The Inclusive Workplace: Could Neurodiverse Talent Help Fill The Cybersecurity Skills Gap?
Guest author: Holly Foxcroft, Head of Neurodiversity in Cyber Research and Consulting at Stott and May Consulting
Published on 6th February 2023
It’s no secret that we’re currently in the midst of a global cybersecurity skills shortage. Research suggests that there are an estimated 2.7 million unfulfilled positions within the cybersecurity workforce.
Clearly this is a problem that requires a long-term fix, but are organizations failing to take advantage of an untapped resource of talent already available? Could neurodiversity be the key to supercharging the development of cyber risk management software, identifying new cyber threats, and developing more adaptive risk management plans?
Neurodiversity in cybersecurity
Neurodiversity may not yet be a term that is widely recognized, but an estimated 1 in 5 people have a neurodivergent condition. Neurodiversity refers to the differences in brain function from person to person and how it impacts their daily mental functions. It means that some people’s brains function differently from others, but this should not be seen as a disability. And the good news is that there are many neurodiverse qualities that could be widely utilized in the cybersecurity sector.
People with neurodivergent conditions are often seen as different because they don’t communicate or socialize in the same way as everyone else. This can often lead to the assumption that they are unable to perform certain jobs, because they don’t have the required skills to cope with working in a challenging environment, such as a cybersecurity team.
Thankfully, this is an assumption that many organizations are beginning to dispel. So are we moving to a place instead where the value that neurodivergent people can bring to cybersecurity is beginning to be recognized?
It’s time for cybersecurity leaders to think outside the box and move away from traditional stereotypes
What is neurodiversity?
Neurodiversity embraces differences in our brain function and behavior and considers them a natural manifestation of humanity’s variety, and not as wrong or problematic.
Typically neurodiversity is split into two subcategories, neurotypical and neurodivergent.
Neurotypical: Those who are neurotypical usually do not have to think about how their brain functions or behaves, as it fits standard ideas.
Neurotypical is defined as:
- People with standard brain processing and function
- Those who are neurotypical often don’t know they are
- Neurotypical is seen as ‘normal’
Neurodivergent: Neurodivergent people are usually made aware that their brain functions differently to others and may be diagnosed with conditions such as autism, ADHD, OCD, dyspraxia, dyslexia, dyscalculia or Tourettes.
Neurodivergent is defined as:
- People whose brain functioning and processing deviates from what is considered ‘normal’
- Those who are neurodivergent are usually aware their brain functions differently
- Neurodivergent is seen as ‘abnormal’
Neurodiveristy should be valued in the workforce and can be linked to increased creativity and problem solving
What are the benefits of having neurodivergent team members?
Research from the World Economic Forum suggests that by 2025 50% of all employees will need to be reskilled in order to keep pace with technological advancements. This is a clear indication that organizations need to move away from traditional recruiting methods and look at other ways of addressing the skills gap.
An invaluable natural skillset
Those individuals who are neurodiverse tend to think outside the box and have the ability to see scenarios from different perspectives. For example, neurodiversity is commonly associated with individuals who may have been diagnosed with ADHD or autism, meaning they often have an aptitude for roles that require attention to detail and a high-level of focus — invaluable skills when developing cyber risk management software or running specific penetration tests.
Sharp, sustained focus and adjacent thinking are particularly beneficial when you consider that cybersecurity can often be about testing scenarios over and over again until you’re confident that the outcome has provided a solution to the original problem. Theory can be taught, but natural skills can’t. Not utilizing those available team members that naturally have these skillsets is clearly a missed opportunity.
Recruiting skilled individuals with a high-level of neurological function from different social, educational and ethnic backgrounds could prove invaluable when it comes to identifying potential security threats or malicious activity within your network.
Organizations need to take a different approach to how they recruit and build cybersecurity teams
How can organizations become more neurodiverse?
In the past, there have been barriers to neurodivergent individuals getting the opportunities their talents warrant. Just because someone doesn’t have a certain set of qualifications, or communicates and behaves differently to others, doesn’t mean they aren’t capable of doing a good job.
Becoming more neurodiverse as an organization will enable more individuals to fulfill their potential, as well as help to address the cybersecurity skills gap — but how do organizations achieve this?
Create an inclusive culture
It’s not simply a case of tweaking your recruitment strategy to make it more inclusive, it’s about addressing your company culture and creating an inclusion strategy that is designed to support the individual and not their diagnosis.
For example, just because two people are diagnosed as autistic, doesn’t mean their needs will be the same, so your support network needs to reflect this.
Seek advice from experts and speak to other neurodivergent professionals to learn about their experiences.
Educate internal team members to help them learn more about neurodiversity, and develop a strategy that not only creates the best possible working environment for neurodivergent people, but also gives them the support needed to do their job and the opportunities to progress within the organization.
No one is expecting organizations to become experts in neurodiversity overnight, it’s about creating a culture of inclusion
Recognizing the value of neurodiversity in cybersecurity
Society is becoming much better at understanding that different brains work differently. However, there is still more to be done before we get to a point where neurodivergent conditions are no longer seen as illnesses. We need to more consistently recognize neurodiverse individuals as having great value to offer the workforce.
Neurodivergent people often excel in creativity and problem-solving, two qualities that could add tremendous value to security teams, particularly IT and cybersecurity teams, and cyber risk management software developers.
By developing our understanding of the condition and what is required to create inclusive, neurodiverse support strategies to help individuals harness their talent, we’ll go some way to filling the void in the cybersecurity job market.
To hear more from Holly and to find out more about neurodiversity in cybersecurity listen to this episode of our Capability-Centric GRC & Cyber Security Podcast.
Your career in cybersecurity
Whether you are just starting out in cybersecurity, or looking for your next big career move, we’d love to hear from you. Find out which roles are available and how to apply on our careers page.