deadPix3l

DEFCON 26 is over! As much as I would have liked to write posts each day, both too little and too much has happened for that to have been possible. So I am writing one overarching post, and will maybe cover more in-depth thoughts in later posts. So where to begin?

Lets start with a basic overview. There were incredible amounts of highly skilled people, much beyond my level, many people who were just starting out, and everyone in between. Seeing the level of knowledge, specialization, and everything else gave me severe imposter syndrome. Obviously I was in the wrong place if people are discovering hidden, undocumented RISC cores in x86, fuzzing for weeks, and writing an assembler for a completely new vulnerability platform! (Shoutout to Domas(moveaxeaxeax), I’m sure I will discuss this in another post at length.)

But there’s something important to remember about imposter syndrome, something I always find comforting. If you feel it, that means you are able to recognize the extent of your knowledge, and work towards improving. This is the Dunning-Kruger effect (something which is highly controversial it seems). If you know absolutely nothing of a topic, it is apparent, and you can admit it to yourself and others. Learning a small amount will produce overconfidence in your own assessment of your level, because you are ignorant of the depth of the field at hand. As you continue to learn, you become more aware not only of what you know now, but also of how much you don’t know. As you continue learning, you continue to discover the amount that could be known is much larger than you thought. This is often simplified as “the know-it-all knows little, and the one who knows it all will seldom admit it.” Okay, its not a real quote. I wrote that, but I like the way it sounds and I’m sticking to it. I try very hard to never succumb to this, always remaining aware that for topics I am just starting, they are much larger than I can see at the moment, and topics I am closely familiar with have always been as complex as it is. Similarly, I frequently assume anyone who self assesses any skill or knowledge they possess as a High level (or 7/10 or above, depending on what scale you are using), is likely much lower until they can prove themselves.

To my detriment, I will rarely admit that I am good at any topic, and when asked, I will usually say something like “I am pretty good(ish) at X”. I try to remain modest because I know I am no expert in any field, even the ones I consider to be my strongest. This is something I am working on changing. While I believe modesty is important, “I’m no expert at X, but I’m decent” will never set me apart. Self promotion and confidence is important. Overall, DEFCON attracts some extremely smart people, who know some extremely complicated things. And I will never be an expert at most of them, but I learned a lot, and thats what counts.

I’m sure this is the first of probably several DC26 related posts, each covering a very specific subtopic. I noticed imposter syndrome was a common theme because the field of hacking, security, and computers in general is so broad, that nobody could possibly know more than a miniscule amount. But that’s okay. The most important thing is: Keep learning! You’ll only get better!