{"id":1080,"date":"2024-12-04T07:00:00","date_gmt":"2024-12-04T07:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=1080"},"modified":"2024-12-04T07:00:00","modified_gmt":"2024-12-04T07:00:00","slug":"talent-overlooked-embracing-neurodiversity-in-cybersecurity","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=1080","title":{"rendered":"Talent overlooked: embracing neurodiversity in cybersecurity"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

In cybersecurity, diverse perspectives<\/a> help in addressing complex, emerging threats. Increasingly, there\u2019s a push to recognize that neurodiversity brings significant value to cybersecurity. However, neurodiverse people frequently face systemic barriers that hinder their success in the field.<\/p>\n

Neurodiversity refers to the way some people\u2019s brains work differently to the neurotypical brain. This includes autism, ADHD (attention deficit hyperactivity disorder), dyspraxia, and dyslexia, which are generally experienced along a spectrum.<\/p>\n

\u201cMy experience of being neurodivergent \u2014 diagnosed with autism, ADHD and dyspraxia \u2014 in cybersecurity is challenging, but also very rewarding,\u201d says Lisa Ventura, cybersecurity practitioner and champion for diversity and inclusion in the industry. In 2023, Ventura was appointed<\/a> to the Most Excellent Order of the British Empire (MBE) for her work in cybersecurity and diversity and inclusion.<\/p>\n

How can neurodiverse traits assist in cybersecurity?<\/h2>\n

Neurodiverse traits such as creativity, attention to detail, hyper-focus, and innovative problem-solving skills can provide distinctive strengths to cybersecurity. \u201cMeticulous analysis of threats, anomalies, and system vulnerabilities are essential, so these traits can be invaluable,\u201d says Ventura.<\/p>\n

However, transforming the industry to be more inclusive will take time and work. Meaningful change will need leadership buy-in, employee awareness, and having neurodiverse people guiding initiatives.<\/p>\n

\u201cNot all organizations have fully embraced neurodiversity, and stigma or misunderstanding about neurodivergent conditions still creates barriers,\u201d she says.<\/p>\n

Traditional corporate expectations can clash with neurodiverse strengths, according to Rick Doten, VP, information security at Centene Corporation. Doten has undertaken ADHD and autism certification courses through Pesi.com and presents keynotes, training, and podcasts on the subject, advocates for greater awareness and acceptance to help people feel supported and more open about their neurodiversity. \u201cThrough my clinical education, and being autistic and having ADHD myself, I\u2019ve learnt acceptance comes through accommodating and understanding neurodiversity,\u201d he says.<\/p>\n

Doten believes there\u2019s a need to recognize that many neurodiverse people are employed in the field and make it safe for them to identify without fear of discrimination and adjust expectations. Recognition and acceptance can have a profound effect on individuals, who can struggle with judgment, confusion, anxiety and even substance abuse and trauma.<\/p>\n

\u201cThe most common response when I do a presentation is people saying: \u2018I feel like you\u2019re talking about me\u2019, or \u2018I feel seen and I can understand why I\u2019m this way and start forgiving myself\u2019,\u201d he says.<\/p>\n

Misconceptions and bias about neurodiverse people often stem from attributing behaviors like procrastination, interruptions, or social difficulties to personality flaws rather than \u2018executive function\u2019<\/a> challenges that impact motivation and focus, says Doten.<\/p>\n

Executive function refers to the processes in the brain that govern planning and organizing, and with neurodiversity, it can manifest as difficulties with focus, working memory, and switching tasks. However, these traits can be highly beneficial when put to the appropriate task in cybersecurity.<\/p>\n

People who excel at hyper-focus usually thrive in meticulous, detail-oriented tasks such as forensics or project management. On the other hand, individuals with a multi-threaded focus<\/a> tend to excel at rapid problem-solving and improvisation, making them ideal for roles like incident response or ethical hacking, according to Doten. \u201cNeurodiversity has many positive traits and both styles are equally valuable, but suited to different work functions,\u201d he says.<\/p>\n

Applying his experience and training when managing team members, Doten might coach someone who tends to be a perfectionist that their 80% will be more than good enough. Another person may prefer reassurance before a meeting or receiving certain emails to lower anxiety.<\/p>\n

Knowing what\u2019s driving behaviors like distraction or talking too much, structuring tasks to help with transitioning, knowing the clock may be different for some or just not expecting everyone to show up as \u2018well-rounded\u2019 in the same way helps break down barriers.<\/p>\n

\u201cThe core of it is understanding how people work, allowing them to do the things they\u2019re best at and not disrupting that,\u201d he says.<\/p>\n

Addressing the cybersecurity workforce gap<\/h2>\n

Addressing the global cybersecurity workforce gap has put a focus on improving the participation of neurodiverse people in the field to help meet the shortfall. The gap is estimated to be more than 4.7 million people, widening by almost 20% year on year, according to ISC2\u2019s 2024 Global Cybersecurity Workforce<\/a> report. Employing people with diverse backgrounds should be part of efforts to address the talent gap, the report noted.<\/p>\n

Jon France, CISO with ISC2, agrees that overlooking neurodiverse talent is limiting the potential recruitment pool at a time when the industry needs to widen its scope.<\/p>\n

But there needs to be more than one path into the profession that looks the same for everyone. In some cases, it might mean looking at different skills and traits and shifting away from a single focus on hard technical skills to things like logical and critical thinking to open wider recruitment and selection practices. \u201cUsing a singular route will automatically lock out some people before you\u2019ve seen what they\u2019re capable of,\u201d says France.<\/p>\n

To help retain neurodiverse team members, the workplace culture and environment needs to be inclusive. France has found that within the natural constraints of businesses and how they operate, it\u2019s possible to make reasonable adjustments for neurodiverse team members.<\/p>\n

Ideally, inclusivity means approaching neurodiversity as part of human diversity where all can thrive. \u201cIf we do a better job of recognizing that not all things work for people in the same way, we can make reasonable adjustments and get the best out of individuals,\u201d he says.<\/p>\n

How can workplaces become more supportive of neurodiverse professionals?<\/h2>\n

Employers are recognizing untapped reservoirs of talent in neurodiversity, according to a Crest 2020 Neurodiversity in the Workplace report<\/a>. However, while the industry informally values many traits of neurodiversity, workplaces don\u2019t necessarily provide suitable accommodations and support for individuals.<\/p>\n

\u201cWe don\u2019t always fit in a certain box that\u2019s considered \u2018normal\u2019 but if you look at neurodiverse people like me \u2013 diagnosed with autism, ADHD, and complex PTSD \u2014 these traits can have a significant impact in cybersecurity,\u201d says Nathan Chung, cybersecurity engineer and advocate for neurodiversity in the industry.<\/p>\n

Chung says he would like to see managers recognizing that everyone\u2019s different and understanding what\u2019s needed to thrive in the workplace.<\/p>\n

Workplace accommodations can take many forms, such as:<\/p>\n

Adjusting seating, light or noise,<\/p>\n

Splitting long cognitive tasks into manageable increments,<\/p>\n

Applying arbitrary deadlines to help with time management,<\/p>\n

Structuring tasks to manage energy and attention,<\/p>\n

Pairing tasks with music to help distract an active mind,<\/p>\n

Tools to help manage task transitions.<\/p>\n

However, recent moves away from remote work, particularly in the US, could prove problematic for those people who find it more comfortable to work away from a formal office setting, according to Chung. \u201cOne of the biggest blockers for new people who are neurodivergent like me is limiting remote work, and a lot of the big tech companies are taking this away,\u201d he tells CSO.<\/p>\n

On the upside, existing organizations and industry initiatives have been running to harness the potential of neurodiverse people in cybersecurity and the broader technology industry. Among technology companies, Microsoft<\/a>, SAP<\/a>, Dell<\/a>, Google Cloud<\/a>, and DXC Technology<\/a> have established programs to support neurodiverse professionals.<\/p>\n

While these initiatives are encouraging, Chung argues that neurodiverse employees should be integrated and provide opportunities for advancement. \u201cAny specialist recruitment programs shouldn\u2019t just include entry-level jobs that attract a minimum wage,\u201d he says.<\/p>\n

Beyond the private sector, CISA recently launched a Neurodiverse Federal Workforce (NFW) initiative to increase opportunities for neurodiverse professionals. MITRE has partnered with organizations under the Neurodiverse Federal Workforce Pilot Program and recently launched the Neurodiversity@Work Playbook<\/a> for workplaces.<\/p>\n

It\u2019s not just cybersecurity where neurodiverse talent can strengthen the industry. It\u2019s also becoming a national security issue, with research suggesting neurodiversity, like other forms of diversity, can strengthen a national security organization and a broader spectrum of cognitive skills needed to address national security challenges.<\/p>\n

Neurodiversity can strengthen a national security organization; however, recruitment and hiring processes pose barriers and neurodivergence is treated as a disability within the US government, according to a RAND<\/a> report.<\/p>\n

\u201cThere are many unpredictable situations around the world and harnessing neurodiverse people on these national security challenges could potentially make some amazing progress,\u201d says Chung.<\/p>\n

Tackling the hiring challenge, or the \u2018great firewall of HR\u2019<\/h2>\n

Increasing the participation of neurodiverse people in the profession requires training and education opportunities that open more pathways. In the US, UK and Australia, there are a range of schemes offering opportunities for people to start from the basics with a view to employment.<\/p>\n

Untapped Talent developed Genius Armoury<\/a>, supported by AustCyber and partner organizations such as universities and technology businesses, to offer cybersecurity training specifically tailored to neurodiverse people. Those who have gone through their program have taken up roles in banks, telecommunications providers, and the mining sector in the four years the program has been running, says Raza Nowzory, senior director of cyber at Untapped Talent.<\/p>\n

Under the guidance of experienced tech leads and dedicated workplace development consultants, participants start with computing fundamentals and move through to cybersecurity training.<\/p>\n

As they advance, participants transition to employment with partner organizations and benefit from in-role training through structured internal rotations. Managers within each department provide more specialized training to support their continued development. \u201cWith no background in technology and no understanding of cybersecurity, they can come on board, and we\u2019ll teach them and after six months they\u2019re able to go into an organization\u201d says Nowrozy.<\/p>\n

Untapped also works closely with the businesses to help them prepare to onboard neurodiverse staff with sessions focused on building supportive frameworks, identifying workplace accommodations, and training tailored for their capabilities. \u201cWe can help uplift internal policies at these businesses to support these provisions and educate everybody on how to interact with a neurodivergent person as a colleague and an employee,\u201d he says.<\/p>\n

Recruitment practices are critical to improving the proportion of neurodiverse talent in the industry; however, neurodiverse professionals can struggle with conventional recruitment processes<\/a> that rely on rigid assessments, formal Q&A-style interviews, and conventional measures of social interaction.<\/p>\n

The Precisionists is working to bridge the neurodiversity employment divide by offering training, job opportunities and guidance for employers. It has adapted recruitment processes to help neurodiverse candidates feel more comfortable and remove some of the barriers to demonstrating their skills and potential.<\/p>\n

CEO Ernie Dianastasis says support programs make a huge difference in lifting the under- and unemployment rate for neurodiverse people, which can be very high. The organization has done away with the traditional HR interview and the expectation that potential candidates will have a certain educational background. \u201cOne of the things that\u2019s been a career killer for these individuals has been the traditional HR interview, so we don\u2019t interview,\u201d says Dianastasis.<\/p>\n

Along with discarding the interview, they don\u2019t require resumes or degrees to get in the door. Instead, the focus is on someone\u2019s aptitude and what they\u2019re good at and if they can do the sorts of business and IT services the organization provides to its clients. \u201cWe\u2019re interested in understanding how someone is wired and what they\u2019re good at,\u201d he tells CSO.<\/p>\n

Doten says that conventional hiring practices can screen out exceptional candidates who don\u2019t conform to standard evaluation methods. \u201cThere needs to be someone in the room who takes a different approach so when going through resumes I want to see everyone who thinks they can do the job and we don\u2019t filter on anything,\u201d he says.<\/p>\n

In most cases, it\u2019s HR following organization policies that prevent alternative approaches, but a rethinking of traditional hiring practices could offer more inclusive options, such as allowing more informal interviews, using conversations rather than conventional question-and-answer formats or avoiding unnecessary stress with large interview panels.<\/p>\n

Doten\u2019s approach can involve finding out about particular passions or hobbies as insights into someone\u2019s personality and interests or gauging the enthusiasm they have for certain things in interview discussions.<\/p>\n

It helps reveal the unique strengths and motivations that might not emerge through traditional interview questions and is a way to gain insights into someone\u2019s suitability and where they might excel.<\/p>\n

\u201cMy goal is just to get the best person for the role,\u201d he says.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

In cybersecurity, diverse perspectives help in addressing complex, emerging threats. Increasingly, there\u2019s a push to recognize that neurodiversity brings significant value to cybersecurity. However, neurodiverse people frequently face systemic barriers that hinder their success in the field. Neurodiversity refers to the way some people\u2019s brains work differently to the neurotypical brain. This includes autism, ADHD […]<\/p>\n","protected":false},"author":0,"featured_media":1062,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1080","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1080"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1080"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1080\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/1062"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1080"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1080"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1080"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}