"The more I learn, the more I realize how much I don't know.” – Albert Einstein
Being involved in information security is intimidating. Not just because you are dealing with complex technology with serious implications if you fail, but everyone around you is going to be smarter than you. Even your adversaries. Especially your adversaries. Get used to it.
By everyone being smarter, I don’t mean to say we are dumb but stating the fact that nobody knows everything when it comes to all the various segments of information security. The acronyms that follow your name, from degrees and certifications and the tools you master, are a testament to your dedication but are only letters without learning to be humble, acknowledging your weaknesses and appreciating others’ strengths.
Some of the most successful people I know in technology and security view “I don’t know” not as an admittance of failure, or giving up, or to get defensive, but as a challenge to learn and collaborate.
I always find the stereotype of the “lone hacker” in a basement not only a bit insulting but in many respects, a huge disservice to an entire industry, which is actually built on collaboration. “Hacking” is innovation in its purest form, it is where creativity and technology meet and this rarely occurs in a vacuum.
Those tools you so expertly use were developed by teams of people who came before you and will be improved by those that come after. Those vulnerabilities and exploits were not discovered and written by one person, but by a community primarily aimed at helping to make us all more secure.
We often hear about Infosec folks and developers being introverted. I find this to be untrue; we may just be more interested and passionate about things others don't know or care about. Going to security conferences
, I am always impressed by how inclusive and collaborative the community is and find myself more excited about the conversations with friends – old and new – than the actual talk tracks themselves.
After every conference I always feel exhausted and humbled, as the more you learn about infosec, the more you realize you can't know everything and the more you respect people for their contributions in their areas of expertise and willingness to share it with the rest of us. Not everyone is the 1337 Haxor
and frankly, it would be incredibly boring and a waste of time if everyone was.
I find Infosec to be the Renaissance profession requiring a wide range of disciplines across a number of industries. That might be why I find so many successful people involved in Infosec that don't come from traditional technical backgrounds, but who are armed with liberal arts degrees and a passion for learning.
Infosec is based on a culture of learning and collaboration, not pretentiousness and exclusiveness. The next time you see someone struggling with a tool or technique, instead of calling them a "noob" try teaching or helping them, you may learn more about them, the tools and yourself in the process.
(Photo credit Dave Dugdale used under a Creative Commons Attribution-ShareAlike license)