Diverse Minds,Secure Networks: Embracing Neurodiversity in Cybersecurity

Abstract

Cybersecurity is a critical shield in today’s hyper-connected world protecting networks, systems, and data from increasingly sophisticated attacks. The need for innovative solutions to cyber defense is now more urgent than ever. However, the industry faces a substantial skills and workforce gap as the supply of cybersecurity workers cannot keep pace with growing demand. The global workforce gap increased by over 25% from 2021 to 2022, and nearly 70% of cyber professionals say their organization has a worker shortage.¹ One potential solution to this escalating crisis: recruiting a more diverse population of neurodiverse individuals and advocating for inclusive hiring practices to better support this group. According to MITRE’s pilot program, the inclusion of neurodiverse individuals in cybersecurity roles not only addresses the skills gap but also enhances problem-solving and innovation within the field.²

The term “neurodivergent” refers to people with cognitive differences such as autism spectrum disorder (ASD), attention-deficit/hyperactivity disorder (ADHD), and dyslexia.³ In comparison, people who have brains that function in conventional ways are called “neurotypical.” Neurodiverse individuals possess unique abilities that are highly advantageous in cybersecurity roles, including problem-solving abilities, pattern recognition, and attention to detail. These individuals think differently because their brains do not work the same as the average neurotypical person—a trait which can lend itself to an innate ability to draw new connections that others may not see. RAND reported that in public and private discussions, officials and experts have addressed the need for neurodiversity in the cybersecurity community because some missions are too important and too difficult to be left to people who think in typical ways.³ Furthermore, neurodiverse employees at JP Morgan Chase have demonstrated significantly higher productivity, with some being 90–140% more productive than their neurotypical peers.⁴

The potential contribution of the neurodiverse population to cyber defense is substantial—but they remain largely untapped and insufficiently supported in the workforce. Neurodivergent people face social and professional stigmas that may impede their ability or willingness to advocate for their needs. Moreover, traditional hiring practices and working habits favor neurotypical workers, which can prevent neurodiverse hires from thriving in their roles. Programs like MITRE’s pilot with federal agencies have shown promising results by providing tailored training and support for neurodiverse hires.² Building a neuroinclusive workplace involves reimagining job descriptions, hiring processes, and workplace accommodations to support neurodiverse individuals effectively.⁵

The cybersecurity sector is grappling with a sizable shortage of skilled professionals. In addition to pervasive burnout and long hours, traditional cybersecurity education and hiring practices have not kept pace with the evolving and increasingly complex cyber threats.⁶ Forecasts suggest that by 2025, a lack of talent will be responsible for more than half of all significant cyber-attacks.⁷ Additionally, an overwhelming majority (86%) of business leaders believe a significant cyber incident is likely over the next 2 years—but 34% lack the necessary skills to prevent it with their current security systems.⁸ This deficit leaves organizations vulnerable to increasingly complex attacks, highlighting the need for innovative solutions and diverse skill sets to bolster defenses. Bringing more neurodiverse individuals into the workforce not only addresses the pressing skill gap but also enhances the quality and creativity of cybersecurity solutions.

Neurodiverse individuals often possess exceptional cognitive abilities that are particularly valuable in cybersecurity roles where the abilities to detect anomalies, manage repetitive tasks, and analyze complex patterns are crucial. For instance, individuals with ASD frequently excel in tasks requiring high precision and focus, such as in software quality assurance and threat analysis.⁹ A landmark study found that autistic individuals are up to 40% faster at some forms of problem-solving than non-autistics and have higher levels of visual processing capacity and faster processing times.¹⁰ Neurodiverse employees often approach challenges differently, providing new insights and solutions that may not be apparent to neurotypical colleagues. This ability to think differently is crucial in outmaneuvering cybercriminals and detecting cyber threats that others may overlook.¹¹ This group’s strengths in focus and precision can lead to increased productivity and reduced errors in cybersecurity operations, particularly in roles involving continuous monitoring and quality assurance, ensuring that security measures remain robust and effective.⁶

Supporting Neurodiverse Individuals in the Workplace

Recruiting and retaining neurodiverse workers requires a shift in both hiring practices and workplace culture. Currently, the employment rate of autistic people is only 15% in comparison to the 54% employment rate of people with other types of disabilities.¹² This gap suggests that neurodivergent people are lacking sufficient advocacy in the workplace. Several programs have demonstrated the successful integration of neurodiverse talent into cybersecurity roles. The DXC Dandelion Program in Australia has effectively employed individuals with autism in various IT and cybersecurity positions with a 92% retention rate, showing that with the right support, neurodiverse individuals can significantly contribute to the field.⁶ These programs often include tailored support measures such as performance-based interview processes rather than questions based on soft skills, flexible work environments, clear and structured tasks, and accommodations for sensory sensitivities. Additionally, creating a neuroinclusive workplace involves comprehensive planning and design, individualized roles, continuous coaching and development, and effective management and measurement. Providing clear communication, flexible schedules, and sensory accommodations can help neurodiverse employees thrive.¹³

Geoffrey Tandy’s role in WWII exemplifies how diverse talents can contribute to critical fields. Although a botanist by training, Tandy’s expertise proved invaluable in cryptanalysis, demonstrating that diverse skills and perspectives can lead to innovative solutions in cybersecurity as well. Modern intelligence agencies like GCHQ actively recruit neurodiverse individuals, recognizing their unique cognitive strengths such as enhanced visual perception, which are crucial for interpreting complex data.¹⁴

These considerations are important because neurodiverse individuals often face barriers during the hiring process. Traditional interviews and job descriptions, which emphasize social and behavioral norms over technical competencies, can disadvantage candidates who communicate or interact differently than their neurotypical colleagues.¹¹ For instance, some neurodiverse individuals may struggle with eye contact or voice regulation, which interviewers might interpret negatively. To overcome these barriers, organizations should adopt skill-based assessments for cybersecurity roles and write clear, straightforward job descriptions that focus on the technical requirements of the job. For example, job descriptions that use high-level language instead of specific descriptions can be discouraging for neurodiverse individuals. RAND notes that a traditional job description for a cyber operations analyst may include something like “Prepares oral and written correspondence and other documentation,” which fails to actually explain what the individual will do. A more effective way to phrase this would be “Explains ongoing cyber operations to military leaders who do not have cyber expertise. Explains the significance of new cyber threats in terms of how previously unknown vulnerabilities are being exploited by adversaries. Documents results for use by future analysts.”³ While this level of detail may require more work for the hiring manager and recruiter upfront, it will pay dividends down the line by more clearly presenting the tasks required for the role for neurodiverse candidates. To help in this effort, the U.S. federal government has released the Neurodiversity@Work Playbook Federal Edition in order to create opportunities for individuals with autism and other neurodivergent conditions. And the Department of Labor and Department of Commerce have resources to help businesses recruit, hire and retain neurodivergent workers.⁶

Once hired, neurodiverse individuals may face challenges in workplaces not designed to accommodate their needs. Issues such as sensory overload, rigid schedules, and unclear instructions can hinder their performance.⁹ Without proper support, employees may hide (also known as “masking”) their neurodivergence at the workplace to avoid any negative professional and social stigmas—which in turn can spike anxiety levels and negatively impact their mental health and job performance. To foster an inclusive environment, organizations that wish to hire and retain neurodiverse employees should implement supportive measures such as providing access to noise-canceling headphones and the ability to choose a desk location as well as company-wide initiatives that help employees understand neurodiversity. Neurotypical employees may not be aware that sending meeting invites without an agenda or goals can be stressful for neurodiverse individuals; making a habit to send clear notes ahead of time and recapping tasks after the meeting can help everyone stay on the same page and make action items more tangible. Additionally, the simple act of checking in and asking if colleagues have any specific needs in the workplace can help make neurodiverse individuals feel seen, recognized, and safe. A culture of inclusivity is a daily practice, and educating employees about harmful stereotypes and how to work with their neurodiverse colleagues can help shape a healthy workplace culture for all employees.

Tools such as virtual reality (VR), biofeedback, and cognitive-behavioral therapy can further support neurodiverse professionals by helping to manage social anxiety and improve focus. These interventions can be integrated into workplace practices to enhance the well-being and productivity of neurodiverse employees. For example, VR has been studied as an effective medium to provide vocational support for autistic people, enabling them to practice social communication skills for interviews or job tasks.^15,16 VR allows individuals to enhance their social and professional skills in a safe, controlled environment, which can not only aid in skill development but also help in reducing workplace anxiety. Organizations may offer VR training as part of their onboarding practices for neurodiverse individuals—and for neurotypical employees, VR training can help build empathy and understanding as they consider the challenges their neurodiverse colleagues may face.

Looking ahead, the integration of advanced technologies like artificial intelligence (AI) and machine learning (ML) can further support neurodiverse employees. AI-driven tools can offer personalized learning experiences, adapting to individual needs and preferences. Moreover, Extended reality training modules can simulate real-world scenarios, allowing neurodiverse individuals to practice and develop their skills in safe and controlled environments. These innovations hold the promise of creating more inclusive workplaces, where neurodiverse talent can flourish and contribute to the evolving landscape of cybersecurity.

References

(ISC)². (2022). (ISC)² Cybersecurity Workforce Study. Available from: https://media.isc2.org/-/media/Project/ISC2/Main/Media/documents/research/ISC2-Cybersecurity-Workforce-Study-2022.pdf?rev=1bb9812a77c74e7c9042c3939678c196 [Last accessed: July 13, 2024].

MITRE. (2019). MITRE Wins Grand Prize in GEAR Center Challenge for Neurodiversity in Cybersecurity. Available from: https://www.mitre.org/news-insights/impact-story/can-blockchain-technology-address-longstanding-pain-points-federal [Last accessed: July 13, 2024].

Weinbaum

, Khan

, Thomas

, et al. (2023). Why National Security Needs Neurodiversity. RAND Corporation. Available from: https://www.rand.org/pubs/research_briefs/RBA1875-1.html [Last accessed: July 13, 2023].

Furr

. (2023). Why It’s Important to Embrace Neurodiversity in the Workplace (and How to Do It Effectively). Forbes. Available from: https://www.forbes.com/sites/forbesbusinesscouncil/2023/03/07/why-its-important-to-embrace-neurodiversity-in-the-workplace-and-how-to-do-it-effectively/ [Last accessed: July 13, 2024].

Sniderman

, Buckley

, Holdowsky

, et al. (2024). Building a Neuroinclusive Workplace. Deloitte Insights. Available from: https://deloitte.wsj.com/cmo/building-a-neuroinclusive-workplace-e176bb07 [Last accessed: July 13, 2024].

Doubleday

. (2024). Federal ‘Neurodiversity’ Initiatives Slowly Getting Off the Ground. Federal News Network. Available from: https://federalnewsnetwork.com/workforce/2024/01/nga-building-on-efforts-to-recruit-neurodivergent-talent [Last accessed: July 13, 2024].

Scanlan

, Eddy

, Thomas

, et al. (2020). Neurodiverse Knowledge, Skills, and Ability Assessment for Cybersecurity. Australasian Conference on Information Systems. Available from: https://opal.latrobe.edu.au/articles/conference_contribution/Neurodiverse_Knowledge_Skills_and_Ability_Assessment_for_Cyber_Security/24447181 [Last accessed: July 1, 2023].

Gartner Predicts Nearly Half of Cybersecurity Leaders Will Change Jobs by 2025. (2023). Gartner. Available from: https://www.gartner.com/en/newsroom/press-releases/2023-02-22-gartner-predicts-nearly-half-of-cybersecurity-leaders-will-change-jobs-by-2025 [Last accessed: July 13, 2024].

Geopolitical Instability Raises Threat of ‘Catastrophic Cyberattack in Next Two Years. (2023). World Economic Forum. Available from: https://www.weforum.org/press/2023/01/geopolitical-instability-raises-threat-of-catastrophic-cyberattack-in-next-two-years/ [Last accessed: July 13, 2024].

10.

Walkowiak

. Neurodiversity of the Workforce and Digital Transformation: The case of inclusion of autistic workers at the workplace. Technol Forecasting and Social Change, 2021; 168:120739. https://www-sciencedirect-com-443.web.bisu.edu.cn/science/article/abs/pii/S0040162521001712

11.

Soulières

, Dawson

, Samson

, et al. Enhanced visual processing contributes to matrix reasoning in autism. Hum Brain Mapp, 2009; 30(12):4082–4107; doi: 10.1002/hbm.20831

12.

Weinbaum

, Khan

, Thomas

, et al. Neurodiversity and national security: How to tackle national security challenges with a wider range of cognitive talents. Rand Health Q, 2023; 10(4):9. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10501819/

13.

Asbell-Clarke

. (2024). How Neurodiversity Can Help Fill the Cybersecurity Workforce Shortage. Dark Reading. Available from: https://www.darkreading.com/cybersecurity-operations/cybersecurity-careers/how-neurodiversity-can-help-fill-the-cybersecurity-workforce-shortage [Last accessed: July 23, 2024].

14.

Hannigan

. (2024). How to hire a spy. The Economist. Available from: https://www.economist.com/culture/2024/06/06/how-to-hire-a-spy

15.

Kim

, Kim

, et al. (2022). The workplace playbook VR: Exploring the design space of virtual reality to foster understanding of and support for autistic people. Proceedings of the ACM on Human-Computer Interaction, 6(CSCW2):1–24; doi: 10.1145/3555082

16.

Wiederhold

. Our neurodiverse society: The role of advanced technology. Cyberpsychol Behav Soc Netw, 2020; 23(1):1–2.