Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

URL has been copied successfully!
Talent overlooked: embracing neurodiversity in cybersecurity
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

In cybersecurity, diverse perspectives help in addressing complex, emerging threats. Increasingly, there’s a push to recognize that neurodiversity brings significant value to cybersecurity. However, neurodiverse people frequently face systemic barriers that hinder their success in the field.Neurodiversity refers to the way some people’s brains work differently to the neurotypical brain. This includes autism, ADHD (attention deficit hyperactivity disorder), dyspraxia, and dyslexia, which are generally experienced along a spectrum.”My experience of being neurodivergent, diagnosed with autism, ADHD and dyspraxia, in cybersecurity is challenging, but also very rewarding,” says Lisa Ventura, cybersecurity practitioner and champion for diversity and inclusion in the industry. In 2023, Ventura was appointed to the Most Excellent Order of the British Empire (MBE) for her work in cybersecurity and diversity and inclusion. Neurodiverse traits such as creativity, attention to detail, hyper-focus, and innovative problem-solving skills can provide distinctive strengths to cybersecurity. “Meticulous analysis of threats, anomalies, and system vulnerabilities are essential, so these traits can be invaluable,” says Ventura.However, transforming the industry to be more inclusive will take time and work. Meaningful change will need leadership buy-in, employee awareness, and having neurodiverse people guiding initiatives.”Not all organizations have fully embraced neurodiversity, and stigma or misunderstanding about neurodivergent conditions still creates barriers,” she says.Traditional corporate expectations can clash with neurodiverse strengths, according to Rick Doten, VP, information security at Centene Corporation. Doten has undertaken ADHD and autism certification courses through Pesi.com and presents keynotes, training, and podcasts on the subject, advocates for greater awareness and acceptance to help people feel supported and more open about their neurodiversity. “Through my clinical education, and being autistic and having ADHD myself, I’ve learnt acceptance comes through accommodating and understanding neurodiversity,” he says.Doten believes there’s a need to recognize that many neurodiverse people are employed in the field and make it safe for them to identify without fear of discrimination and adjust expectations. Recognition and acceptance can have a profound effect on individuals, who can struggle with judgment, confusion, anxiety and even substance abuse and trauma.”The most common response when I do a presentation is people saying: ‘I feel like you’re talking about me’, or ‘I feel seen and I can understand why I’m this way and start forgiving myself’,” he says.Misconceptions and bias about neurodiverse people often stem from attributing behaviors like procrastination, interruptions, or social difficulties to personality flaws rather than ‘executive function’ challenges that impact motivation and focus, says Doten.Executive function refers to the processes in the brain that govern planning and organizing, and with neurodiversity, it can manifest as difficulties with focus, working memory, and switching tasks. However, these traits can be highly beneficial when put to the appropriate task in cybersecurity.People who excel at hyper-focus usually thrive in meticulous, detail-oriented tasks such as forensics or project management. On the other hand, individuals with a multi-threaded focus tend to excel at rapid problem-solving and improvisation, making them ideal for roles like incident response or ethical hacking, according to Doten. “Neurodiversity has many positive traits and both styles are equally valuable, but suited to different work functions,” he says.Applying his experience and training when managing team members, Doten might coach someone who tends to be a perfectionist that their 80% will be more than good enough. Another person may prefer reassurance before a meeting or receiving certain emails to lower anxiety.Knowing what’s driving behaviors like distraction or talking too much, structuring tasks to help with transitioning, knowing the clock may be different for some or just not expecting everyone to show up as ‘well-rounded’ in the same way helps break down barriers.”The core of it is understanding how people work, allowing them to do the things they’re best at and not disrupting that,” he says.

Addressing the cybersecurity workforce gap

Addressing the global cybersecurity workforce gap has put a focus on improving the participation of neurodiverse people in the field to help meet the shortfall. The gap is estimated to be more than 4.7 million people, widening by almost 20% year on year, according to ISC2’s 2024 Global Cybersecurity Workforce report. Employing people with diverse backgrounds should be part of efforts to address the talent gap, the report noted.Jon France, CISO with ISC2, agrees that overlooking neurodiverse talent is limiting the potential recruitment pool at a time when the industry needs to widen its scope.But there needs to be more than one path into the profession that looks the same for everyone. In some cases, it might mean looking at different skills and traits and shifting away from a single focus on hard technical skills to things like logical and critical thinking to open wider recruitment and selection practices. “Using a singular route will automatically lock out some people before you’ve seen what they’re capable of,” says France.To help retain neurodiverse team members, the workplace culture and environment needs to be inclusive. France has found that within the natural constraints of businesses and how they operate, it’s possible to make reasonable adjustments for neurodiverse team members.Ideally, inclusivity means approaching neurodiversity as part of human diversity where all can thrive. “If we do a better job of recognizing that not all things work for people in the same way, we can make reasonable adjustments and get the best out of individuals,” he says.

How can workplaces become more supportive of neurodiverse professionals?

Employers are recognizing untapped reservoirs of talent in neurodiversity, according to a Crest 2020 Neurodiversity in the Workplace report. However, while the industry informally values many traits of neurodiversity, workplaces don’t necessarily provide suitable accommodations and support for individuals.”We don’t always fit in a certain box that’s considered ‘normal’ but if you look at neurodiverse people like me diagnosed with autism, ADHD, and complex PTSD, these traits can have a significant impact in cybersecurity,” says Nathan Chung, cybersecurity engineer and advocate for neurodiversity in the industry.Chung says he would like to see managers recognizing that everyone’s different and understanding what’s needed to thrive in the workplace.Workplace accommodations can take many forms, such as:

    Adjusting seating, light or noise,Splitting long cognitive tasks into manageable increments,Applying arbitrary deadlines to help with time management,Structuring tasks to manage energy and attention,Pairing tasks with music to help distract an active mind,Tools to help manage task transitions.However, recent moves away from remote work, particularly in the US, could prove problematic for those people who find it more comfortable to work away from a formal office setting, according to Chung. “One of the biggest blockers for new people who are neurodivergent like me is limiting remote work, and a lot of the big tech companies are taking this away,” he tells CSO.On the upside, existing organizations and industry initiatives have been running to harness the potential of neurodiverse people in cybersecurity and the broader technology industry. Among technology companies, Microsoft, SAP, Dell, Google Cloud, and DXC Technology have established programs to support neurodiverse professionals.While these initiatives are encouraging, Chung argues that neurodiverse employees should be integrated and provide opportunities for advancement. “Any specialist recruitment programs shouldn’t just include entry-level jobs that attract a minimum wage,” he says.Beyond the private sector, CISA recently launched a Neurodiverse Federal Workforce (NFW) initiative to increase opportunities for neurodiverse professionals. MITRE has partnered with organizations under the Neurodiverse Federal Workforce Pilot Program and recently launched the Neurodiversity@Work Playbook for workplaces.It’s not just cybersecurity where neurodiverse talent can strengthen the industry. It’s also becoming a national security issue, with research suggesting neurodiversity, like other forms of diversity, can strengthen a national security organization and a broader spectrum of cognitive skills needed to address national security challenges.Neurodiversity can strengthen a national security organization; however, recruitment and hiring processes pose barriers and neurodivergence is treated as a disability within the US government, according to a RAND report.”There are many unpredictable situations around the world and harnessing neurodiverse people on these national security challenges could potentially make some amazing progress,” says Chung.

    Tackling the hiring challenge, or the ‘great firewall of HR’

    Increasing the participation of neurodiverse people in the profession requires training and education opportunities that open more pathways. In the US, UK and Australia, there are a range of schemes offering opportunities for people to start from the basics with a view to employment.Untapped Talent developed Genius Armoury, supported by AustCyber and partner organizations such as universities and technology businesses, to offer cybersecurity training specifically tailored to neurodiverse people. Those who have gone through their program have taken up roles in banks, telecommunications providers, and the mining sector in the four years the program has been running, says Raza Nowzory, senior director of cyber at Untapped Talent.Under the guidance of experienced tech leads and dedicated workplace development consultants, participants start with computing fundamentals and move through to cybersecurity training.As they advance, participants transition to employment with partner organizations and benefit from in-role training through structured internal rotations. Managers within each department provide more specialized training to support their continued development. “With no background in technology and no understanding of cybersecurity, they can come on board, and we’ll teach them and after six months they’re able to go into an organization” says Nowrozy.Untapped also works closely with the businesses to help them prepare to onboard neurodiverse staff with sessions focused on building supportive frameworks, identifying workplace accommodations, and training tailored for their capabilities. “We can help uplift internal policies at these businesses to support these provisions and educate everybody on how to interact with a neurodivergent person as a colleague and an employee,” he says.Recruitment practices are critical to improving the proportion of neurodiverse talent in the industry; however, neurodiverse professionals can struggle with conventional recruitment processes that rely on rigid assessments, formal Q&A-style interviews, and conventional measures of social interaction.The Precisionists is working to bridge the neurodiversity employment divide by offering training, job opportunities and guidance for employers. It has adapted recruitment processes to help neurodiverse candidates feel more comfortable and remove some of the barriers to demonstrating their skills and potential.CEO Ernie Dianastasis says support programs make a huge difference in lifting the under- and unemployment rate for neurodiverse people, which can be very high. The organization has done away with the traditional HR interview and the expectation that potential candidates will have a certain educational background. “One of the things that’s been a career killer for these individuals has been the traditional HR interview, so we don’t interview,” says Dianastasis.Along with discarding the interview, they don’t require resumes or degrees to get in the door. Instead, the focus is on someone’s aptitude and what they’re good at and if they can do the sorts of business and IT services the organization provides to its clients. “We’re interested in understanding how someone is wired and what they’re good at,” he tells CSO.Doten says that conventional hiring practices can screen out exceptional candidates who don’t conform to standard evaluation methods. “There needs to be someone in the room who takes a different approach so when going through resumes I want to see everyone who thinks they can do the job and we don’t filter on anything,” he says.In most cases, it’s HR following organization policies that prevent alternative approaches, but a rethinking of traditional hiring practices could offer more inclusive options, such as allowing more informal interviews, using conversations rather than conventional question-and-answer formats or avoiding unnecessary stress with large interview panels.Doten’s approach can involve finding out about particular passions or hobbies as insights into someone’s personality and interests or gauging the enthusiasm they have for certain things in interview discussions.It helps reveal the unique strengths and motivations that might not emerge through traditional interview questions and is a way to gain insights into someone’s suitability and where they might excel.”My goal is just to get the best person for the role,” he says.

    First seen on csoonline.com

    Jump to article: www.csoonline.com/article/3616024/talent-overlooked-embracing-neurodiversity-in-cybersecurity.html

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link