A pen tester works in an office at a desk behind a computer screen for hours on end. Working in an office with nerds brings several challenges, and in this post I will share my personal experiences to help you handle these.
Concern yourself only with matters you control
Take on the right amount of responsibility. Every company has things that can be improved. Maybe reporting takes longer than scheduled, or the sales department is always late with the signed contract, or the paper in the printer jams every Monday. Don’t burden yourself with all these things. Concern yourself only with doing your job. You have a limited amount of control over the company, so trying to fix the whole company by yourself will only make you frustrated.
In my previous job, I felt responsible for everything that went on in the company. The responsibilities of my job were not clearly defined, and this made me worry about everything. In my current job I stick to my job of testing web applications, and this works much better.
If you have the feeling that you have some room left to worry about other things, pick one problem at a time to solve. But make sure that it is solvable by you. Worrying about problems that you can’t solve only brings you stress.
Keep to a maker’s schedule
If I start working at 9:00 and have a meeting at 10:00, I don’t get much work done during that first hour. I have to remember to go to the meeting on time and there is not a lot of time to settle down and concentrate on work. Personally, I am more efficient and work better if I can spend the whole day hacking on a project. Paul Graham distinguishes between the maker’s schedule and manager’s schedule: a maker is dedicated to one job, while the manager goes from meeting to meeting.
Mixing the two works out quite poorly in my experience. If I have several meetings in a day, I don’t get any concentrated work done in the meantime. Therefore, I try to avoid meetings and interruptions if possible, or otherwise plan them all on the same day.
This is partly the reason why I try to avoid project management tasks. They take up too much mental power. I will have to remember them and break up my day to switch contexts. I am happier spending the whole day on a single project, hacking away at web applications.
Consider the silent mass
Events or people that are very good or very bad stand out, and you are likely to focus on these. You may be annoyed by that one coworker who seems to slack off all day. But for every annoying slacker there are ten people who just do their jobs and don’t get noticed. The people that don’t stand out are the majority of your colleagues and you should give them a fair part of attention.
In one of my previous posts I complained that some of my coworkers have hostile people skills. I used to be quite annoyed by that, until a colleague pointed out that there are only a few bad apples in the company. My confirmation bias made me ignore the majority of my coworkers who are friendly and nice people.
Don’t be an impostor
Impostor syndrome is the feeling that you are not as good as your colleagues, and you continually fear that they will find that out. This is quite common with people working in infosec. People with impostor syndrome often try to compensate by pretending they know everything, that they never make mistakes, and that they are better than everyone else. This can give the impression that they are much smarter than you. But keep in mind that this is just show. Don’t fall for it!
At first I used to try to one-up on these impostors by also spewing facts or knowledge. This doesn’t work and only breeds hostility. Instead, admit your mistakes and show that you are not all-knowing. This makes you vulnerable, which is a good thing, because it builds trust between people. This prevents you from becoming an impostor, and helps break down the wall of other impostors.
Have a hobby
If you are very invested in your job and try to get all meaning in life through your work, it puts you at risk when something bad happens with your job. Instead, invest time in a hobby, art, religion, sports, music, family, or relationship, so that your work is not your only source of engagement in life.
Preferably, this hobby does not involve a computer, but makes you get out and meet people outside of cyber security. Meeting people outside your bubble can be very inspiring.
When I got a burnout at my previous job, I was happy that I volunteered as a venture scout leader every Friday night. It gave me positive energy and showed me there are other things in life than my job.
Contribute to society
A feeling that you matter is important in life for most people. One way to achieve this is by contributing to society. This can be through your job, and you should think about this when looking for a job. However, you can also contribute to society outside of your job. For example, by maintaining open source software, helping in a community center, or writing blog posts. An alternative is to donate to charity. This way, you can do a lot of good while not spending more time.
For me, this blog is an important part of my contribution to the world. I reach many people this way and help people learn about information security. It increases my influence on society.
Get to know yourself
Get to know your strengths and weaknesses.
One thing that bothered me was my own perfectionism. It took quite a while to recognize this about myself, and that it was a bad fit with software development. I held any source code I made to a very high standard. Other people working on the same source code did things differently, and would not conform to my perfectionist views. I used to think these people should have the same high standards as me. In reality, large software development projects would always make me frustrated since it is impossible to keep the quality unrealistically high all by yourself.
I still struggle with perfectionism, but now I recognize it. I am less frustrated by it and I can better articulate it when talking about it.
Make the best of it
Don’t let perfect be the enemy of good when it comes to a job. Don’t get annoyed with little things in your job. Don’t get stuck in negativity over a few things that don’t work so well.
Having said that, as soon as you start to hate your job, start looking for a new job. It’s pretty hard to know upfront what a job is going to be like, so you have to try it out and switch jobs if it doesn’t work out.
I shared some struggles I have while working at a pen testing company, and some tips how to handle them. Hopefully these will help you with deal with and reduce the stress with your own job.