Skip to main content

Supporting neurodiversity in cybersecurity

(Image credit: Image source: Shutterstock/deepadesigns)

In similar comparisons to early developments in racial and gender diversity in industry, and even mental health at work, discussion about neurodiversity within the workforce has so far been driven by those who are personally associated with it.  Neil Thacker, CISO at Netskope, believes it is time to get broader contribution to the efforts of inclusiveness for the benefit of all and to showcase how inclusiveness can lead to organisational advantage.

What is neurodiversity?

Neurodiversity is the term used to cover a range of differences in brain function and behavioural traits.  It generally includes conditions such as ADD, ADHD, Autism and Asperger’s syndrome, as well as Dyslexia and Dyspraxia. In essence, neurodiversity recognises that our brains interact with the world in different ways, which can create challenges, but, most importantly, also advantages.

What is the current situation for the neurodiverse?

It is estimated that around 15 per cent of the UK population is neurodiverse in one or more identifiable or “diagnosable” way. Whilst the last two decades have seen progress, we are still at the early stages of awareness of neurodiversity, both in terms of scientific research and societal response.  Our education systems have been attempting to adapt, serve and support neurodiversity for many years, but in the workplace and amongst the adult population, neurodiversity can still be seen to carry a stigma, and be perceived as a weakness or a nuisance.

The National Autistic Society says that 68 per cent of autistic adults in the UK are unemployed, and yet 77 per cent of those surveyed, state that they want to work.  NeuroCyberUK, a not-for-profit group that is working to improve outcomes for neurodiverse individuals, juxtaposes these statistics with the predicted 3.5 million skills gap that the cybersecurity sector is expected to suffer globally by 2021; it states that up to three quarters of cogitatively able neurodiverse adults may possess the aptitude and skillset for a successful career in cybersecurity.

I work closely with NeuroCyberUK, and value the knowledge, expertise and commitment of those involved with the group.  I have personal experiences of neurodiversity within my family and a vested interest in any organisation working to increase the success of their inclusion and accessibility programmes.  However, I feel for broader discussions on neurodiversity with those first introduced to the topic, we run into a shortage of data.  We choose our words very carefully in an effort to balance our well-meaning intentions with effective and critical analysis. 

Stereotyping should be avoided and we are quick to educate those who simply assert that autistic people are all great at maths but struggle to empathise or communicate.  Addressing neurodiversity is not about legitimising pigeon holes into which we can place people, it is about acknowledging that we are all different and that individuals need to be supported with, and valued for, their unique strengths and weaknesses. So how, then, can we simultaneously acknowledge neurodiversity whilst justifying sweeping statements about the natural talents of the neurodiverse? It doesn’t add up.

A shortage of data

There are two ways we can address this void of information.  The first is better data on the aptitudes found within individuals in conventionally challenging parts of the neurodiversity spectrum.   Data on neurodiverse populations is hard to find, which is why we often step back into the more abundant, yet narrow, autism data sets.  But even there we do not have much in the way of statistical evidence of aptitude.

This data will be found through academic research; something that needs funding.  In today’s public spending climate, we need altruistic private companies to step up and fund this research with no guarantees of what the results will find.  

Unpicking prejudices and negative associations around neurodiversity (“can be a little blunt” or “isn’t very sociable”) requires us to add positive associations to the mix.  We need data to prove that autistic people have a high attention to detail, can spot patterns, trends and anomalies and are able to make independent unbiased decisions. Otherwise we are going on a positively intentioned hunch. All my life experience tells me that neurodiversity can be an enormous asset in cybersecurity, but we can’t expect to convince people to make changes based on anecdotal evidence.

The second way we can address the data shortage is to better assess the impact on organisational performance of having a genuinely neurodiverse workforce.  We have seen this approach, as an example, employed to good effect by those championing greater female inclusion at the higher echelons of business. 

Years ago, discussions around gender diversity in the workplace moved from consideration of HR and compliance (and jettisoned cringe-worthy assertions of women being stereotypically better suited certain tasks), towards assessment of the performance of organisations with and without women on the board.  It was no longer imperative to attest that a specific woman was better than a specific man, because it could be proven that excluding the women was detrimental to the business.  We now state as fact that companies with women on the board outperform those without. 

We need to analyse the relationship between company performance and the extent of neurodiversity within the workforce to be able to conclusively prove our hypothesis that neurodiversity is an asset and move beyond discussions of the specific traits of individuals.

We are seeing the start of this research in the cybersecurity industry, championed by progressive employers who are driven by market need to make the necessary changes. Organisations like NeuroCyberUK, the National Autistic Society and employers such as HSBC, the civil service and GCHQ, to name a few, have shown the value of neurodiversity inclusiveness. 

However, despite the data and the discussion, we must not overlook the stigma that can go alongside a spectrum diagnosis.  The National Police Autism Association states on its website “Autism would be an additional hurdle to overcome during the assessment centre and initial training”, and a google search will leave many aspiring pilots concerned that a diagnosis is likely to restrict their ambition. 

We use a very few labels to describe a vast spectrum of human neuro characteristics, and it is resulting in confusion and prejudice.  Just as many are battling to make mental health less taboo, broadly understood and better supported, so we need to open up awareness of the natural variation in our own brains and support neurodiverse role models to prove that a diagnosis can be a certificate of aptitude, not a limiter on achievement.

Neil Thacker, CISO, Netskope
Image source: Shutterstock/deepadesigns