Imposter syndrome is real.
Why do I say this?
Think about cybersecurity for a second. Even if you were someone with every certification out there today, you’d only have a handful to impress your boss with. Cyber is also evolving very quickly right now, so whatever you learn in a classroom setting is probably months behind what is going on in the wild.
At this point in my humble opinion, there is no formal path required to becoming an expert in the field. In fact, some of the most talented cybersecurity professionals I’ve had the privilege of working with had no formal training at all.
What do they do?
They participate in making security better. Many of them participate within the community. Some have a ton of speaking engagements, and several have even written books (all without letters attached to their names).
This begs the question when does someone become an expert in cyber?
As an MSP owner or someone interested in cybersecurity within an MSP, you shouldn’t get tripped up on not knowing enough.
Every day you and your team invest in trying to make your environments safer—whether that means researching new products, listening to security operations calls on current cyber threats, or simply learning about how hackers are getting around security controls, you are becoming the undefined expert.
How can you address imposter syndrome within your organization?
Whether you’re talking about cybersecurity, account management, or even helpdesk, your team at one point in their careers have probably confronted some serious imposter syndrome.
They might be (or have been) stressed out simply because they don’t have confidence in their knowledge and skills. They are convinced getting hired was a fluke.
Trust me, I’ve seen this in my own teams and I’ve had many conversations with folks within MSPs to know that this can be a huge problem and quite a challenge to get over.
Imposter syndrome—especially among cybersecurity professionals—is a huge problem.
Here’s what I’ve found works:
- Get them to recognize one thing each day that they consider a win. If you get them to focus on their gains, they’ll be less hyper-focused on all that negative stuff. As your team is growing, get everyone to celebrate even the small wins every day. Get them to realize that they’ve made progress. Rome wasn’t built in a day. And the cybersecurity field at this point is no Rome. Things are getting built on-going. If you take a short-term win focus instead of the marathon view, you’ll be able to see a ton of milestones over the course of a quarter, let alone within an individual week.
- Make them talk the talk. If they don’t know the language, they’ll never feel comfortable walking the walk. Get them reading, watching, and seeing what others are doing. Encourage your whole team to start talking about security issues and finding best ways of communicating them. One of the biggest challenges in cybersecurity today is the gap between technical audiences and their users. If your team can communicate effectively about security to non-technical audiences, they are leaps above most folks in the cyber community that call themselves the experts.
- Make sure they are keeping their eyes open. In my experience as you learn, the more you realize the mass of information you don’t know. That’s perfectly okay. In my opinion, cybersecurity experts are the ones that look and listen to many sources and see what others are doing. They ask questions and get better and asking the questions that matter. If your team isn’t investing in developing their knowledge and honing their experience—whether direct experience or through others’ experiences, they are likely getting worse at their jobs.
Experts aren’t perfect. But they are savvy. They are capable of figuring out a problem by looking at the pieces. Our community is under attack. If we don’t foster cyber expertise within our MSPs, how are we going to protect ourselves?
One of the easiest first steps is to gain an AHA moment in a cyber stack evaluation.