Trust me. I'm an expert.

We’ve all heard the phrase, “Trust the experts,” implying that advanced degrees and years of experience guarantee the correct answer. But experts are still human—and humans make mistakes. Throughout history, even the brightest minds have been wrong due to overconfidence, bias, or flawed judgment.

In my training sessions, I ask every attendee to trust me 100%, but only during my talk. Afterward, I ask them to verify everything I’ve said, identify any errors, and improve upon any guidance I’ve given. This approach isn’t about undermining trust in me; it’s about fostering critical thinking?and accountability and encouraging practitioners to take ownership of what they discover independently.

Overconfidence: When Expertise Becomes a Liability

One of the most common reasons experts get things wrong is overconfidence. Specialists can become so comfortable with their knowledge that they dismiss new ideas or concerns. Overconfidence often develops after years of being right—or simply lucky—leading to the belief, “I’ve been doing this for years without issues, so I must be right.” It’s like a reckless driver assuming they’re great behind the wheel just because they haven’t had an accident.

Credentials and experience, while valuable, can also fuel overconfidence. Holding a PhD or multiple certifications doesn’t guarantee infallibility and can make experts resistant to feedback. For example, in the 1950s, medical experts recommended thalidomide to pregnant women, unaware that it would cause severe birth defects.

Even in tech, experts have made misjudgments: predicting that Y2K would cripple global systems, misattributing high-profile breaches, insisting MD5 hashing was secure, that Microsoft’s EFS would end forensics, and believing air-gapped systems were immune to hacks. These examples show that even the best professionals can overlook key details or misunderstand risks.

Science is a Process, Not a Final Answer

Science isn’t about finding unchanging truths. It is about continuous questioning, testing, and refining knowledge. When someone says, “the science is settled” or "this has been debunked" they risk shutting down skepticism, which is essential for progress. In effect, they have willingly closed their mind.

History offers plenty of examples where accepted ideas turned out to be wrong. Bloodletting, for instance, was a standard medical practice for centuries, believed to cure diseases by draining “bad” blood. In reality, it often worsened patients’ conditions, but the practice persisted for centuries because it was rarely questioned.

Truth vs. Facts in DFIR

In DFIR, understanding the difference between fact and truth highlights how experts can be both right and wrong. A fact is objective and verifiable, such as discovering a deleted file during an investigation. However, truth is the narrative built around facts, explaining what happened and why by interpreting facts. That same deleted file could represent malicious intent, an accident, or routine system activity, each having a different possible truth.

Lately, phrases like “my truth” or “your truth” have become popular, but this concept can blur the line between fact and truth. Forensic analysis relies on facts, what the data shows, and finding the most accurate explanation of events based on those facts. While different perspectives can provide valuable insight, truth in this context must align with evidence, not personal viewpoints.?

Even with the correct facts, experts may misinterpret normal behavior as an attack or overlook key details. Skilled investigators know that facts are only the starting point. Finding the truth requires critical thinking, an open mind, and sometimes re-examining previously dismissed evidence. In DFIR, this investigative mindset is crucial for getting it right.

The Danger of Groupthink

Even when experts agree, they aren’t always correct. Groupthink, when individuals conform to the majority opinion without question, can lead to severe mistakes. Practitioners in DFIR may hesitate to challenge widely accepted views to avoid backlash or alienation. But real progress often comes from those willing to question assumptions and explore alternative explanations.

This is why diversity of thought is essential. Encouraging different perspectives helps prevent blind spots and ensures that no one idea goes unchallenged. Unfortunately, in DFIR, consensus on incorrect ideas can sometimes form simply because no one speaks up.

Experts are Valuable, but not Infallible

Experts, no matter how qualified, are still human. They can be biased, misinformed, or influenced by personal gain, political beliefs, or ego/reputation. Even with good intentions, they can make mistakes. What defines a sound expert is not the absence of error but the ability to admit when they are wrong and adjust their views accordingly. When experts refuse to change their beliefs in light of new evidence or speak beyond their expertise, their credibility decreases.

Trust, but Verify

The phrase “Trust but Verify” originates in 19th-century Russian proverbs, reminding us that verification has been essential for a long time. This doesn’t mean we should dismiss experts altogether. Experts play a vital role in solving problems, saving lives, and advancing technology. But blind trust is dangerous.

Rather than accepting expert opinions at face value, we should ask for proof or test their conclusions ourselves. Science and knowledge advance through skepticism and testing, not by trusting someone’s credentials alone. If history teaches us anything, today’s expert advice could become tomorrow’s mistake. Challenging ideas and questioning authority aren’t acts of disrespect; they’re essential for ensuring facts rise to the surface. There’s beauty in respectful discourse, where ideas are contested, and the best ones prevail.

“I’m not an Expert”

It’s common to see people say online, “I’m not an expert,” even when they clearly are. An expert has knowledge and experience in a specific area that goes beyond what a layperson knows. In DFIR, if someone has the training/education and has worked through even one entire case—from collecting evidence through testifying—they’ve gained expertise that sets them apart from those who never have (ie: the layperson).

Reluctance to call oneself an expert often stems from discomfort with comparing one’s skills to others. Expertise isn’t about being the best—it’s about having experience others can learn from. Embracing different levels of expertise helps us grow and support each other in the field.

So, are we supposed to?trust experts or not?

Experts are crucial in advancing knowledge and solving problems but are not immune to error. Their guidance should be valued?but not followed blindly. Mistakes, like those made with thalidomide or Y2K predictions, remind us that science is a learning process through success and failure.?

Ultimately, trust in experts is important, but it must be accompanied by healthy skepticism. The key is not to reject expertise but to engage with it thoughtfully: trust, verify, and always remain open to new evidence. This balance ensures that pursuing truth (based on facts!) remains a collaborative and evolving journey.

My point

If you are an expert, the field knows it, so stop denying it.? ?Recognize your level and scope of expertise. Stay within your lane. Your words are heavy; use them wisely.

By this, I don't mean to get a domain of "DFIRexpert.com" and shout to the heavens that you are an expert.? Just know that if you speak (or write or post) with authority, you are influencing others?in?DFIR. This makes you an influencer?and?thought?leader, whether you like it or not.? The only other option you have is to say nothing and write nothing publicly, and then you will have done nothing to better the field than when you found it.

source: https://brettshavers.com/brett-s-blog/entry/trust-me-im-an-expert