My Imposter Battle

Two weeks ago, I learned a new technique with PowerShell through experimenting with the profile.  It worked really well, at least for what I wanted to do, but my excitement was short lived.  Something that feels this basic shouldn’t be this cool, and obviously someone else probably would have already uncovered it.  Any time I get started on something, and I get stuck, I start looking online for documentation on a specific class.  Then I find out another researcher already did this work three years ago.

The second talk I gave last year in and around PowerShell. I wanted to do something cool for the audience, and most security people (myself included) are excited about new ways to create reverse shells. The first talk I did, I used one of the Invoke-TCP shells found in the Nishang toolkit.  This time around, I wanted to show how to use PowerShell to do the same thing against a Linux box.  My thought process was just showing possibilities of pentesting with a Windows based system more than anything.  I converted one of the scripts used for an Offensive Python OWASP training over to PowerShell (with permission), and thought that was great.  Although I was really excited this worked, and couldn’t wait to show it off, all I had really done was port someone else’s script into my talk.

I’ve been told repeatedly by my peers (not just when I was in InfoSec) that confidence is an area that is lacking for me. Most of my career, I’ve gotten great reviews, excelled at getting my projects accomplished, while diving into anything I don’t know.  It helps me gain confidence, but it’s also a never-ending battle.  I will be confident if I get a degree.  I will be confident if I get graduate degree.  If I work in X field, my confidence will improve.  It doesn’t take away from that fear of making a mistake, because if I make a mistake people will find out I have no clue what I’m doing.  This fear becomes magnified in a toxic environment, where peers are waiting to pounce on mistakes to point out the failure, as a means to prop themselves up.  When that happens, I start to discredit all the educational and career accomplishments.  The two examples I’ve given are just a small sample of the hundreds of time I’ve had these issues swirling around in my head where I feel like an imposter.

How do we combat the insecurities around imposter syndrome?  The more advanced the career field, the larger the odds we will work with things we don’t understand right away, and the more it will cause doubts (at least in the beginning).  I’ve spent the past year or two (time is flying) pushing my boundaries to work on the those kinds of projects.  This is how I’m choosing to combat.  It works the same way as some of the anxiety issues I’ve fought to overcome, where I have to turn into the skid of the anxiety.  If I don’t face it head on, I will stay where I’m comfortable, and this will never allow for further improvement.  I will try to teach others what I’m learning along the way, to improve their process.  If someone else has already done something similar to what I’m trying to accomplish, it doesn’t mean I need to give up with what I’m doing, because in order to talk to it, I need to understand it. I can look into their process and improve it for my environments and goals.  Remember, learning is the end goal, and everyone has to start somewhere.  Gaining experience in areas where otherwise inexperienced doesn’t make someone an imposter.  It makes them a lifetime student.