The power of neurodiversity in cybersecurity
In the cybersecurity world, a telling quote is ‘defenders think in lists, attackers think in graphs’, or in other words, that an adversary’s ability to find unexpected connections gives them the upper hand over those defending the system.
After all, attackers are known for thinking outside of the box, which is why complex passwords and multi-factor authentication (MFA) by themselves do not solve the rising data breach numbers. To respond, defenders need to think differently.
Gunnar Peterson, CISO of US-based Forter, a software as a service company that provides fraud prevention technology for online retailers and marketplaces, and Kathryn Kun, director of information security, suggest company leaders should consider neurodiverse talent and those from non-security related fields to join their security teams amidst popular sentiment on talent shortage.
Neurodiverse individuals are a huge asset to security teams, bringing unique perspectives to problem-solving and breaking the cycle of group think, says Peterson.
“Seeking out neurodiverse teammates in hiring and recognising and building around their strengths can be a vital asset to anticipating an adversary’s moves and uncovering potential solutions to problems before they arise,” he adds.
Peterson says this is a growing challenge for certain organisations. “I hope security managers widen the aperture in ways of working and dismantle the systems that are set up to develop and reward cookie-cutter operators. Neurodiversity is a security strength, and we should collectively work to foster a more inclusive industry for everyone,” he says.
Research seems to say yes, with industry analysts predicting that the digital skills gap will leave about 85 million jobs unfilled by 2030, but it doesn’t paint a complete or accurate picture, feels Kun.
In all actuality, the skills gap is just a recruiting gap, where companies fail to look beyond limiting job qualifications or the usual candidate pools, to include individuals with not-so-traditional backgrounds that could have given them desperately needed skills.
“In fact, my own path to security was unorthodox. I have degrees in philosophy and chemical engineering; and spent the majority of my early career without ever considering a role in cybersecurity. But it’s precisely the skills I mastered in these disciplines that have helped me carve out a place in information security,” Kun says.
“I would like to encourage company leaders to think outside of the box and see how other job roles such as librarians, educators, sales and communications professionals, HR and civil service workers and more could fit into the security field. Because as long as we keep hiring from a limited perspective and one-size-fits-all resumes, we will continue to do the greater cybersecurity industry a disservice. Examining what skills we need to hire for, and focusing on where else we can find those skills will only strengthen our ability to fight against adversaries,” she adds.
Satya Machiraju, vice president, Information Security at enterprise software platform Whatfix, says the world will continue to become more digitised with the ongoing technological advancement. Thus, a skilled workforce that can address the evolving threat landscape associated with technological advancements is a must.
A study by the World Economic Forum states that by 2025, 50% of all employees would need reskilling in order to match the technological advancements. To cater to the changing landscape, leaders need to reconsider the talent profiles, and look beyond traditional methods of hiring to address the talent gap.
Machiraju says in addition to upskilling and reskilling existing employees through training sessions, mentoring programs, certifications etc., one can also explore neurodiverse talent.
“It can play a crucial role to mitigate IT security threats as such a workforce comes with analytical bent of mind and can spot trends. It is imperative to increase training and investment in cybersecurity space through customised curriculum for cybersecurity professionals for a better experience along with newer options such as neurodiverse talent.”