Neurodiversity in Cybersecurity skillsets


By Dr. Astha Keshariya

Cybersecurity is rather loosely used term with varying subjective definitions due to the different dimension of understandings and work experiences. In 2014 “Technology Innovation Management Review”, examined the multidimensionality of the cybersecurity spread across separate disciplines and different technical views and defined it as –“Cybersecurity is the organization and collection of resources, processes, and structures used to protect cyberspace and cyberspace-enabled systems from occurrences that misalign de jure from de facto property rights.”, by Dan Craigen, Nadia Diakun-Thibault, Randy Purse. It is this multidimensional aspect of cybersecurity that obscures resolution to some of the complex cybersecurity challenges.

What is Neurodiversity?

Neurodiversity is described as a huge range of variations in neurocognitive functions of the brain and the behavioural traits in humans, like, information processing styles, differences in perspective & viewpoints, ways of thinking, and other cognitive abilities. On the other hand, neurotypicals usually behaves the way society expects of them. It does not refer to neurological deficit or any mental health condition, mental health problems can affect neurotypical and neurodivergent brains in the same way.

Neurotypical may find a constantly evolving cyberthreat landscape stressful and burdening situation to deal with while, neurodiverse individuals may show functional impulsivity and a desire to explore unchartered terrain, ready to take on calculated risks.

No matter whatever would have been the cause of classical or operant conditioning, neurodivergent individual seem to choose a distinctive modus operandi, and are stimulated when tackling uncertain terrain. They show profound cognitive abilities to think out-of-the-box, pattern recognition, knowledge processing, idea generation, problem solving and innovation which is a competitive advantage.

It’s a well-known fact that cyberattacks or security breach have the potential to pose systemic risk by disrupting the business operations, thus demands high-stakes of attention when dealing with it. Consequently, operational resiliency includes the overall resiliency of the system beyond the technology risks encompassing the underpinning operations, infrastructure, data (including crown jewels), and services of digital technologies.

Bad-Cyber Actors

Let’s look into who are these “bad cyber-actors” behind these cyberattacks and what motivates them:

Organized crime – are group(s) of hackers with specialized capabilities, they usually have some insider information probably acquired over a period of time to identify underdefended attack vectors, primarily motivated by profit or some kind of financial gains.

Hacktivists – group of hackers with similar capabilities as those of organized crime but their motivation is driven by ideological beliefs rather than financial gain. Typically, they target governments or legal system, leaking insider information to the press, or seeking to interfere with social or formal processes as a protest to show their disagreements.

Adversaries – group of hackers who possess enough resources both financial and technical with specialized expertise to conduct sustained and persistent attacks, their motivation spans beyond economic, financial and political barriers.

Insiders – previously employed resentful employees, competitors, contractors, third-party vendors or business associates, who have some key internal information – concerning the organization’s security practices, trade secrets, data and systems that could be leveraged to gain unauthorized access to internal systems – to either launch cyberattacks themselves or to support or sell insider information to any of the above mentioned groups.

Skilled individual hackers or Script Kiddies – individuals with some skills probably not to the level of specialized capabilities but are seeking to exploit known vulnerabilities to achieve either financial gain or gain some reputation as a serious hacker.

This classification shows that these bad cyber-actors or cybercriminals are not bound to the stereotypical gains i.e. financial, reputational or monetary benefits, but also to show emotion in favour of intellectualism, even worse, just for the fun of seeing the world burn.

Undeniably, the underlined fact is that organizations do not control cyberthreats, they can only manage them by controlling priorities and investments in cybersecurity readiness, which is of course a choice for an organization – A choice that is meant to be chosen!

This emphasizes the continual need of cybersecurity readiness in managing cyber risks and the effectiveness of security controls to detect, prevent, contain and respond to the constantly evolving cyberthreats landscape.

Significance of Neurodiversity in skillsets

The recognition of importance of cognitive diversity or neurodiversity in skillsets augments a promise to deal with such cybercriminals who continue to present complicated and pervasive cybersecurity issues. Combining neurodivergent along with neurotypical thinkers will not only expanded analysis beyond functional bias but will also accelerate learning, and better team performance.

Neurodivergent may find themselves stimulated by roles that demands cognitive intelligence, such as, cyber-intelligence analysis & creation, assessment of threat-intelligence, behavioural threat assessment, insider threat investigation, computer forensics, steganalysis, tradecraft analysis, fraud detection, potential real-time intrusion detection, incident analysis, vulnerability impact assessment, application security testing, malware impact analysis, etc.

Neurotypicals are particularly suitable to handle scalable processes that require absolute conformity to standardized approaches befitting value to the organization. It does not mean that they do not possess cognitive capabilities rather they enjoy following more disciplined approach to problem solving. Neurodivergent adds strength in to the mix to explore alternative theories thus challenging set old patterns.

With ever expanding attacks and constantly evolving attack vectors, organizations have legitimate reasons to be concerned about their potential vulnerability. Having both neurotypicals and neurodiverse groups together, working as a team will form a stronger workforce that adds dimensionality to effective cybersecurity defence.

About the Author

Astha Keshariya, PhD, MSC[Honours], MBA, has consulted Commercial and Academic organizations in the field of Information Security and Cryptography for over 16 years. Awarded Top 20 Women in Cybersecurity – Singapore 2020

She is a visionary leader who grounds vision planning, and decision-making based on the skills of Conscious Leadership, Continuous Learning and Inner wisdom by empowering, inspiring and leading with a shared vision to identify innovative breakthroughs. She has accomplished many critical projects in the Financial and Payment Industry, and believes in achieving business results by applying best laid strategies for business objectives along with determination to thrive in adverse conditions.