Recently, someone called me an “expert”. While I was extremely flattered, it made me think a lot about my initial reaction to that label. If you’ve been in this field, you will note there are several people who go around calling themselves “experts”. A few of them are and a lot of them aren’t. Most of my introspection was with where I saw myself and how I allowed others to see me. Am I an “expert” or a guy who likes to talk a lot about security?
The answer to both of those is a paradox of sorts, as they are equally complicated and simple. According to some, being an “expert” means knowing a lot of stuff about security and sounding half-way intelligent about that stuff. Some would argue I fit into that category. While I hope I’m not, I certainly can understand how people can see me that way. Many people know a lot of stuff about a lot of stuff and “talk a good game” but lack real depth in their knowledge or experience. So, I can help but wonder, with 10 years of doing various jobs in security, a blog, and some above-basic knowledge, where does that place me? I’m also very passionate about security. Does passion, knowledge, and an audience make someone an “expert” and should I even want to be considered one?
When I first decided to start this blog, I did it with the intention of sharing security news and information with my audience. It soon became an opportunity to share my opinions and insight. While all that was very important, I always felt I needed something more constructive. There are tons of people all over social media and the rest of the Net who believe the “smarter” you sound, the greater your expertise. I have found a great deal of those people lack expertise and oftentimes, real knowledge of the subject matter. Don’t get me wrong. I’m guilty of this as well at times. Very guilty, as a matter of fact.
So what am I? I’m a student of security in both the literal sense and the rhetorical as well. I’m eager and willing to learn from anywhere. I’m not afraid to test an idea or hypothesis in the field or be reviewed by my peers. Sometimes, what I say and do sucks. I get stuff wrong – A LOT. My ideas may not be preferred or have any chance of success. Occasionally, I don’t stay in my lane. Okay. I can hear you laughing. I don’t stay in my lane enough at times.
So how do I go about fixing this? I decided to start changing how I viewed my interactions with people and the objectives I set for them. In other words, I felt it was less important to demonstrate knowledge than it was to receive and learn from others. I had been afforded an opportunity to label myself as an “expert” many times. It always felt hollow and empty, as if it was undeserved. After all, I was a security guard not too long ago and I had very average experiences in the military. I wasn’t Special Forces or with a federal agency doing anything “special”. My resume is a reflection of being very lucky and being at the right place at the right time. I did a lot of cool things and saw some cool places in this world. But was I an “expert”? No, I am not.
Too many “experts” are not willing to admit they are in fact still learning. Too many believe it is more important to demonstrate knowledge than to receive it. Too many believe the best analysis of a problem is the one that is more conducive to a “solution” they’ve created. Instead of more people willing to tell us about security, we need more people willing to sit down, shut up, and listen to what others have to share. From now on, I’ll be sharing my knowledge in an attempt to learn more than I teach. The only question left to ask is “Will I be alone?”