The cybersecurity professional labor shortage is no secret and has only been exacerbated by the COVID-19 pandemic. For many enterprises, hiring processes slowed or stopped altogether; even those which were able to resume normal recruitment efforts were met with a cyberskills gap. According to some researchers, unless there is a complete overhaul of how cyberprofessionals are recruited—and retained—the gap in cybersecurity personnel is only going to grow larger.
To prevent this, organizations must analyze and understand the current workforce composition. Minorities comprise 26% of the cybersecurity workforce and only 21% of the overall workforce.1 This is a key demographic that warrants further research to develop methods to recruit more minorities into the field. Much of the existing body of research also fails to explore the effective sources of cybersecurity personnel or what skills other than technical are good indicators of success. The US workforce does not mirror the adult population at large, as neurodiverse US citizens are underrepresented in the workforce and, specifically, in cybersecurity.
The term “neurodiversity” acknowledges that humans have neurological differences and, rather than categorize people into normal and not normal groupings, it is more appropriate to think of the differences as being along a spectrum. Just as autism is typically discussed in this fashion, all cognitive abilities are on a similar scale or spectrum. Why does the workforce appear so noninclusive of the full spectrum of neuroabilities that exist in the real world?
There is a plethora of information on the technical skill sets that effective cybersecurity workforce members should possess; however, these technical skill sets often omit other factors that make a person a good candidate even if they do not possess the technical skill set. Neurodiversity is a competitive advantage that should be leveraged by the cybersecurity field.2 Among the top reasons for the lack of neurodiversity is a cultural gap rather than a skills gap. Someone on the autism spectrum could be just as capable at filling cybersecurity roles as anyone else, however, it is the stigma that prevents them from obtaining positions.
Neurodiversity is a competitive advantage that should be leveraged by the cybersecurity field.
Several core social theories have been assessed on how they could be applied to the cybersecurity workforce.3 These types of studies can be used to help focus recruitment efforts and assist in developing the type of incentive programs that are best to recruit, retain and train the cybersecurity workforce. A study on gender inequality in science, technology, engineering and mathematics (STEM) education reported that in most countries reviewed, boys scored higher than girls in these academic areas. The study also found that boys reported higher interest and enjoyment in STEM-related educational courses.4
Research on computational design explains that although system architects are sympathetic toward the needs of others, they do not understand the needs of a neurodiverse user base. This effectively creates barriers and exclusionary systems for those with neurodivergent minds.5
To learn more about diversity in the cybersecurity workforce, read the ISACA® Journal, vol. 5, 2021 online exclusive article “Cybersecurity Workforce Diversity—Including Cultures, Personalities and Neurodiversity.”
Endnotes
1 Reed, J.; J. Acosta-Rubio; Innovation Through Inclusion: The Multicultural Cybersecurity Workforce, An (ISC)2 Global Information Security Workforce Study, Frost and Sullivan, USA, 2018
2 Curry, S.; “Neurodiversity: A Competitive Advantage in Cybersecurity,” Forbes, 13 May 2019
3 Dawson, J.; R. Thomson; “The Future Cybersecurity Workforce: Going Beyond Technical Skills for Successful Cyber Performance,” Frontiers in Psychology, 2018
4 Stoet, G.; D. C. Geary; “The Gender-Equality Paradox in Science, Technology, Engineering, and Mathematics Education,” Psychological Science, vol. 29, iss. 4, 2018, p. 581–593
5 Ahlquist, S.; “Negotiating Human Engagement and the Fixity of Computational Design: Toward a Performative Design Space for the Differently-Abled Bodymind,” International Journal of Architectural Computing, vol. 18, iss. 2, 2020, p. 174–193
Christopher Henry
Is a cybersecurity professional with experience primarily in the government sector. He has more than 25 years of IT experience while serving in the US Army Medical Department, retiring as a Lieutenant Colonel. Currently, he is a defense contractor supporting the US Department of Defense. He is passionate about knowledge sharing and building better cybersecurity teams.