Hire the outlier: Cybersecurity and Diversity

The dictionary describes a human outlier as someone who thinks, learns or behaves differently from most people. This difference could be creatively, unconventionally or exceptionally. Human outliers exist in all industries and they are of various types. For example, the beautiful people with neurodivergent differences, people who are seen to not have the required degrees for a specific field but can think in ways in which those who have the degrees can’t think, people who understand systems by being obsessed and passionate about those systems and various other types of human outliers.

It is no longer news that organisations invest heavily in technology, threat detection systems as well as in various machines or models that can predict a threat even before it happens. Although this is a good approach, lots of organisations still forget that humans are the weakest link or the strongest defense with modern cyber threats.

Cybersecurity is a field or domain mainly built on anticipating the unexpected and should therefore not be perceived using a one sided approach.  Organisations who think about cybersecurity using a holistic view usually have more secure systems than those who don’t. These organisations usually broaden their thinking knowing fully well that hackers or cybercriminals who will hack or who hack systems are diverse. These hackers or cybercriminals come from various ethnicities, speak different languages, have worked with various systems, have different life experiences and understand various workflows. For example, a cybercriminal who has previous years of experience researching and hacking into the financial system in a part of the world might not find it very difficult hacking into the financial system in another part of the world - especially if the system that has been previously researched and hacked is a more secure system.

It has become very clear that if cybersecurity specialists all have similar upbringing, education and worldview, then their defensive strategies will become very weak, predictable and incomplete. Arguably, it can also be seen that organisations who hire people of the same nationality or race have very weak defence systems as compared to the ones who don’t. The reason is not farfetched and is due to the shortsightedness with which many organisations approach cybersecurity and hiring. Diversity in cybersecurity should not be treated as a feel good initiative, it should be viewed as a strategic advantage because in cybersecurity, outliers can spot vulnerabilities that others overlook.

Experiential perspectives that also improve defence strategies should not be overlooked as these ensures that the experts with such experiences approach problems from unique angles, challenge assumptions that other team members take for granted and have a perspective that fall outside traditional norms. Human outliers challenge group think.

A real life example can be seen from the story of  one of the world’s most famous hackers, Kevin Mitnick. He didn’t fit the conventional mould of a cybersecurity expert - he was self-taught, curious and obsessed with understanding systems. He hacked major corporations (like Motorola and Nokia) not for money, but to understand how things worked. After serving time, he used his skills for good - becoming a top cybersecurity consultant and educator, helping governments and companies strengthen defenses.

Sometimes, people who break systems know best how to protect them. Think differently when hiring cybersecurity experts. Hiring that outlier might just be what your organisation needs to break out of the group think syndrome and have a secure system.