How do you deal with impostor syndrome?

I’ve had the opportunity to talk with a couple of people about privacy-related things in the last week. While it was cool to have that chance, I also felt like a fraud making recommendations about things I don’t fully understand that could potentially hurt them if they don’t implement it correctly.

For background, I have been interested in tech for most of my life, but I’ve never been actually technical. I don’t have an IT or CS degree. I don’t work in the field. I barely know how to use the command line. Installing Linux is my highest technical achievement.

So how can I make recommendations to folks who are less interested in cybersecurity or technology than I am? I know enough for me to feel comfortable with my decisions. I know how much I’m willing to put up with in order to try to make it all work. But will these other folks? What if I make a recommendation and then it turns out there was something bad in that option that I didn’t know about that ended up hurting them?

These aren’t unique to the privacy community, and I know that the best way to handle all of this is to preface it with the ideas of threat modeling and making sure to do research from multiple sources before migrating anything. However, I can still feel like I’m presenting privacy as something that’s easier to do than it actually is and there’s no way I can hold someone’s hand through all the caveats they should know beforehand.

Have you felt like this before? If so, how have you dealt with it? What has helped you?

1 Like

It’s a great question - one we all deal with on some level. But given your reticence, I’m guessing you probably couched your recommendations with a proper dash of humility and didn’t speak in absolutes. But that’s really the key: there are no absolutes. Even if you perfectly understood their threat model, it will change over time - as will the threats themselves and the solutions available to combat them.

For the vast majority of people, you’re really just going for the low-hanging fruit - and there’s usually a LOT of that. If you have someone in a special situation - a political activist, a journalist, someone in an abusive relationship, a whistleblower - then you need to refer them to true experts in those areas. But for most people, the simple solutions that improve their overall privacy and security are way better than the nothing they’re probably currently doing.

I’ve been making recommendations for years, but I always tell people not to rely only on me. Based on their situation and concerns, I usually have a handful of resources I can recommend to them to either back up my recommendations or give them alternatives.


Thanks for the confirmation! That’s pretty in-line with what I’m thinking, but I’ll lean even more in the direction of low-hanging fruit than I may have. Those are areas where I can feel fine putting something out that will generally work well. For stuff that’s more complicated I’ll say that it’s more complicated and to tread carefully.