Why cybersecurity leaders are actively recruiting neurodiverse talent

In an attempt to clamp down harder on the increased risk of cybersecurity threats to businesses, tech leaders are actively hiring neurodivergent people because of the strong problem-solving and analytical skills they can offer.

The neurodiversity spectrum is wide, ranging from attention deficit hyperactivity disorder (ADHD), dyslexia, dyspraxia and Tourette syndrome, to autism and bi-polarity. But common characteristics of neurodivergent individuals – including pattern-spotting, creative insights and visual-spatial thinking – are finally being realized, not least in the cyber security sector.

Holly Foxcroft, head of neurodiversity in cyber research and consulting at professional search firm London-centered Stott and May Consulting, said that neurodivergent individuals have “spiky profiles.” Foxcroft, who is neurodivergent herself, explained that these visual representations highlight the strengths and areas needed for development or support. “Neurodivergent profiles show that individuals perform highly in areas where neurotypicals have a consistent and moderate line,” she said. 

The areas in which neurodivergent individuals have “exceeded skill” include high-level problem-solving, creative “out-the-box” thinking, hyper-focusing, and pattern spotting. “These are much-needed attributes and skills in cybersecurity,” added Foxcroft.

Unique skills for unknown unknowns

Perry Carpenter, chief evangelist and strategy officer at KnowBe4, a global cybersecurity awareness platform, said: “As someone on the autism spectrum, I’m very encouraged by the efforts of the security community to recruit neurodivergent employees actively.” 

The resident of Little Rock, Arkansas, is proud his work community is leading the way. He said these recruitment efforts mark an important step in helping to overcome some of the ”inherent stigmas” associated with neurodivergence. However, Carpenter he also warned against yet more generalizing “Just because someone is neurodiverse doesn’t mean that they will naturally be great coders or analysts. We don’t want to create new stereotypes.”

“Our adversaries [cybercriminals] are not universally neurotypical, so it makes sense for us to have a defensive force that is also diverse and representative of their thinking patterns and skillsets.”

Perry Carpenter, chief evangelist and strategy officer at KnowBe4.

KnowBe4’s Carpenter listed the main reasons cybersecurity leaders are “actively recruiting” neurodivergent staff. First, the community understands more than most that “unique individuals” can offer “unique skills” suited to cybersecurity. Different ways of thinking are critical in the fight against cybercriminals, who also know the benefits of employing innovators. “Our adversaries are not universally neurotypical, so it makes sense for us to have a defensive force that is also diverse and representative of their thinking patterns and skillsets,” said Carpenter. 

Whether “hyper-focused” or offering out-of-the-box thinking, neurodivergent workers enable “teams to continually grind data, identify patterns, or find solutions to complex problems that someone else might miss,” according to Carpenter.

Paul Baird, the chief technical security officer in the U.K. for cybersecurity firm Qualys, built on this theme. “If you have a neurodiverse team, they will react differently when a problem arises,” he said. “The alternative is that you have a cookie-cutter approach to security where every problem gets handled the same way each time.” 

The latter strategy struggles with unknown unknowns or unexpected events. “At that point, you need people with multiple views and backgrounds to solve these problems effectively,” Baird added.

Narrowing the skills gap

Plus, the ever-rising list of requisite attributes in cybersecurity necessitates opening the talent pool to nontraditional candidates. “Increasing our recruiting across diverse populations is not only the right thing to do from an ethical perspective, but it also offers a practical way to help close the skills gap,” added Carpenter.

Kieran Waite, the principal cybersecurity consultant at London-headquartered recruitment firm Hamilton Barnes, echoed this observation. “There is a global cyber skills shortage of about 3.5 million people,” he said, “and neurodiversity is a way of not only filling the vacancies but filling them with people capable of coming up with newer ideas from many different perspectives.”

Waite explained that people with autism or ADHD “often demonstrate a keen attention to detail” and an ability to remain hyper-focused. “This is useful in many areas of cybersecurity, including in a ‘blue team’ tasked with defending against and responding to attacks,” he said. Blue team members need to identify anomalies, discover root causes of incidents, and sift through data and complex tasks for long periods. “These skills and traits are useful in many other areas of cybersecurity, too,” added Waite.

“There is a global cyber skills shortage of about 3.5 million people.”

Kieran Waite, the principal cybersecurity consultant at Hamilton Barnes.

Devin Blewitt, CIO at ITonlinelearning, a training provider and recruitment agency for people seeking a career in information technology, cybersecurity, project management and business analysis, urged other industries to take note. “For organizations currently not hiring neurodiverse talent, they are making a huge mistake and missing out on recruits who have a lot to bring to the table,” he said.

Indeed, Foxcroft stated that up to 20% of the global population is neurodivergent – and that’s just the people diagnosed. “The true figure is likely to be significantly higher,” she said. “So it’s in an organization’s best interest to support neuroinclusive working practices and culture and address bias surrounding neurodiversity.” 

Foxcroft stressed that this progressive approach would increase productivity, and supporting new and existing employees in the workplace would help attract and retain talent, whether neurodivergent or neurotypical.