Companies across north America are facing more cybersecurity pressures and can’t find the staff to help them. Now, a group of experts is exploring an overlooked segment of the population to help: those on the autism spectrum.
The cybersecurity skills gap is growing, says Marian Merritt, lead for industry engagement at the National Initiative for Cybersecurity Education (NICE). “We project globally by 2020 that we will be short 1.5m people. That’s entry level all the way up.”
A lack of practical experience among new graduates is compounding the problem, she adds. “There may be people going to university or getting their college degree in cybersecurity but they still graduate with a skills gap,” she points out. “They don’t have hands-on skills.”
Consequently, there’s a push to hire mid-range professionals in a relatively young industry, leading to inflated salaries and a workforce prone to jump jobs quickly.
Companies can mitigate this problem by being flexible in who they hire, she says, and by investing in them. Cybersecurity tasks are often highly technical and complex. That happens to be something that people on the autism spectrum can often be good at – but companies must invest extra time and effort in working with this group.
Autism is a neurodevelopmental disorder that carries some common traits. People fall on a spectrum of autistic behaviour, exhibiting these characteristics to varying degrees.
No one person on the spectrum is the same, but they can often gravitate towards repetitive behaviour and can find social interactions difficult. They often focus intensely on a narrow area of interest, and can be better at processing fine detail rather than more global features. That makes this group of people, who are often called “neurodiverse”, particularly interesting to companies starved for technical talent.
“Why this population has come to the attention of the technology industry is that there certainly can be characteristics of attention and focus and technical proficiency in people with certain kinds of neurodiversity characteristics,” says Susanne Marie Bruyere.
Bruyere directs the K. Lisa Yang and Hock E. Tan Institute on Employment and Disability at Cornell University’s ILR School, which is a college for studying the workplace. She and her colleagues are exploring those capabilities to see how well they can map to technology jobs.
George Washington University is specifically targeting those on the autism spectrum for cybersecurity training as part of a new program called CyberBlue. Its co-director Diana Burley, who is also executive director of the Institute for Information Infrastructure Protection, hopes that this will help to fill a widening skills gap in the US.
In many cases, companies haven’t considered neurodiverse candidates for jobs because of common disabilities, Burley says. Many high-functioning people on the spectrum may not cope well with social situations, for example, which can make it difficult to fit into a conventional workplace. Along with her CyberBlue co-director Kevin Pelphrey, she hopes to change that.
“Let’s identify what we need to do to develop the cybersecurity knowledge that they have,” she says, “but also to help the organizations that they might go to begin to understand how to have a diverse population within their organization, and adjust the culture.”
How can companies adjust the way that they hire and accommodate employees to welcome those on the spectrum?
“When employers take a concerted effort in a particular population they are indeed successful in bringing in new populations that they probably previously overlooked,” she says.
One way to accommodate the neurodiverse is to create screening processes that don’t filter people out, says Bruyere. The normal interview process can be intimidating and challenging for those with autism.
“We all have a bias about how interviews should go,” she explains. We expect interviewees to smile, be social and to put us at ease. We look for team players. Neurodiverse people aren’t always like that.
“In some cases by having those expectations, we may eliminate people who might be a little awkward in that process but may be incredibly technically capable,” she warns.
She points to internships as a way of easing neurodiverse employees into the workforce, and calls for top-level management commitment to make neurodiverse employment initiatives work.
It isn’t just senior management that companies must get on board, adds Merritt, but mid-level managers who will work with a neurodiverse person day to day. “How do you provide feedback? How do you coach? How do you talk about things like the behaviour that’s expected in a meeting?” she asks. This takes some careful planning.
Companies are already tackling the issue in tech and further afield. JP Morgan has an Autism at Work program, and SAP’s similar initiative recruits neurodiverse candidates for tech jobs. Microsoft and HPE are also actively working to hire, train and accommodate autistic people in the workforce.
Now, the race is on for the cybersecurity industry to do the same. But it will take some maturity and lateral thinking from top to bottom if businesses are to make it work. CyberBlue’s Pelphrey will be one of a series of speakers at a NICE webinar on this topic on October 18. He and others will explore methods to work with the 50,000 Americans with autism that turn 18 every year.