Transmissions

by Dragorn

Polymath or Dilettante

The hacker skill set that lets so many of us get interesting work done lies somewhere between a mindset and a continual vocation.  I don't think many who self-identify as hackers feel their skills are tied to a single job or set of tasks - sysadmins, pen-testers, hardware hackers, and the whole gamut of others benefit significantly from embracing a larger set of skills.  The ability to quickly pick up at least a minimal working knowledge in a new domain is often crucial when working on a project, professionally or personally - the ability and willingness to pick up new skills may even be one of the core defining characteristics of the hacker mentality.

Unfortunately, the dangerous downside to this flexibility may be the risk of perceived expertise: It's tragically easy to feel like operational knowledge is similar to expertise, and it's a trap we all fall into sometimes.  Perhaps the exhilaration of gaining new knowledge, or the ability to demonstrate wide-band competency grants a feeling of expertise, but often it simply isn't so.  A common number quoted is ten thousand hours of active practice to gain "expert" status in a field, which is a time commitment we rarely get the luxury of.

A second trap is that expertise in one area doesn't necessarily grant expertise in another.  Just like being a doctor doesn't make someone a good mechanic, being amazing and reverse engineering doesn't make someone an expert in pen testing.

Both of these are a pernicious trap; obviously, if carried to an extreme it is intellectually dishonest, though those are harsh words and (hopefully) seldom the case.  Without going to such lengths in the argument, it still leads to what is basically laziness - assumption of expertise makes it much too easy to ignore advice, stop exploring new options, and to not take advantage of true experts in the field.  When all you have is a hammer, everything looks like a nail, and when all you have is a few dozen tricks in a field, everything looks like a problem that can be solved with them, even when there may be far better solutions.

This isn't to say there aren't true expert hackers throughout the various disciplines, only that as a breed perhaps we gravitate towards generalism.  For the sake of argument, take the 10,000 hour figure as a reasonable baseline figure.  That's slightly over a year of raw time, or nearly five years of focusing on a specific set of skills for a normal work week, a daunting amount for those of us who thrive on branching into new topics continually.

To avoid falling into the trap of complacency, always seek to strengthen your skills.  The world needs generalists, domain experts, and experts with generalist skills!  There may be no way to shorten the amount of time needed to become amazingly proficient, but some of the same study skills most of us ignored in school would probably help; minimizing multitasking, and teaching others as a self-training exercise.

Multitasking is something we all do, and something we should all do less of - literal multitasking - swapping between browser sessions, code, design work, instant messaging, email, and whatnot - and longer scale multitasking - jumping between vastly different projects during a week without having the time to really devote to subtleties.

These words are not directed at any one person or group, but at a pervasive attitude which sometimes our community falls victim to.  We owe it to ourselves, as a community, to make as much effort as possible to keep open minds, at least a modicum of humility, and continue learning as much as possible - beyond scratching the surface.  We've got plenty of room to embrace expertise and wide-spectrum skills.

Let's keep at it.