A field manual for identifying species in the wild.
Every industry has its egos. Cybersecurity just happens to breed them in captivity—fed on acronyms, sustained by vendor swag, and released into the wild with LinkedIn accounts. What follows is a working taxonomy. You will recognize these species. You may even be one.
1. The Overconfident Generalist
Habitat: Panels, podcasts, and any room with a microphone.
Call: "In my experience…" (experience = one SANS course and a breach webinar).
Speaks in sweeping statements. Uses "zero trust" as a personality trait. Thinks frameworks are Pokémon cards.
Threat level: Low. Mostly loud, rarely harmful.
2. The LinkedIn Thought Leader
Habitat: Your feed, unfortunately.
Call: "This is a leadership lesson."
Turns every breach into a motivational speech. Writes like a cybersecurity fortune cookie. Ends posts with "DM me to learn more."
Threat level: Medium. Causes eye strain and secondhand embarrassment.
3. The Compliance Crusader
Habitat: Conference rooms with fluorescent lighting.
Call: "Is this SOC 2 compliant?"
Believes checkboxes equal security. Treats frameworks like scripture. Thinks risk = "did we fill out the form."
Threat level: High. Can derail entire programs with paperwork.
4. The Tool Maximalist
Habitat: Vendor expos, budget meetings.
Call: "We just need the right platform."
Wants to buy a new tool for every problem. Doesn't understand any of the tools they already have. Believes dashboards are detection.
Threat level: Severe. Leaves behind a trail of unused licenses.
5. The Incident Response Cowboy
Habitat: War rooms, Slack channels at 2 AM.
Call: "I got this."
Lives for chaos. Hates documentation. Treats every incident like a personal duel.
Threat level: Variable. Brilliant under pressure, terrible at everything else.
6. The Eternal Pen Tester
Habitat: Hoodies, DEF CON, dark rooms with RGB lighting.
Call: "I could hack that."
Thinks offense is the only real security. Has 47 CTF trophies. Believes blue teams are "cute."
Threat level: Moderate. Will hack your toaster for fun.
7. The Governance Philosopher
Habitat: Whiteboards, frameworks, existential dread.
Call: "But what is risk?"
Writes 40-page documents no one reads. Speaks in abstractions. Accidentally invents new disciplines.
Threat level: Low. Harmless unless given a committee.
8. The SME-By-Declaration
Habitat: Everywhere.
Call: "As a cybersecurity SME…"
Expertise is self-awarded. Confidence inversely proportional to competence. Loves to correct others, rarely correct themselves.
Threat level: Extreme. The ego that expands faster than their actual knowledge.
Why This Taxonomy Matters
Because every single one of these archetypes is real. You've met them. You've worked with them. You've watched them posture.
And the punchline is always the same—the people with the biggest egos are almost never the ones with the deepest intelligence. The real experts are too busy doing the work to perform expertise.
The species most worth studying is the one you recognize in the mirror.
Top comments (2)
This was both funny and painfully recognizable.
What stood out to me is how many of these archetypes seem to come from the same root problem, performing expertise rather than quietly building it.
I sometimes wonder if the pressure to constantly signal knowledge (especially online) is what creates these personas in the first place. The people doing the deepest work rarely have time to perform it.
Curious if you think these archetypes are mostly a product of social media, or if they’ve always existed and the internet just amplifies them.
Both—they've always existed, but the internet didn't just amplify them. It removed the friction that used to contain them. I'm writing a follow-up on exactly this.