4 minute read
THE WEIGHT OF AUTHORITY
by Simon Carabetta , Business Operations Lead at ES2
Back in 2020 I was kindly invited by a friend of mine from the security industry to share some time with him during his regular weekly guest spot on AM radio at the prime time of 9pm on a Wednesday night. I was pretty excited at the chance to talk about the upcoming Cyber Week events I was organising through the job I held at the time.
However, it did not take long for me to be caught entirely off guard when the DJ introduced me as a cybersecurity expert.
Expert? Surely he had gathered some open-source intelligence and vetted me online? A quick look at my LinkedIn profile would have shown him otherwise. Or maybe he just took my then job title as justification for the expert moniker. Either way, I was completely thrown. The only thoughts sprinting through my mind in the nanoseconds I had to reply were on how I could come up with a polite way to inform him, and the audience, that I was certainly no expert.
Why would I make this correction such a priority? Because words matter. When a trusted radio personality with a decent audience and following introduces a guest as an expert, the audience will take everything that guest says as advice and pass that information on to others. It was not about saving face, and it certainly was not down to ego. It was because I did not want my words to carry the weight of authority.
Every event I present at, every interview I participate in and every chat I have with friends, family and colleagues, I preface my statements by saying I am not an expert, but an observer with a passion for what I do and the industry I work in.
Looking back at that radio interview, I think I saved it from becoming messier than it could have been, because a lot of the expected technical questions did not come. Instead, I was asked about the future of careers in security, what some of my top tips were, and I got the chance to plug my events, which made for a lot of fun in the end. Some light-hearted jokes were thrown around. The interview ended with a firm handshake and a “We’ll need to get you back on the show again, mate” from the DJ. He was a nice fellow. I had a good time with my mate on the show, and it was something I will remember fondly as being the time I saved myself from some real trouble.
These days, I still feel very uncomfortable being referred to as a cybersecurity expert, purely because I am not. There are very many real experts in this industry and I am sure they will not mind being called out: the likes of local West Australian experts such as Rachel Mahncke, Vanessa van Beek, and my amazing colleagues Andy Battle and Steve Simpson
These are all experts, and I am extremely proud to say I have worked with them all or collaborated with them in some way. When I began formulating the main content for this article, I really started thinking about what makes an expert. Do experts recognise themselves as such? Do they also try their hardest not be referred to as such? (Even though all the aforementioned legends certainly are).
Does expert status require acronyms in front of and at the back of a person’s name (I have no idea what many of these mean) along with the coveted PhD? Does it require a long list of formal qualifications, certifications and dissertations? Does it simply require experience in a field and an extensive knowledge of all the subtle nuances of different avenues within security? Is expert status all of the above, or am I completely off the mark?
However, of one thing I am certain: the weight of authority is definitely something I do not want to bear in my career right now. Yet, if I want to progress further, I will certainly have to accept it. At the time of writing, I am in two distinct fields: project management and cyber/information security. It is at their intersection that I enjoy managing projects because they are security projects. And I enjoy the security projects because I do not have to deliver them personally (you are meant to laugh out loud at that!)
I am in no way an expert on project or program management, and I am certainly nowhere near being a security expert, but my passion for both is evidently there (more so for security) and I am learning more each day about both areas through the work I do, mostly thanks to the informative and helpful colleagues I am surrounded by. It is the latter who allow me to understand that an expert does not become an expert inside a bubble. Experts become experts because of their peers, their mentors and even their own students.
I do not have sufficient fingers to count the number of times I learnt more from my students in my teaching days than I learnt at university or through my teacher mentors. My experience in security has been similar. I am excited to begin my formal security education this year through the awesome Charles Sturt University. However, I also know, when the course finishes in October this year, I will still have so much more to learn, and a lot of that learning is going to come from colleagues, peers, mentors and mentees, for years to come.
So, maybe one day I will consider myself comfortable with the term ‘expert’… sometimes. I will probably still not like people referring to me as such, but at least I will be able to carry the weight of authority, sometimes. Why? Because words matter. www.linkedin.com/in/simoncarabetta
