Why it's ok to be an amateur in Cyber Security
Updated: Nov 24, 2021
Photo credit: Paul Grapendaal
When I was growing up I noticed that unlike a lot of my friends I never really belonged to any particular group or clique. I was friendly enough with everyone to be allowed in their circles from time to time but I did not get hung up about whatever it was that defined each group, the sport, the music, or the fashion (my first concert was the Beasty Boys but I also enjoyed Gun’s n Roses, and electronic music).
I was and still am easily excitable about a lot of things and I often end up getting passionate about something for a while only to replace it with something else in a few months or years. This allowed me to dabble in many different things but never become really good at any of them: I joined indoor and beach volleyball teams, got into mountain-biking, became an art teacher to elderly ladies, completed my Yoga teacher training, started trail running, and I can’t get enough of reading or listening to podcasts about everything and anything.
People who dedicate their lives to one thing, be that a sport, hobby, or career have looked at me before and judged it as scattered or unfocused. Because of this, I remember buying a book in my twenties “What Do I Do When I Want To Do Everything?” which helped me feel less weird about it.
One thing I find fascinating about working in the Security and IT industry – and probably why I’ve stuck around in it for so long - is the number of people who are like this too – people with a variety of skills, talents, and interests, that seem to change over time. Often the more unassuming the person appears at first glance, the more incredible their achievements are.
There was this networking engineer at Internet Solution who walked around in flip flops and shorts and who had 3 PHDs, one of which was in astrophysics. Today Melissa, who works in our software engineering team told me that in her past she was a tax attorney in New York with two law degrees.
My colleague Roger Grimes published 15 books, is into scuba diving, quantum physics, politics, and used to be a skydiver, BASE jumper, and sky surfer for 10 years. He was also a cave and wreck diver for many years.
Roger likes to immerse himself in topics for a few years at a time. Right now he is into quantum and particle physics.
I worked with Paul, a senior security engineer with a wicked sense of humor who in his spare time builds telescopes, with which he takes really cool space photos, restores a Pontiac Firebird 1981, goes surfing and mountain biking, and still finds time to be a good dad and husband.
Paul's Pontiac :-)
Charl a security pentester, entrepreneur, and researcher, is on the board of a children's charity and completed some grueling races in the deserts as well as in Antarctica.
Kerissa, the managing executive for Cybersecurity at a global mobile operator who is also spearheading the private-public sector collaboration group Cybersecurity Digital Alliance and is the president at WiCyS South Africa while juggling to be a mum is an incredible supporter of girls and women in the industry.
The Big 5 personality traits provide an indication of this tendency. People with high scores on Openness are inspired by all sorts of matters. They enjoy experiencing new things and going (deeply) into new issues all the time: they become bored otherwise.
That is why perhaps the security & tech industry suits people with that personality trait so well and why one feels “understood” by one’s peers. Also, there are many domains security touches on from networking to psychology to software engineering, to endpoints to cloud architectures, and many more. And each one of them allows for digging into very deeply.
Diversity of thought, cross-domain thinking, and knowing how to research something quickly are helpful tools in complex problem solving, a skill that is definitely top of the list for any security professional worth her salt.
The security landscape is constantly changing, requiring a lifetime of learning and adapting. Sometimes this everchanging field can become daunting or overwhelming, particularly when social media gets thrown into the mix, a distraction that can create a lot of noise without necessarily providing much substance.
Self-discipline to focus on finishing one task at a time is crucial to making sense of it all. Mindfulness and productivity hacks such as Inbox-Zero, master-lists, and Eisenhower's Urgent/Important matrix really helped me to focus my Dory-like attention span on what matters and getting stuff done.
Even after 20 years in security (20 000 hours?) I’m anything but an expert in any of the domains. But I’m ok with the fact that I’ll probably be forever a jack of all trades rather than a professional in just one. Having done many different things over the course of my career, most of which were security-related, I’m still an amateur. But the word amateur comes from the Latin word amare, meaning to love. So it describes someone who does something purely for the love of it. And isn’t that what it should all be about anyway?