Neurodiversity is a word you hear more and more – particularly in cybersecurity spheres, and it is estimated that around 15 per cent of the UK population is neurodiverse in one or more identifiable or “diagnosable” way. But exactly what do we need to know about neurodiversity? asks Neil Thacker, CISO EMEA at cloud security product company Netskope.
The term “neurodiversity” is used to cover a huge range of differences in brain function and behavioural traits. It recognises that all of our brains interact with the world in different ways, which can create challenges, but most importantly, also advantages. People who are described as neurodiverse may have one or more conditions such as ADD, ADHD, Autism. Dyslexia and / or Dyspraxia. The concept of neurodiversity encompasses everyone – both the “neurotypical” and the “neurodiverse”. It’s probably fair to say that while our education systems have been attempting to adapt, serve and support neurodiversity for many years, upon reaching adulthood, support can drop away dramatically. And for those who only secure a diagnosis once they are already within the workplace, it can be hard to know where to start with both information and support.
Unfortunately, there is an absence of broader neurodiversity statistics, and sometimes it is necessary to rely on autism statistics as a way to try to provide a snapshot of the challenge. The National Autistic Society, as an example, says that 68 per cent of autistic adults in the UK are unemployed, and yet 77 per cent of those surveyed, state that they want to work.
This should be particularly important to those of us in the information security industry because the cybersecurity sector is expected to suffer from a 3.5 million skills gap globally by 2021 (see here https://cybersecurityventures.com/jobs). And NeuroCyber, a not-for-profit group that is working to improve outcomes for neurodiverse individuals, states that up to three quarters of cognitively able neurodiverse adults may possess the aptitude and skillset for a successful career in cybersecurity.
I want to pause here for just a moment to deal with a complexity in the consideration of these statistics. As with all nominal groups of people, stereotyping of neurodiverse people should be avoided. Sweeping statements about the inherent capabilities of individuals who have a particular diagnosis can be highly misleading as well as damaging to the individual. As an example, we must avoid the adage that all autistic people are all great at maths but struggle to empathise or communicate.
However, it is true that many forms of neurodiversity are identifiable through strong skill sets and dominant behaviours. Autistic people, for instance, are blessed with a high attention to detail, are very effective at spotting patterns, trends and anomalies and can make independent unbiased decisions (something that “neurotypical” people can struggle to do). It is these very behaviours that help specialists reach a diagnostic decision, and so there is merit in the identification of an overlap between the characteristics of an autistic person, and the skillset sought out among cyber professionals.
As diagnoses increase, so do the chances of us all experiencing first or second hand neurodiversity in the workplace and those who would like to put their inherent skills to use in the industry.
Recruitment and interview processes and techniques, line management and HR policies, and internal communication strategies and tactics are just some of the areas of operations that can help or hinder attempts to improve neurodiversity. There are many organisations available that are working hard to support teams and companies to better attract and retain neurodiverse talent (NeuroCyber, the National Autistic Society) and there are progressive employers such as HSBC, the UK civil service and GCHQ who are leading the way and showing the value of neurodiversity inclusiveness.
Along with my colleagues, I am working to help my own company improve its support for neurodiversity, and I am hopeful that 2020 will see hundreds of other organisations recognise the importance of the same endeavour – for the benefit of both the individual and the performance of the organisation as a whole.
