What is neural diversity in cybersecurity teams?

Neurodiversity in a team means that there are people with different types of thinking in it. Employees of the Securityweek publication, with the help of Bugcrowd and Tall Poppy specialists, decided to figure out whether neural diversity could bring something new and positive to cybersecurity teams, in addition to general diversity.

What is neurodiversity?

Roughly speaking, people are divided into two categories – with neurotypical and neurodivergent type of thinking. The neurotypical type of thinking is the most common. It is impossible to choose a way of thinking, it is something that is given from birth.

From a “divergent” point of view, the “typical” brain is easily distracted, too social, and lacks attention to detail and routine. This is the brain nature has awarded most people on the planet.

The neurodivergent brain is not burdened with social difficulties, has an increased attention to detail, is able to concentrate, and it is very difficult to distract it (the so-called hyperfocus). However, the most important thing is that such a brain is capable of non-linear thinking.

Hyperfocus and non-linear thinking are very important for solving problems in the field of cybersecurity. However, neurodivergence is a rare phenomenon, and as is the case with all minorities, the majority should provide him with the conditions for prosperity.

Hyperfocus

People with a neurodivergent type of thinking can concentrate on the same subject for a long time – this is hyperfocus. People with a neurotypical type of thinking can also concentrate their attention, but they can always be distracted, which is impossible in the case of neurodivergents.

It is not uncommon for neurodivergents to have a fascination with computers and the Internet. However, this is not part of their condition, but rather the result of the impact of the modern world. Neurodivergent children are different from their peers, so they often become objects for ridicule. Parents and teachers are also unable to understand them, so they are increasingly turning to the computer. Then the computer becomes the object of their interest and, accordingly, hyperfocus.

Nonlinear thinking

The concept of nonlinear thinking is difficult to explain, especially to people with a neurotypical type of thinking. Rather, it is the ability to remember the connection between two stimuli. In cybersecurity, this can mean the ability to remember connections between cyber incidents.

The brain of a neurodivergent sees possible patterns and connections in a sea of incidents and solves the problem without even realizing how it came to this or that solution.

Ensuring neural diversity in the cybersecurity team

The advantages of hyperfocus and nonlinear thinking for cybersecurity are obvious. However, neurodivergence in the team needs to be ensured, because its potential is unstable. There will definitely be moments when the minuses of a non-divergent type of thinking will prevail over the pluses. Leaders and other “neurotypical” team members should treat such cases with understanding, refrain from criticism and, if possible, provide assistance.

Neurodivergence and cybersecurity

In 2012, the then British Home Secretary Theresa May refused to extradite the British hacker Gary McKinnon to the United States, citing the fact that the man suffers from Asperger’s syndrome. McKinnon was accused of hacking the Pentagon and NASA and has never denied his guilt. Moreover, he didn’t even try to hide his tracks.

The same thing happened with Lauri Love, a British-Finnish hacker accused of hacking thousands of computers in the United States and other countries. The British authorities also refused to hand him over to the Americans because Love suffered from Asperger’s syndrome.

A recent example is the case of the alleged leader of the Lapsus$ cyber extortion group, who turned out to be a British teenager suffering from autism. The victims of Lapsus$ are Microsoft, Okta, NVIDIA, Samsung, Ubisoft, etc.

Society practically pushes young people with a neurodivergent type of thinking to computers, and at the same time to hacking. There is no ethical imperative in neurodiversity, so it is quite natural that some become cybercriminals. However, this is largely the fault of society, which is not able to offer an alternative.

Summing up, we can say that high productivity, or as people with a neurotypical type of thinking would call it, the mind of neurodivergents, whose interests include computers and the Internet, should not be discarded by the leadership of cybersecurity teams. Neurodivergents can be a valuable addition to the overall diversity of the team, but most importantly, they make highly qualified security researchers and analysts.