This is a good post from Om Malik where he talks about what makes an expert:
Just because someone labels you as an “expert” doesn’t mean you are one. People get a lot of credit these days for stumbling onto things that may very well have happened had they been standing there or not. In addition to luck and talent, it takes time to become actually good or great at something. It’s not so much the 10,000-hour theory that is popular these days, but rather it’s about learning the lessons that only time can reveal.
Most ‘experts’ are fake. If you call yourself an expert, you are certainly lying to everyone and yourself. True experts are hard to find, because they are focused on their craft so intensely, that you rarely know who they are. At least that has been my experience.
This struck me after having read Brian Krebs’ article about Marcus Hutchins, the guy who was responsible for both stopping the spread of the global WannaCry ransomware outbreak in 2017 and spreading the “Kronos” banking trojan in his younger days. Krebs describes Hutchins as an “accidental hero”, a “security enthusiast”, and a “security expert”. The middle one is probably the most correct of the bunch, but “security professional” is best.
The hero descriptor is perhaps more egregious than an expert label. We, in general, throw hero around far too liberally. In the WannaCry case, Hutchins was not unique in his discovery. He was first. Hutchins did not display exceptional courage, nobility, or strength when he registered the domain for DNS sinkhole-ing the malware. He did spend money and time, and he benefitted a lot of people, organizations, and companies through his swift action.
I value Krebs’ reporting and the risks he takes when writing some of his pieces, but I did not care for this. Let’s temper descriptors, shall we?