Wired Differently: Why cyber attracts neurodiverse minds — and why that should change how we lead
There’s a running joke in security circles that nobody ends up in this industry by accident. And if you spend enough time around security professionals, you start to notice something. The hyperfocus. The pattern obsession. The inability to let an unsolved problem sit quietly. The 11pm Slack message that wasn’t urgent, except that it was — at least in someone’s head.
It’s not a coincidence.
Cybersecurity, almost by design, is a field that rewards the way a lot of neurodiverse brains naturally work. Threat modelling is pattern recognition at scale. Penetration testing rewards unconventional thinking and the refusal to accept the obvious answer. Incident response demands the ability to hyperfocus under pressure, hold multiple competing hypotheses simultaneously, and stay with a problem long past the point where most people would walk away.
ADHD. Autism spectrum. Anxiety. Dyslexia. These aren’t disqualifiers in security — in many cases, they’re quiet superpowers. The industry didn’t intentionally design itself this way. It just turns out that when you build a profession around adversarial thinking, systems complexity, and an ever-shifting threat landscape, you accidentally create a home for minds that were already wired for exactly that.
The problem is we’ve never really acknowledged it. And that silence is costing us.
The other side of the coin
The same traits that make someone exceptional at hunting threats make it genuinely hard to disengage. When your brain is built to spot anomalies, it doesn’t clock off at 5pm. It keeps scanning. The news becomes threat intelligence. A quiet week on the dashboard feels like the calm before something you missed. Social events get mentally risk-assessed.
I’ve worked alongside some of the most capable security professionals I’ve ever met — people who could dismantle an attack chain at 2am with the same clarity others bring to their morning coffee. And I’ve watched some of those same people quietly disappear from the industry. Not fired. Not headhunted. Just… gone. Burnt out and done.
We frame the talent shortage in security as a pipeline problem. Not enough people coming in. But I’d argue we have a retention crisis dressed up as a recruitment crisis — and at the heart of it is a culture that celebrates the grind while ignoring the cost.
What we get wrong
Security culture has a complicated relationship with exhaustion. We wear late nights as a badge of honour. We joke about caffeine dependencies and call it personality. We build on-call rotations that would make an ER nurse wince and then express surprise when attrition spikes.
For neurodiverse professionals, this is compounded by something less visible: masking. Many people on the spectrum, or managing ADHD or anxiety, spend enormous energy every day simply appearing “normal” in professional settings. Sitting through back-to-back meetings when your brain craves deep uninterrupted work. Performing calm during an incident when your nervous system is at capacity. Navigating unwritten social rules in team environments that nobody ever explained.
That energy expenditure is invisible to most leaders. But it’s real. And it accumulates.
The people who burn out often don’t complain loudly. They become quieter. They stop contributing in meetings. They start doing the minimum. And then one day they hand in their resignation and you’re blindsided, because nobody asked the right questions six months earlier.
A different way to think about it
This isn’t a call for a sweeping HR overhaul or a neurodiversity hiring initiative (though neither of those are bad things). It’s simpler than that.
It’s about recognising that your best security people may not need a team lunch or a ping pong table. They may need genuine flexibility. Autonomy over how and when they do deep work. Async communication options that don’t require performing sociability on command. A manager who notices when they’ve gone quiet and checks in without making it a performance review.
Psychological safety in security teams isn’t a soft concept. It’s operational. When people feel safe, they report near-misses. They flag concerns early. They ask for help before something becomes an incident. When they don’t, they manage problems quietly until they can’t — and then they leave.
I’ve sat in enough rooms, and had enough candid conversations with people across the industry, to know this isn’t unique to any one organisation. It’s structural. And it starts with leaders being willing to look at it clearly.
The person still at their desk at 11pm
There’s someone in your security team right now whose brain hasn’t stopped running since they started this morning. They’re probably your most capable analyst. They probably haven’t told you they’re struggling, because in this industry, struggling reads as weakness.
The question worth sitting with isn’t whether they’re productive. It’s whether the environment you’ve built will still have them in it two years from now.
We built an industry on people who think differently. The least we can do is lead them the same way.
If this resonates — whether you’re in security, leading a team, or just someone who recognised themselves somewhere in here — I’d love to hear your thoughts.
About the author
Tim is the founder of Cyberfy, a Victorian-based managed security and technology services provider. He works across cybersecurity strategy, infrastructure, and Microsoft 365 — and believes the human side of security is just as important as the technical stack. Cyberfy works with organisations of all sizes to build security cultures that are sustainable, not just compliant.