what happens if um you know do

I even know what I'm talking about and quite honestly you sit and talk to yourself in your head the voices sometimes make sense and you say you know what if someone thinks they can do better let them submit a talk next year let them come and stand up here you know well have a discussion over there ultimately imposter syndrome if you want to identify what it looks like and how you feel you think what you know is so small by comparison to what other people know but the reality is you actually are better than you think so self-doubt is a big part of this can I actually do this is this the place I want to be and if you do manage to get

something working and you do well you kind of play it off to oh well I was just lucky just you know how things go it's it's it wasn't really up to me it was something else situational Etc you're constantly afraid of failing and you can't you have to strive for perfectionism I can't I can't let this be a thing until it's actually perfect done is not an option it must be perfect it must be good and in some people it's it shows itself as I'm just going to work as hard as I can to look busy because then I must know what I'm doing so I'm going to work and just keep going and just keep going and personally this

is something I can relate to cyber security because for years uh I actually was at school with Dominic white I don't know if you guys caught the keynote that he did and I watched his career I see him presenting a black hat and I'm like geez that guy really knows what he's talking about wow let me have a look at the career P page on sense post and I was like yeah this is never something I'm going to I'm going to be able to Aspire towards these guys are just too too good I'll never be a part of that I actually got the the opportunity to work for orange cyber defense last year thoroughly thoroughly enjoyed it and

realized that actually they're quite a humble bunch of people the same at bsides thinking can I should I even come to bides it's it's technical people it's security I don't really know what I'm talking about I just you know I'll read some news articles and I regurgitate that I went to bides Cape Town my first one last year and suddenly it was like hang on I'm teaching people to pick locks I'm I don't know how to do this I've just watched the lockpicking expert uh sorry the lockpicking lawyer on YouTube and I'm just kind of repeating that and suddenly people are learning from me does that mean I know what I'm doing that's a scary thought so that

impostor syndrome actually in reality you know more than you think but you talk yourself out of it so really what you have to do is change your thinking to say I'm going to try this but they'll soon find out that I'm not that great to they'll soon find out that I actually great I'm good at what I do and no I'm not a lock pecker by any stretch of the imagination but I can teach you the theory I'm in sales I don't do practical um you know so when it comes comes to this imposter syndrome you have to keep repeating that to yourself you have to keep reminding yourself but that's just one of the tools that we

have I will talk about these all in uh in a little bit more detail I know you're probably going to read them but these are just some of the tips and tricks that have helped me and that uh doing some research online Etc that have helped so I will bring a little bit of personal insight into this and how this is actually worked for me but when you acknowledge and normalize it's actually described quite nicely in that pie chart there's only a certain percentage of people who will get imposter syndrome and then there's another percentage of people and then the rest of the group is made up of literally everybody else who also gets it remember that everyone suffers from

this at some in some way shape or form um every time that you know I've chatted with Leon or Dominic or Charles or you know various other people who I don't want to name and shame but you kind of how did you come up with that idea well I wasn't sure and I kind of thought about it and you know you discuss with other people in the industry or you know how do I get into cyber security you know I'm not going to be good enough I look at people who work in the sock I look at these pent testers I don't think like that neither did they initially this is what they've learned from just

doing and trying so acknowledge that normalize it recognize that everyone experiences this and that's okay you're not strange you're not weird especially identify and challenge as negative thoughts if you hear them if it starts talking down to you and you think I can't do this ask yourself why why not yes you're going to talk to yourself a lot it's not a sign of Madness or maybe it is but you know um depends what the answers you get back are but question that like can I really do this for me doing this this um presentation it's like can I can I really actually do this is this something I'm comfortable talking about well yes it is cuz I've

helped people I'm not an expert by any stretch of the imagination but people have sought my advice on something so clearly I must have decent Insight I must be persuasive I maybe maybe just I'm honest who knows um that's up to them to say but every time you hear these self-doubts replace them with a positive thing say I'm not sure if I can do this you actually can you've proven it here or you know what you're talking about or you know be prepared if someone does try and correct you get into a conversation have that Comfort within yourself to say cool but I always thought it was like this and uh you know leads on to the next point of develop

that self-compassion I realize this sounds very wishy-washy but actually if as if you're sitting in the audience watching a a speaker and they stumble over their words or their slides don't work you typically don't stand up and go you're crap I mean you might do it to me because we know each other but you typically wouldn't so why are you so hard on yourself when it comes to that treat yourself with that same kindness you are going to make mistakes you're going to make missteps you're going to you know maybe push an update that might have a little bit of an impact on Windows machines around the world I had to slip some reference in there um

you know but that's the thing accidents happen to everybody and you know on that on that point the self-compassion soon turns into compassion for other people as well so when something say a hypothetical like bricking Windows machines around the world happens you don't turn around and Jer and Shout you say I hope you guys get it fixed how can I how can I help as opposed to how can I turn this into a win for me when you're looking at a task a presentation uh a project a new role something like that set realistic goals it is a cliche how do you eat an elephant personally I don't eat elephant but some people apparently do but the

analogy there is one bite at a time same as you know break it into small manageable tasks look at okay what do I actually know where am I comfortable what can I start with and then how do I take that to the next block how do I take that next bike what is that next step uh it was actually quite nicely shown in the in the previous talk about the blind SQL saying you know I started with something I tried something else and it kind of built from there um and they then learned different skills OS in they learned uh how to do these things just one step at a time seeking support those of you who know me I talk

a lot about a cyber security tribe uh not because we're all Savages living in Huts but because I believe that that concept of tribal knowledge of helping each other of looking after each other is so crucial with within cyber security we're all competitive we work for different companies be they vendors or service providers or uh pentesters ethical hackers Etc but we're all doing essentially a very similar thing in the sphere we should help each other so talk to your peers come to bides particularly Cape Town you're welcome um you know attend hex coffee uh join hack South everyone here typically is willing to share some people yes there's there's always an element of ego that is natural

but we're all willing to share we're happy to share we're happy to help others we're happy to help you learn point you to resources Etc I've one of the biggest um ways I overcame this impostor syndrome was joining hack South and just being like I'm just going to ask this question I'm going to get ready for people to go oh my God you Noob what are you doing here and it's not it's like uh you know you see people learning Linux and they're so excited because they managed to do what I consider to be one of the most basic things but I look at that and go but I also know how to do that basic thing so maybe I'm not that

bad nobody judges you nobody makes fun of you we're actually here to support and help because that's how we Bridge the skills Gap that every vendor tells us exists that's how we get people excited and involved in cyber security celebrate your achievements no matter how small they are as I said someone managed to install Linux that for them was a huge achievement they've never done this before that's cool you know what lessons did you learn share that but celebrate the fact you got that working you you achieved a small thing you know and I like the generic Clarkson version of I did a thing doesn't matter what that thing was you did it own it

accept it enjoy it um and always always learn there's a theory I don't want to put too many cliches on the slides but I'm doing pretty well but if you're the smartest person in a room you're in the wrong room you know I I come to B sides and I'm I'm always humbled because we have people in you know some of the top levels of big organizations we have people who want to get into the industry everybody's here to learn something from somebody you know you you just have conversations you pick up bits of information you watch the talks hopefully um you can rewatch them on YouTube things like that we're here to learn don't be afraid of failure to my

mind failure legitimately is just a way that didn't work there's many many ways that didn't work find a way that does don't be afraid of that don't be afraid to start something just because you might be bad at it how am I doing TimeWise awesome I a little bit ahead of time which is a bonus for you all because to recap just remember imposter syndrome happens to everybody at some point anyone in this room if they're honest with themselves if they're honest with you will say yep there was a time I didn't know what I was doing I had to um you know I've never been a red teamer but I've spoken to a few of the the guys that do it and

they say you know it's that first time you walk into a company and you have to pretend to be someone else and it's it's it's nerve-wracking they got to find me out they spent all this money and I'm going to fall over in the first first half an hour and then but they didn't catch you but they let you in they held the door for you just cuz your hands were full of coffee or they didn't check your employee badge or whatever the case may be everybody suffers from imposter syndrome at one in one way shape or form so be kind to yourself be aware that this thing happens it's okay that it happens and make sure that you know you

you back yourself you know you can do it you know you've you've got the encouragement I should have actually put a sh of birth just do it but you know he's running out of slides um and then finally like Leverage your tribe use the people around you ask questions be curious keep learning um yeah someone may have done something before they might help you think a different way come up with a different solution or a different answer um don't be afraid to talk to people and just engage uh that that um uh it's it's on the orange cyber defense lanyards it's um I remember some of them abide by your work like hell share all that you know

abide by your handshake and have fun and those four things are just so powerful you know share what you know you can have a bit of ego that's cool you know you were the first person to do something that's great but share it help other people learn help other people grow so with that I am almost on time so you can get some tea or coffee a bit early thank you so much I appreciate it