Addressing the cybersecurity skills gap through neurodiversity

Addressing the skills gap and strengthening your own security team means bringing in different minds and perspectives — and that starts with embracing neurodiversity. To even have a chance at closing the cybersecurity skills gap, we need people with a variety of different abilities and thought processes. But did you know that there’s an untapped potential in individuals who are neurodivergent?

Neurodiversity can mean different things to different people. It’s a concept that views the spectrum of neurological differences — like ADHD, autism, dyslexia, Tourette’s and other cognitive and developmental disorders — as natural variations of the human brain. In a nutshell, neurodiversity recognizes that brain differences are just that: differences.

I was always aware of the fact that I had a different operating system. It was like growing up on a Mac OS, but made specifically for Windows OS. It wasn’t until I was diagnosed as autistic that I understood why I am the way that I am. My diagnosis gave me a purpose. It’s a purpose I’ve taken with me into the working world, and it’s helped me realize how vital neurodiverse individuals can and will be to the cybersecurity industry.

To even have a chance at closing the cybersecurity skills gap, we need people with a variety of different abilities and thought processes.

There are many inherent traits in people with autism that are well suited for working in cybersecurity. For example, many people with autism are pattern thinkers and are highly detail-oriented. This allows someone in a threat-hunting position to find those subtle differences between malicious and nonmalicious code and catch the threats that automated tools might miss. We also have the ability to hyperfocus, which allows us to concentrate on problem-solving and stick with complex issues that other people may abandon.

Of course, we all have a different set of skills, interests, strengths and weaknesses. But there are some characteristics that — when given the right support and environment — can translate to cybersecurity positively.

This is especially true when autistic adults are interested in technology and cybersecurity. Their interest can complement their attention to detail, which can make for a successful blue team cyber professional. The number and types of cyber threats are constantly changing. Some are obvious to hunt down, and some are much more subtle. Some malware even has the ability to "live off the land" by using already created applications or executables that live natively on a computer. Knowing this information, and knowing what to look for and where to hone in, allows a neurodivergent person to consistently inspect, investigate and hunt down even the most persistent threats.

Embrace the benefits

Instead of focusing on what makes a neurodivergent person “different,” we should embrace the benefits that different minds and viewpoints bring to the field of cybersecurity. Let’s face it: The world is going to need more cybersecurity professionals. Ensuring diversity in these teams includes embracing neurodiversity. Having a blend of unique talents provided by these detail-oriented, rule-bound, logical and independent-thinking individuals is — and will be — a competitive edge in cybersecurity.

Having a career in cybersecurity typically requires logic, discipline, curiosity and the ability to solve problems and find patterns. This is an industry that offers a wide spectrum of positions and career paths for people who are neurodivergent, particularly for roles in threat analysis, threat intelligence and threat hunting.

Neurodiverse minds are usually great at finding the needle in the haystack, the small red flags and minute details that are critical for hunting down and analyzing potential threats. Other strengths include pattern recognition, thinking outside the box, attention to detail, a keen sense of focus, methodical thinking and integrity.

The more diverse your teams are, the more productive, creative and successful they will be. And not only can neurodiverse talent help strengthen cybersecurity, employing different minds and perspectives can also solve communication problems and create a positive impact for both your team and your company.

According to the Bureau of Labor Statistics, the demand for Information Security Analysts — one of the common career paths for cybersecurity professionals — is expected to grow 31% by 2029, much higher than the average growth rate of 4% for other occupations. While vital jobs in cybersecurity are going unfilled, millions of smart people who'd be ideally suited for the work remain unemployed.

Taking the first step

It’s time to challenge the assumption that qualified talent equals neurotypicality. There are many steps companies can take to ensure inclusivity and promote belonging in the workplace. Let’s start all the way at the beginning and focus on job postings.

Job postings should be black and white in terms of the information they are asking for and the job requirements. Start by making job postings more inclusive and less constrictive in what is being required. Include a contact email address where an applicant can ask for accommodations, and provide a less traditional approach by providing these accommodations.

Traditional interviews can be a challenge for neurodivergent individuals, and this is often the first hurdle to employment. For example, to ease some candidates’ nerves, you could provide a list of questions that will be asked as a guideline. More importantly, don’t judge someone based on their lack of eye contact.

To promote an inclusive and belonging culture of neurodiversity in the workplace, the workplace should be more supportive of different needs. It is vital to ensure employees at all levels have the knowledge and understanding on how to empower a diverse team and create an open and inclusive workplace. This starts with diversity, equity, inclusion and belonging training for all employees. Companies should also consider changing their communication style. Neurodiverse individuals communicate differently and not altering the way you communicate could lead to a disconnect in the workplace.

My advice to other neurodivergent and/or autistic adults looking to break into the cybersecurity field is to continue your learning, connect with cybersecurity professionals for networking purposes and never give up. The more we push for awareness and inclusion in all aspects of all companies — small and large — the more opportunities there will be for success.