Filling the security skills gap through neurodiversity

Filling the security skills gap through neurodiversity

Businesses need to harness neurodiversity in the technical security workplace to fill skills gap.

Businesses need to do more to attract and increase the number of neurodiverse people in the workspace to help fill the shortage in cyber security, according to a new report published by CREST, the not-for-profit accreditation and certification body for the technical security industry.

In particular, the report explores how the careers advice and recruitment processes can be more creative, inclusive and tailored for people with ADHD (Attention Deficit Hyperactivity Disorder), Autism, Dyslexia and Dyspraxia and how the workplace environment and culture can be fashioned and improved for neurodiverse people.

With an estimated 10% of the UK population being neurodiverse in some form, employers are missing out on a great deal of talent, as well as giving people opportunities which have often been unobtainable in the past. A link between certain neurological conditions and high performance in technical rolls has long been acknowledged but the report stresses that having a ‘neurodiversity strategy’ should not be a one-size-fits-all initiative and businesses need to listening to people about their needs and how they prefer to operate.

“As a society we’ve put great emphasis on literacy, numeracy, concentration and social interaction in terms of fundamental skills for the workplace, but the tide is turning as employers recognise they cannot afford to ignore large and previously untapped reservoirs of talent,” said Ian Glover, president of CREST. “Embracing a workplace that offers different thinking styles and approaches to problem solving, and innovation can thrive simply makes good business sense.”

The cyber security industry has already recognised that people on the Autistic spectrum can provide invaluable skills and are often the best performers in technical roles. For example, GCHQ is one of the biggest employers of Autistic people in the UK, while the National Crime Agency (NCA) has revealed that some teenage hackers have been found to be on the Autistic spectrum and are being targeted for recruitment by criminals.

The CREST report was based on a series of interactive workshops and provides a number of recommendations to support the existing neurodiverse workforce, help retain them and to provide assurance to future employees.

The report is one of a set of collaboratively produced diversity related publications produced by CREST. Others in the set include: Stress & Burnout; Gender Balance, and Physical Disability. To download the full report, go to: https://www.crest-approved.org/knowledge-sharing/research-reports-position-papers/index.html

Other sources of support include:


CREST is a not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognised accreditations for organisations providing technical security services and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence and security operations centre (SOC) services. CREST Member companies undergo regular and stringent assessment, whilst CREST certified individuals undertake rigorous examinations to demonstrate the highest levels of knowledge, skill and competence. To ensure currency of knowledge in fast changing technical security environments the certification process is repeated every three years.

Copyright Lyonsdown Limited 2021

Top Articles

Usability and email security

When employees understand how their behaviour impacts email security, they become much more efficient at detecting scams, preventing data breaches, and protecting sensitive information.

The pen testing guide you never thought you needed, until now…

Security testing should be at the centre of any cyber strategy,

Institute of Cyber Digital Investigation Professionals launched

CIISec & College of Policing are announcing the independent launch of the Institute of Cyber Digital Investigation Professionals (ICDIP)

Related Articles