Red Teaming

4 min read

Cybersecurity's dark secrets: 3 confessions from industry experts

From gnawing imposter syndrome to communication challenges with execs, cyber pros at DEF CON anonymously shared their “unfiltered truths” about working in the industry. Can you relate?

Hassassin avatar

Hassassin,
Sep 24
2024

At this year’s DEF CON in Las Vegas, we had the privilege of speaking with some of the most brilliant—and brutally honest—cybersecurity professionals in the game. 

Embracing the community-centered open spirit, we decided to ask them one simple question: What’s it really like working in cybersecurity? 

Their answers? 

Well, they didn’t hold back. 

Here are some anonymous confessions and insights straight from the trenches. 

Confession: I don’t know enough

When asked about “the biggest challenge” they faced, many security professionals shared a mutual sense of falling behind due to their lack of skills and knowledge. 

Surprisingly, this even includes mastering the basics. 

As one person commented, their biggest challenge is “overcoming not knowing all the fundamentals.”

htb cyber confessions
 

Cybersecurity pros often feel the pressure to know everything, especially with the flux of new vulnerabilities and exploits. 

This constant learning curve can lead to imposter syndrome—a feeling that you're never quite skilled enough. But here's the thing: no one knows it all.

Many of the professionals we surveyed said they’d feel more supported by management with dedicated time and resources to learn. 

It shows that building a supportive learning environment, where continuous development is the goal (not perfection), can ease the burden. 

“One thing a manager or organization could do to make work more effective, engaging, or impactful for a cybersecurity team is to provide regular opportunities for training and development. This could include sponsoring certifications, attending workshops or conferences, or offering in-house training sessions on the latest cybersecurity tools and techniques.”

Let’s normalize the idea that cybersecurity is a marathon, not a sprint. The small wins are just as important as the big ones. 

Encourage yourself and your team to celebrate them.

Confession: There’s little room for stress-relieving fun 

htb cyber confessions

Our recent research shows that we’re on the brink of a mental health crisis in cyber, with 84% of workers experiencing stress, fatigue, and burnout.

Burnout is a recurring theme among security professionals, and it’s not hard to see why: 

The pressure to constantly be on high alert for the latest threats and upskilled on the latest techniques is ever-present. And it takes a costly toll on everyone. 

Maintaining team morale in such an intense environment is no easy feat. Even seasoned pros feel the pressure of keeping up with the threat landscape. 

It's a reminder for beginners and advanced pros alike, let’s “release” workload pressure by finding the fun within cybersecurity. 

“Dedicate time for team building regularly so that employees can take a break from the constant threats of cybersecurity.  Use the time to learn something new and fun. ”

Consider this is your license to have fun: 

  • Feel free to explore a new topic you’ve wanted to learn about, “just because.”

  • Join a CTF or security event with friends or work colleagues. 

  • Wrap your head around new tech or tools you’ve wanted to dabble in.  

Confession: Getting non-tech execs to care is an art

Convincing executives of the importance of cybersecurity can feel like pulling teeth, but it's essential. 

htb cyber confessions

Cyber professionals often struggle with translating “communicating cyber threats/privacy concerns to non-technical users.” 

What’s needed? 

Effective storytelling and data that ties cybersecurity risk to the bottom line. In a world where board members speak the language of ROI, cyber pros need to connect threats to the business's profitability and reputation. 

If you need some help with that, read our full guide on speaking in executive-friendly language.

Our biggest takeaway from DEF CON

Recovering from the frenetic fun of DEF CON gave us time to think about what makes the event and our industry so special: 

It comes down to resilience, creativity, and above all, a commitment to continuous growth that comes with the territory of being a security professional. 

As special as working in cybersecurity is, these confessions show it’s not always a walk in the park due to the nature of the industry's unique challenges. But we believe the good grossly outweighs the bad and would like to think you’d agree 💚. 

Our takeaways? 

  1. For security pros: find the fun in your day-to-day by staying hungry for knowledge and new skills. 

  2. For managers: Invest in your people and bring them together. This helps shape environments where burnout is mitigated and strong cyber performance is the rule. 

Hack The Box helps you and your team all the above with a range of cybersecurity courses, labs, and CTF events. 

 

Hack The Blog

The latest news and updates, direct from Hack The Box