Sarah Anderson lays out one area where being a “know-it-all” is actually pretty dangerous.
Unfortunately, many cybersecurity professionals either refuse or fail to accept the basic premise that he/she does not and cannot know everything. This failure or refusal is dangerous as cybersecurity requires a constant education and re-education from uncommon sources – news, Twitter, blogs, think tanks, alerts (from ISACs, government agencies, and software providers), and seemingly low-level employees.
A 2009 Harvard Business Review article entitled “Real Business Geniuses Don’t Pretend To Know Everything” acutely depicts the problem: “Just because you’re in charge doesn’t mean you have to have all the answers. Real business geniuses don’t pretend they know everything.”
Let’s be honest, this is not the only area of technology, law, business, etc. that is constantly changing and requires constant learning. If you’re not learning as you go along, you’re falling behind, and falling behind is cybersecurity isn’t just a career risk, you’re risking your organizations entire infrastructure.
I guarantee you the hackers you’re trying to protect it from, are learning all the time. If you aren’t, they will eventually beat you.
But, before you can get there, you have to admit you don’t know everything or have all the answers.
As I’ve written about with regard to training, you can’t learn what you think you already know.