Language Translation
  Close Menu

Section

Breadcrumbs

CYBERSECURITY: A PEOPLE PROBLEM WE CAN SOLVE

Wednesday, April 10, 2024

Blog topics: 

When it comes to someone suggesting that cybersecurity is a “people problem”, one of the things that came to mind is a recurring bit – known as the “Mr. Obvious Show” that airs on “The Bob and Tom Show”, a nationally-syndicated morning radio program.

The “long time listener, first time caller” always ends up acknowledging that he “didn’t make the connection”, as Mr. Obvious hilariously expresses, all at once, his amazement/frustration with the situation. It’s an example of the fact that sometimes it’s OK to add a little bit of humor to help us accept the fact that some situations just aren’t as deep as we might think to overcome and that the answer is right in front of us.

All kidding aside, cybersecurity is a people problem; we still act surprised, at times, that we accidently clicked on the wrong link or, worse, we allowed ourselves to be convinced it was OK to authorize a payment to a trusted vendor, only to discover later that our company just fell victim to a business email compromise. On top of that, according to the 2023 ISC2 Cybersecurity Workforce Study, there are a couple of things we need to keep in mind:

  • The global cybersecurity workforce continues to grow. We’re up to 5.5 million people who work in cyber, an increase of nine percent since 2022, yet the gap we need to fill grew by 13 percent. Because of that, it means that in 2023, we needed four million – more – cybersecurity professionals to reach what is defined as “full capacity”.
  • As all of this is happening, 75 percent of the professionals, surveyed in the report, said the current threat landscape is the most challenging it’s been in the past five years.

Of course, there’s a lot of things we can (and should) do, but one of the options that’s available is to continue expanding the field of job candidates by including and hiring (even) more people, who are neurodivergent.

One of the things we’re learning, coming out of the pandemic, is that we’ve dramatically redefined what we think about when it comes to working a job in a “typical office culture”. In that sense, working remotely is just the tip of the proverbial iceberg.

Moreover, as noted in a 2022 article in The Wall Street Journal, “people who are neurodivergent offer key talents and skills to enhance America’s workplaces.” This is especially true in the cybersecurity sector, with people whose traits, such as hyperfocus, precision, persistence and the ability to identify patterns, can make for an especially good fit.

April is National Autism Acceptance Month, yet neurodiversity also includes people, who’ve been diagnosed with conditions ranging from Attention-deficit hyperactivity disorder (ADHD), Dyslexia, mental health conditions, such as bipolar disorder to social anxiety, Tourette syndrome and Williams syndrome.

The fact is, companies that have successful neurodiversity workforce programs have changed the way they recruit, interview, hire, and manage their employees. In doing so, they’ve followed four steps, including:

  • Placing more emphasis on performance than on communications.
  • Providing opportunities for employees to work and express themselves in different ways, not always adhering to one cultural norm.
  • Encouraging managers to foster clear guidelines and expectations, with meeting agendas prepared in advance and meetings documented clearly afterwards, so that nothing that gets missed or misinterpreted.
  • Doing work in teams where each person can work to their strengths, contributing where they are best suited, and relying on others for areas where they struggle.

As a result, companies are discovering that the accommodations they’ve made are right in line with what all their employees view as good management practices.

As more people, who are neurodivergent are provided the opportunity to pursue a career in cybersecurity, we’ll achieve even greater progress with getting ahead of the cyber incidents and cyberattacks that are out there. And with it, more of us can end the call -- we’re making to our cyber, IT and information security staff – that we’ve made the connection and the Mr. Obvious in all of us will be a little happier!