Cyber threat activity is at an all-time high. With the pandemic and rapid digitization of financial services that has accompanied it, cybersecurity professionals have never been in more demand. Yet we are facing an acute talent shortage; the industry effectively has negative unemployment. One way we are helping to solve this problem at Bank of America is to focus a piece of our recruitment and retention efforts on neurodiversity.

Neurodiversity is a medical term that encompasses a spectrum of diagnoses such as autism, Asperger’s, dyslexia, and OCD. It is not widely known that a superpower of neurodiverse people is that they process information differently, which can be a tremendous benefit to cybersecurity teams, especially in our current environment.

A Breakthrough Moment

My journey to becoming an ally to those who are neurodiverse started a few years ago. One of the women on the team is, in my opinion, one of the world’s best cryptographers, which is a deeply technical and mathematical skillset. I was chatting with her during one of our regular meetings, and she asked, “Did you know I’m neurodivergent?” I was taken aback; I’d never heard the term. She explained to me that she processes information differently, and said that I could do some things differently to help her be more successful at her job, including sending her an agenda ahead of meetings. That way, she would be able to prepare better answers, because she needed time to review the information and process. When I began doing that, she went from great to truly extraordinary. That is when I realized I knew nothing about neurodiversity.

So I held a town hall with our 3,000 Global Information Security employees from around the world where I and others talked openly about neurodiversity, and why we need these kinds of smart minds around our table. After the meeting, I got a flurry of emails from people saying they were neurodiverse or someone in their family was. I realized there was a potentially huge pool of untapped talent. In response, my team and I decided to be more intentional about how we both recruit and retain neurodiverse talent, as well as how we grow people’s careers.

Seeing Different Signals in the Noise 

Neurodiverse teammates make us a stronger organization. As with any institution of the size and scope of Bank of America, it is business-critical for us to anticipate what threat actors may do and, in response, put controls in place long before an attack hits us. So having a diverse and inclusive cybersecurity team is not just the right thing to do, it is an imperative. If you do not have people thinking about the problems in different ways, you are going to miss something. You are effectively giving a strategic advantage to your adversary.

Beyond that, there are specific – and highly sought after - cybersecurity skills that neurodiverse people seem to excel in, such as cryptography, data analytics, and reverse malware engineering. Their different ways of processing information enable them to see patterns neurotypical people like me do not.

For example, while we use machine learning and artificial intelligence to aid in processing the billions of alerts we get every day, those technologies are only as good as the models human design and the teammates overseeing them. After a month immersed in our data lake, one of our neurodivergent analysts came up with a new model to better understand whether people were handling information appropriately, which drove an improvement in our overall control structure. I already have some of the best data analysts in the world, but this one person was able to drive outcomes we had never thought of before simply because he thought differently about data.

That’s not to say neurodiverse people only function well in purely technical roles. Richard Branson is dyslexic, and therefore neurodivergent, but he is a CEO. Our goal is not to designate roles for neurodiverse individuals; it is to help craft career paths for them where they can succeed.

From Stigma to Superpower

The first step in harnessing neurodiversity for the benefit of the firm is to help people feel comfortable saying that they are neurodiverse. For that, having executive allies talk about it goes a long way. Once people feel “seen,” it creates a ripple effect and those who are neurodiverse see there is no penalty for being self-aware and open with who they are.

The more you learn about how neurodiverse people work, the more you learn how to help them be more effective at their jobs. Small changes in workflows or behaviors benefit not only those who are neurodiverse, but neurotypical teammates, too. One example is sending agendas ahead of meetings, as I described earlier. As our managers were trained to better work with neurodiverse teammates, they got better at working with everyone. For example, neurodiverse people tend not to do well with open-ended questions, so being more direct and asking for specific or even binary answers gets better outcomes. And it turns out that improves communication and results with neurotypical teammates as well.

So if you want to improve your company or your organization, adopting a neurodiverse hiring strategy is key. Understand that you don’t need to have all the answers before you embark on a program like this. Third party partners who have experience in this space can be valuable allies. We now work with a non-profit, Neurodiversity in the Workplace, on a program to both recruit and retain neurodiverse talent. It was important to me that the program not be a “bolt-on,” but that it be integrated into our entire hiring and retention strategy, just as those who are neurodiverse are fully integrated into our teams. In our most recent hiring sprint, we have hired more than 20 neurodiverse people onto my team. Interestingly, the percentage of people in this program who went on to get offers is higher than any of our other recruiting programs.

Fewer than one in six autistic people have full-time employment. And yet there are clearly highly talented people who are in this underutilized and often stigmatized group. My hope is that by sounding the call that we are committed to nurturing neurodiverse talent, those people will come and build careers with us instead of working in unsatisfying jobs.

The Insight

For firms committed to diversity and inclusiveness, adding neurodiversity into their strategy can only be of great benefit. Our firm is on a journey to represent the diversity of the customers we serve every day, which means our cybersecurity team needs to reflect that. Beyond being the right thing to do, we get better outcomes. Finally, given the severe talent crunch we face in cybersecurity at a time where cybercrime levels have never been higher, recruiting and retaining the relatively untapped pool of neurodiverse talent is a competitive advantage.

September 2021

© 2021 FS-ISAC, Inc. All rights reserved.

GL-Article_Sidebar
GL

The Global Leaders awards program recognizes those members who go above and beyond to support the security and resilience of the financial sector by sharing cyber intel and best practices, helping defend the industry against cyber risks.

Learn More

FS-ISAC members around the world receive trusted and timely expert information that increases sector-wide knowledge of cybersecurity threats.

Learn More