The Autistic Spectrum IT/Cyber Security Recruitment Initiative

Daniel Browne, SSCP CEH, sets out his view on diversity and inclusion in the workplace for those along the Autistic Spectrum (AS).

The Autistic Spectrum IT CyberSecurity Recruitment Initiative | By Daniel Browne.jpeg
Diversity is being asked to the party, but inclusion is being asked to dance
— Verna Myers, VP for Inclusion Strategy, Netflix Inc.
 

By Daniel Browne

Traditional recruitment processes rely heavily on candidates having adept social interaction, ability to read body language, social cues and good eye contact. The recruitment process rewards those with rapid processing skills and ability to manage stress/anxiety levels. Within that process there is little or no inbuilt flexibility for different types of candidate, that may not necessarily possess those traits, but who could do the job equally well.

Success at interview is more challenging for those along the AS due to this, and frequently jobs are not offered as a consequence. This presents a difficult catch-22 situation for those along the spectrum. Experience usually comes with a job, but a job usually isn't offered without experience.

Where no experience occurs, unemployed people along the spectrum who wish to gain experience, have no avenue to gain the practical skills and knowledge required to make themselves more attractive to employers. Much to the frustration of intelligent, qualified and hard working AS people, who are unemployed or have difficulty getting work, the media reports skills shortages in multiple sectors. Cyber Security Ventures [2] estimated that there will be 3.5 million vacancies in IT/Cyber-security by 2021. Comparatively, those on the AS have an average unemployment rate of 80-84% [3]. A simple solution to unemployment of AS people would be for such individuals to fill roles where there are skills shortages. The cornerstone would be to put the correct infrastructure in place to support these individuals and to remove prejudicial barriers.

Despite disappointingly high unemployment levels, some great initiatives are emerging to help AS individuals into employment. For example, Autism at Work [4] is a joint round-table initiative, promoted by JP Morgan and EY which is transitioning into Europe from the US with help from organisations e.g. Specialisterne and others.

There is a workbook to explain how it can be implemented.

I have personally derived limited benefit from such initiatives, as they are not universally utilized. I found, even where businesses are proactively pursuing equality and diversity in their recruitment, they often fail to understand how their policies and procedures fail to be inclusive. A popular phrase explains this, “Diversity is being asked to the party, but inclusion is being asked to dance” [1]. Many AS individuals will be asked to an interview, but how many are given the opportunity to work for the same company?

The Disability Discrimination Act caters mainly for those with a visible physical disability. Conditions such as Dyslexia and Higher Functioning Autism are considered "hidden" impairments for which adaptations to the workplace and recruitment processes are not made readily. Many companies claim equality and diversity accreditation such as the "Disability Confident" Accreditation, but many would consider these not fit for purpose.

So, what needs to change, and where to start?

  1. National and local government policies: National and local governments, local Chambers of Commerce, corporations, educational institutions/organisations could work with small and medium businesses (SMEs) to create projects allowing AS people to get employment. There are huge drives for Women in Tech, schools taking part in Cyber Competitions, Coder Dojos etc but this isn't happening on a grander scale for those along the spectrum.

  2. Cyber/ IT Security Academies: These would actively ensure skills expected of applicants are practised and job-seekers feel confident knowing what to expect on arrival at the workplace.

  3. Removal of employment barriers: Some existing initiatives are limited in that they are situated in large IT Centres like London, Dublin or Glasgow. Living outside these main cities is problematic. I have personally found a number of barriers to applying for attractive apprenticeships in the IT field, such as:

    • A) high living costs,

    • B) being ‘over qualified’ for apprenticeships which offer valuable work experience due to pre-existing university qualifications, and

    • C) age limitations.

What is working?

Immersive Labs is one initiative that has helped me gain practical experience and learn new skills. It provides evidence of completion and competence in various cyber-security modules.

They state "Objectives are designed to direct your learning, aligning a pathway of labs to a job role or specific knowledge area. You can assign yourself an objective from those we’ve already created or have one assigned to you."

This may be the only viable option for some applicants to show what they can do in the workplace.

Immersive labs provide evidence of achievement levels and bench-marking. This approach is very much under-utilized. Many companies could have approached dedicated cyber academies to recruit a suitable workforce, but have not yet done so.

Other good sites allowing skills to testing and learning include Practice-Labs through ITProtv, PentesterAcademy, ElearningSecurity, Cybrary, Hack The Box, or CTF365.

Looking to the future

I believe the way forward is to have a collaborative approach combining large private enterprises, public bodies, autism organisations and national & local governments, to encourage SME's through placements or to work on community based projects that allow AS People to build up their practical knowledge and skills experience. A good avenue to assist such collaboration would be active participation from regional Cyber Clusters and IT Security Chapters of organisations like ISC2, ISACA & OWASP etc.

Some recent examples of these much-needed initiatives: the Organised Crime Task Force (OCTF) and National Crime Agency (NCA) have taken the revolutionary step of creating the "Cyber Choices" programme to hone and develop the skills of 500 children/young adults aged between 13-22 possessing significant technical skills. This helps them enter “White Hat” cyber employment and would prevent potential future participation in cyber crime/cyber-terrorism. Many of these individuals are on the Autistic Spectrum. [5] This example is a step in the right direction, particularly in providing guidance and recognizing talent that can be used for the common However, this is also another example of how candidates can be age excluded.

More Cyber/Infosecurity academies are required so as to have a presence in each region. This would allow those candidates living outside major cities to have a better career pathway. This approach can help AS People to engage and grasp opportunities to succeed in this field.

An opportunity exists to address these two large achievable challenges. Those with AS conditions could navigate a viable and successful route into sustainable employment and contribute positively to resolving the growing cybersecurity crisis that endangers the public at every age group.

References and links:

1. Verna Myers, VP for Inclusion Strategy, Netflix Inc.

2. https://cybersecurityventures.com/jobs/

3https://www.telegraph.co.uk/business/autism-in-workplace/neurodiversity-needs-recognition/

4. https://www.specialisterne.ie/

https://auticon.co.uk/

https://www.employ-ability.org.uk/

https://www.neurocyber.uk/

https://s3.amazonaws.com/disabilityin-bulk/2019/Autism_At_Work_Playbook_Final_02112019.pdf

https://www.disabilitynewsservice.com/purple-boss-raises-concerns-over-disability-confident-accreditation/

https://www.autism.org.uk/professionals/employers.aspx

https://www.rte.ie/news/2019/0530/1052615-autism-at-work/

https://www.algoodbody.com/insights-publications/autism-in-the-workplace

https://www.octf.gov.uk/test2/Cyber-Choices

5. https://www.telegraph.co.uk/politics/2019/06/27/police-target-500-potential-teenage-hackers-prevent-style-programme/#comments