Specialisms tagged are
Choose your location
Hong Kong SAR
& Middle East
United Arab Emirates
Global Hays Tech
Send Your CV
This field is required.
Submit my CV
Data & Advanced Analytics
Projects & Change Management
Register a job
Data & Advanced Analytics
Projects & Change Management
Permanent & Contract Recruitment
Managed Service Programmes (MSP)
Recruitment Process Outsourcing (RPO)
Get in touch
Neurodiverse candidates could be the answer to cybersecurity skills shortage
James Milligan, Global Head of Technology at Hays
1 Year Ago - 865 Views
With cybercrime on the rise and a global cybersecurity skills shortage, improving opportunities for neurominorities benefits businesses and individuals.
According to the Global Risk Report from the World Economic Forum, cyberattacks are perceived as the fourth biggest risk faced by businesses globally. And it seems there is merit in the concern.
Research from Deep Instinct found that malware attacks rose by 358% in 2020, while a study from IDG Research Services found that nearly 80% of senior IT and IT security leaders believe their organisations lack sufficient protection against cyberattacks.
But while it seems the risk is appreciated, the talent is not necessarily there to tackle it. The International Information System Security Certification Consortium (ISC)2 Cybersecurity Workforce Study estimates that around four million more cyber professionals are needed globally to meet public and private sector demand.
With so much talent needed, making organisations more accessible to neurominorities may hold the key to the solution. Adults with conditions such as Autism, Attention Deficit Hyperactivity Disorder (ADHD) and Dyslexia are still hugely underrepresented across many workforces, yet they offer many strengths.
Looking at Autism alone, the problem is clear. In the US, 85 per cent of Autistic
, just 40 per cent of Autistic people are employed, compared to 83 per cent of neurotypical people. And
in the UK
, only 32 per cent of Autistic adults have ‘some form’ of paid work, with 16 per cent holding full-time roles.
Simon Davies is Principal Information Security Engineer at Nuance Communications. He also has Asperger syndrome, something that he initially self-diagnosed in his 30s before it was confirmed by doctors. And while his diagnosis came late, he says that signs were there early on. “I didn't communicate well with other kids, I'd be in my own world,” he explains. “I found it very hard to socialise and to play like the other kids. I wasn't interested in the same things. I was always more friends with people that were older than me. I never really fitted in with my age bracket.
“And I wasn't interested in school, school bored me. I was getting very high grades, but it didn't keep my attention.” He did find an early love for computers, disassembling his mum’s computer and learning hacking skills. He says that he found many other neurodiverse people within hacking communities.
“We weren't stealing money, we were just messing around. It's almost like a place where autistic people seem to have a home. In school, I was severely bullied – the teachers didn't really understand, doctors didn't understand what was wrong with me, so I found a home online.”
A perfect fit
While many neurodiverse people may find some parts of work and socialising more difficult, conditions that fall into the category can also give them particular strengths.
There are many skills associated with Autism, such as pattern-spotting, attention to detail and problem-solving. Autistic people may approach problems differently and can provide extremely creative solutions.
“I think a lot of us, we just won't let go of problems,” says Davies. “We'll get very fixated, and we'll keep going until we’ve solved it. We tend to be really tunnel focused on what we enjoy doing.”
Many of these characteristics can be particularly useful in technical disciplines, and security roles in particular. The Infosec Institute lists IT and networking skills, analytical skills and auditing skills among the top five that are most important for cybersecurity professionals.
Crest is an international not-for-profit accreditation and certification body that represents and supports the technical information security market. In its 2020 report,
Neurodiversity in the technical security workplace
, it stated that: "The cyber security industry recognises that people on the autistic spectrum can provide invaluable skills to the sector and are often the best performers in technical roles.
"For example, GCHQ is one of the biggest employers of autistic people in the UK. The National Crime Agency (NCA) has revealed that many teenage hackers have been found to be on the autistic spectrum."
Helping neurodiverse candidates to succeed in interviews
But while neurodiverse candidates bring many
benefits to the workforce
, many interview processes do not give them the best chance of success. Davies warns that some assessment tools in particular can be challenging for neurodiverse individuals, such as group interviews.
“It’s horrible when they get a load of you in a group, and you've got to work and do a task together,” he says. “Although we might be good for the job, we'll just be overpowered by other people. We are better probably one-on-one.”
Ensuring you have measures in place to assess for skills
, rather than expecting these candidates to present themselves in the same way as neurotypical colleagues, is vital. Brad Cohen, Chief Marketing Officer for Aspiritech,
spoke with Hays on the issue last year
. The US software and quality assurance (QA) testing non-profit’s entire workforce is made up of Autistic people. Founders Brenda and Moshe Weitzberg set up the business in 2008 after their Autistic son, Oran, was turned away from many jobs.
“Primarily, it is identifying the skills that a candidate has and how to accommodate for their challenges,” says Cohen. “Specifically, weak social skills, a lack of eye contact, and difficulty with interviewing skills can hide the candidates’ true abilities.”
Levelling the playing field for neurodiverse colleagues
Of course, improving the interview process is not enough. Organisations must also ensure that neurodiverse colleagues are given the right platform to perform once they begin work.
Davies says that businesses must understand that communication in particular can be an area of difference. “There's some people who might be quiet, they might be quirky. There's very different sides to Autism but accepting us for the fact that we might not communicate in exactly the same way [is important].”
It’s also necessary to work with neurotypical colleagues to help them better understand the differences neurodiverse colleagues might bring to the workplace. Davies says that when he has shared his condition with others in the past, they have not known how to react to it.
“I found when I'm honest and open with people and say, ‘I’ve got Asperger’s,’ then they talk to me like a kid. I turned around to one guy and said, ‘You're talking to someone who helped the National Crime Agency catch serious criminals.’.
“One manager once said to me, ‘We learn communication as kids.’ And I said, ‘Well, maybe you did. But the way I communicate is different, and it's not something I have control over, and I'd love to be able to communicate like you. But at the same time, I wouldn't take a cure if there was one.’”
And for neurodiverse individuals, Davies says perseverance can be key to success: “Never give up, you've got to be stubborn, because I nearly gave up at times. It was hard. Keep going, apply for big companies and apply for companies that have got some understanding [of neurodiversity].”
Practical steps to improve your interview process
Neurodiversity in the technical security workplace,
offers a range of advice to make the interview process easier for various neurodiverse candidates, but also offers some general advice that may help organisations improve their process for all individuals:
Emphasise neurodiversity as part of the organisation’s brand, e.g. within the diversity and recruitment section of the organisation’s website. Case studies on how neurodiverse employees have previously been supported and have succeeded within the organisation could be included and are likely to encourage further applications from neurominorities.
Make role descriptions for jobs inclusive, clear and precise. Make it easy for people to identify the core skills requirements/expectations and include a diversity and inclusion statement which invites people with different thinking styles to apply and helps find the right people for the right jobs.
Provide opportunities during all phases of the recruitment process to disclose their conditions if people wish to. This may initiate useful discussions and enable appropriate support to be given at various stages, e.g. interviews.
Global Head of Technology at Hays
James Milligan is the Global Head of Technology at Hays , having joined in 2000. In his role, he is responsible for the strategic development of Hays' technology businesses globally.
The benefits of a neurodiverse tech team in the workplace
How tech companies can hire for neurodiversity in the workplace
Please sign in to comment.
How to choose between in-house and consultant cyber security jobs
Six reasons you should try IT contracting
Work in one of these jobs? ChatGPT can help!
How to boost productivity at work and make generative AI work for you