Neurodiversity in Cybersecurity - Part 1

Cybersecurity needs more neurodiverse talent – and a growing number of organisations in the industry are recognising this. 

In 2020, CREST’s Neurodiversity in the Technical Security Workplace report demonstrated that more needs to be done to increase neurodiversity in cybersecurity in order to create more inclusive and tailored recruitment processes, attract more neurodiverse people into the industry.

Stuart Seymour (CISO at Virgin Media) is an experienced cybersecurity leader who is also proudly dyslexic, and dedicated to championing the value of diversity in the field. We asked him about his own experience of navigating cybersecurity as a neurodiverse person, and he said: 

“My neurodiversity (dyslexia) I believe has significantly helped me in my career. I have been able to see things differently and sometimes arrive at solutions quicker. 

“This has played out in cyber incident response, where often I just started at the problem backwards and followed a chain of events from back to front. Earlier in my career when reports were handwritten, dyslexia and spelling were an issue – but now we have spell check (a godsend for me), that aspect has alleviated.”

Can neurodiversity be an advantage in cybersecurity?

Different ways of thinking and working can be a real advantage in certain roles, when the individual is supported to embrace their abilities and use them. 

“Dyslexia is, for me, about thinking differently or another perspective,” Seymour said; “it should not be seen as a limiter. I really do think that neurodiversity is a massive plus – in the right role – in cyber. I actively recruit neurodiverse candidates for specific roles.”

We asked why (and for what kinds of roles) he sees neurodiverse talent as particularly valuable, and he explained it like this: 

“One of the traits of some neurodiverse individuals is the reliance on constants and routine. The fruit bowl is always there. I always have lunch at 13:00, I always have this place mat, not that one. A degree of discomfort arises when the fruit bowl is not there but here; lunch is late; and there is a different place mat. 

“In essence there is the absence of the normal and the presence of the abnormal, which if you think about it, is just what the Security Operations Centre is there to spot. Some neurodiverse people have their senses highly in tune with this and are able to spot even the slightest deviances that neurotypical people miss.” 

Organisations and cybersecurity leaders can do more to attract and include neurodiverse professionals  

One of the key barriers standing in the way of neurodiverse people entering the industry and building successful careers isn’t their own limitations, but a lack of understanding from the people choosing who to hire. 

“I think there’s a lack of awareness of just how brilliant neurodiverse people can be in the right job and the right environment. I think that we also need to set people up for success and play to their strengths.”

Seymour urged organisations to celebrate differences and embrace different ways of working – “which gives, in turn, a richness to the solution.” 

And on a purely practical level, companies can do more to provide resources that enable neurodiverse professionals to be productive in the workplace – such as wide screens, dictation software, or software that reads to you.  

The cybersecurity sector is becoming more inclusive of neurodiversity 

“I think things are improving,” Seymour said, “but we need to talk about it a lot more. I think it is also up to neurodiverse people to openly talk about it, and that neurodiversity just means different thinking not lesser.” 

Across industries, neurodiverse people are significantly underrepresented in the workforce. It’s difficult to pin down accurate figures because the term covers so many different forms of neurodiversity, and many neurodivergent individuals are either undiagnosed or don’t share their diagnoses with employers. 

But talking about neurodiversity, sharing experiences, and highlighting the potential of neurodiverse talent to excel in cybersecurity is critical to continued improvements in inclusivity.

Register now to attend Back Hat MEA 2024 and immerse yourself in learning directly from the leading experts in cybersecurity.