Neurodiversity in IT Security

Neurodiversity, the term for the range of differences in individual brain function and behavioral traits, with regard to sociability, learning, attention, mood and other mental functions in a non-pathological sense, is important to foster in any industry, but the security space in particular has always welcomed a range of neurodiverse groups.

Whether professionals are diagnosed with Autism Spectrum Disorder (ASD), Attention Deficit Hyperactivity Disorder (ADHD), Tourette’s, dyslexia or another type of neurodiversity, the industry has supplied meaningful work and an application for neurodiverse individuals to apply their unique skills.

As someone with ASD, Dustin “Evil Mog” Heywood, senior managing consultant for IBM X-Force Red, the company’s team of veteran hackers, is able to leverage things like his obsessive nature and math proficiency to help clients address their cybersecurity risks.

“Just like any neurotypical employee, the skills neurodiverse professionals bring with them ranges from person to person – there’s no one-size-fits-all approach,” Heywood explained. “However, some notable attributes they bring to jobs are a high level of productivity, hyperfocus, attention to detail, logical thinking and passion for their job.”

Neurodiversity in Cybersecurity

Everything from threat hunting to vulnerability analysis and penetration testing are roles that can benefit from the different ways neurodiverse minds work, he says.

And because there are so many different roles within information security, neurodiverse professionals have a variety of career options to choose from, based on their expertise.

A recent Bitdefender survey also indicated the cybersecurity industry could benefit from hiring more neurodivergent people and revealed a fifth of survey respondents think increased neurodiversity in cybersecurity will help combat cyberwarfare.

Moreover, nearly four in 10 respondents said they thought increased neurodiversity would make cybersecurity defenses stronger, and a third said a more neurodiverse workforce would level the playing field against bad actors.

At the same time, numerous surveys are indicating that demand for infosec workers is skyrocketing, at a time where cybersecurity threats are being considered with an urgency never before seen, and across nearly every industry.

Progress Made on Neurodiversity, but Organizations Can Do More

In Heywood’s eyes, society has come a long way in understanding the needs of neurodiverse populations—April is, in fact, Neurodiversity Acceptance Month—but he thinks there’s still a lot more organizations can do to both recruit neurodiverse candidates and manage them as employees.

He says the two main issues facing the neurodiverse workforce are a lack of understanding and an employment gap: The unemployment rate is more than 80% among adults with intellectual and developmental disabilities, according to a National Association of County Behavioral Health & Developmental Disability Directors study.

“Many still view being neurodiverse as a handicap, when, in reality, it just simply represents different ways of thinking,” Heywood says. “My mind works differently compared to some of my colleagues, but it also brings with it different skills and attributes; that’s how we should highlight neurodiversity, as opposed to seeing it as a burden.”

He suggests organizations take a closer look at their hiring practices to make sure they’re not working against neurodiverse candidates.

That means adapting hiring processes to be more inclusive to all different ways of thinking, and at their core, be focused on how candidates would perform in the desired role.

“Also, identify the environments your neurodiverse employees need to be in to thrive, whether that means leveraging work-from-home policies or adjusting in-office accommodations,” Heywood says.

Other tools that can be leveraged are the use of apprenticeships or on-site training programs that aim to foster support and inclusion—there are also consultancy firms that focus specifically on promoting neurodiverse employees and the benefits they bring.

Heywood says the InfoSec industry’s continued growth is “definitely” a cause for hope concerning the future of a more neurodiverse workforce.

“We know there are a lot of security problems to solve, and the neurodiverse community is an incredible talent pool for the industry to tap into,” he says. “This, coupled with the growing acceptance of the concept of neurodiversity, is going to give us the opportunity to close the neurodiverse employment gap.”

Nathan Eddy

Nathan Eddy is a Berlin-based filmmaker and freelance journalist specializing in enterprise IT and security issues, health care IT and architecture.

nathan-eddy has 239 posts and counting.See all posts by nathan-eddy