Letting Neurodiverse Talent Shine in Cybersecurity

Neurodiversity is increasingly recognized as an asset in cybersecurity, but how can enterprises best attract and support neurodiverse talent?

Carrie Pallardy, Contributing Reporter

November 6, 2024

8 Min Read
A female clicking on futuristic neural network
Wirestock, Inc. via Alamy Stock Photo

Approximately 15% to 20% of people are neurodivergent, and that percentage could be even higher in STEM fields. Neurodiversity is a broad term that includes many different conditions: autism spectrum disorder (ASD); attention-deficit/hyperactivity disorder (ADHD); and dyslexia, to name just a few.  

As cybersecurity stakeholders continue to discuss filling the talent gap and tackling today’s security challenges, neurodiverse talent is a valuable resource. But attracting and working with this talent requires leaders to recognize the different needs of neurodivergent people and to foster work environments that make the most of their skills.  

Neurodiversity as an Asset 

Many major companies, such as Microsoft and SAP, recognize the value of neurodiverse talent and have formal recruiting programs. Jodi Asbell-Clarke, PhD, heard firsthand from companies with these kinds of hiring initiatives as she conducted research for her book on teaching neurodivergent people in STEM.  

“I expected to hear something like, ‘Oh, the CEO’s nephew was autistic, and we wanted to do the right thing. I expected to hear things about philanthropy and equity, and that w as not what I heard at all,” Asbell-Clarke, a senior leader and research scientist with TERC, a nonprofit focused on advancing STEM education, told InformationWeek. “They were saying it's because the talent. ‘We consider neurodiversity in our workforce our competitive advantage.’ These are the most persistent and creative and systematic problem solvers.”  

Related:Tech Company Layoffs: The COVID Tech Bubble Bursts

How can that talent be put to work in the cybersecurity workforce?  

Ian Campbell was diagnosed with major depressive disorder and generalized anxiety early in his life. Then, at the start of the pandemic, he was diagnosed as autistic. Cybersecurity was not his first career. He was providing tech support for the US House of Representatives before he made the switch to security. Currently, he is a senior security operations engineer at DomainTools, a domain research service company.  

Throughout his career, Campbell has found hyperfocus to be one of his strengths. “Scrolling through tens of thousands of things, of log files, hyper-focusing on that, and being able to intuitively pattern match or detect pattern deviations was a huge benefit in both tech support and security,” he says.  

Megan Roddie-Fonseca, senior security engineer at cloud monitoring as a service company Datadog, is autistic and has ADHD. She shares how productivity is one of her biggest strengths.  

“I find efficient ways to do things,” she says. “I use that efficiency to be able to tackle tasks … in a way that some people might not get the same amount of work done in the same amount of time.” Roddie-Fonseca is also a co-author and instructor with the SANS Institute.

Related:Things CIOs and CTOs Need To Do Differently in 2025

Challenges in the Workplace 

While awareness of neurodiversity, and the nuance within that very broad term, is growing, there are still plenty of potential challenges in the workplace.  

Neurodivergent people face the tricky question of disclosure. Should they tell their managers and coworkers about their diagnoses? Neurodiversity is more openly discussed, but that doesn’t mean there aren’t people who will misunderstand or react to disclosure negatively. 

“A lot of people I know who are neurodivergent … haven't come out as neurodivergent because they don't want to be seen that way,” says Campbell. “They don't want, frankly, their careers limited by someone who has a poor view of neurodivergence.”  

The decision to conceal neurodivergent traits, known as masking, can be a difficult undertaking.  

“Masking … is basically suppressing your own neurodivergent urges and needs for the sake of function in a world that's not built for us, and masking is incredibly tiring,” says Campbell.  

Related:What to Do When a Key IT Vendor Suddenly Goes Out of Business

The decision to disclose or not is a personal choice, one that is likely influenced by the level of support people can expect from a workplace.  

The way people communicate at work, for example, can potentially lead to misunderstandings. One study using the classic game of telephone -- a group passes information to one another down a line of several people -- illustrates these potential challenges.  

The study broke its subjects into three groups of people: autistic, non-autistic, and mix of both. The first two groups exhibited the same skill level relating to information transfer. But communication problems arose in the mixed group.  

In a cybersecurity workplace, neurotypical and neurodiverse people are going to need to find ways to communicate with one another effectively. Some work environments will foster opportunities to learn how to best build those communication pathways. Some won’t.  

The physical aspects of the work environment can also be a challenge for neurodivergent people who have sensory processing issues. The lighting and sound levels of an office, for example, can result in sensory overwhelm for some people.   

Hiring and Supporting Neurodiverse Talent  

Enterprises can attract neurodiverse talent through formal hiring programs or by working with external organizations, such as Specialisterne. Regardless of the approach, partnered or solo, hiring managers and cybersecurity team leaders need to evaluate and adapt their strategies.  

During the interview process, Asbell-Clarke recommends matching that short experience to the work you hope to see in the actual work environment. If you are hiring someone who will be conducting highly detailed work under time constraints, mirror that process when evaluating candidates.  

“If you want to see people's best problem-solving, give them the time and space to solve a task and then ask them about how they did it,” she says.  

In the cybersecurity work environment, managers will find that getting the best work from their neurodivergent workers will require varying approaches.  

“Neurodiversity is this massive spectrum,” says Jackie McGuire, senior security strategist at Cribl, a unified data management platform. “It can be confusing as a manager because you can have two team members who are on exact opposite ends of that spectrum who need completely polar opposite things.” 

For example, one neurodivergent person may thrive in a structured environment, while another may do their best work with a high degree of freedom. Additionally, the ways neurodivergent people best receive and respond to feedback can differ.  

Taking that nuanced approach to management can not only benefit neurodivergent works but cybersecurity teams as a whole. Asbell-Clarke offers some questions that managers can ask their workers.  

“What are the conditions that will make you the best problem solver? What do you need to have your talent shine?” she says. “Ask … that of everyone, not just the neurodivergent.” 

Direct, clear communication is one of the most valuable strategies for empowering cybersecurity teams with both neurodivergent and neurotypical people. For example, teams can commit to keeping clear notes and highlighting action items from meetings to ensure everyone is on the same page.  

Creating the kind of environment that is responsive to the different needs of its employees is an iterative process. Over time, workplaces can become more supportive of neurodiverse talent and encourage them to do their best work.  

“Employers can encourage their neurodivergent learners to unmask by removing any stigma that may come along with that. Not only is it about adapting the workplace, it's also about adapting the culture,” says Asbell-Clarke.  

How can neurodivergent people play a role in shaping cybersecurity workplaces? People, such as McGuire, Campbell, Roddie-Fonseca, who speak up can increase awareness of neurodiversity and its tremendous value to employers. But not everyone is in the position to be an advocate.  

“Unfortunately, the people who would benefit the most from accommodations are oftentimes also the people the least likely to ask for them or the least able to initiate that conversation,” McGuire points out.  

But that doesn’t mean nothing can be done. Recognizing your neurodiversity can be an important step forward. “Do what you can to educate yourself more on what neurodiversity is and the way it manifests and the types of support you can provide yourself,” McGuire recommends.  

Connecting with other neurodivergent people, either at work or industry events, can be a helpful way to discuss navigating the workplace.  

Some companies have formal neurodiversity working groups. McGuire, who has ADHD and autism, helped co-found a neurodiversity employee resource group. “One of our initial focuses is what can we do to help neurodiverse people better advocate for themselves at work,” she shares.  

If a company doesn’t have one of these groups, look for ways to create an informal one. “The way neurodiversity manifests in different people, if you get more than a couple of neurodiverse people together you will get one of them who is a great advocate,” says McGuire.  

Roddie-Fonseca didn’t consider herself much of an advocate until her manager suggested she submit a talk about her experience as a neurodivergent individual in cybersecurity at the hacker and security conference Defcon.  

Attending cybersecurity industry can events can help neurodivergent people connect and discuss their workplace experiences and be a valuable tool for career development. “There's a lot of competition for jobs at times and who you know does make an impact,” says Roddie-Fonseca.  

Accommodations can be an important way to ensure neurodiverse people can do their best work but having that conversation can be uncomfortable for both the people asking and the people listening.  

“Everybody's afraid of accommodations, but if we want to pull the amazing strengths from these neurodiverse people … we have to be willing to invite things like accommodations and be flexible with them,” says Campbell.   

Building a career in cybersecurity, or any other industry, takes time and often trial and error. There is no guarantee that a workplace will be the right fit.  

“Understand that there are organizations and managers out there that will support you and will value you for who you are, not who they want you to be,” says Roddie-Fonseca. “Continue pursuing the opportunities to find a place where you will be happy and comfortable and thrive versus accepting a place that doesn't truly value you for the strengths you do have.”

About the Author

Carrie Pallardy

Contributing Reporter

Carrie Pallardy is a freelance writer and editor living in Chicago. She writes and edits in a variety of industries including cybersecurity, healthcare, and personal finance.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights