I’ve seen people with disabilities in online discussions and on the Social Engineer Slack channel exploring suitable career paths. It’s a common theme, as the topics of diversity, equity, and inclusion, buzz around the interwebs. And still, disabled individuals make up a startlingly small portion of the US workforce.

Based on the 2024 report published by the National Institute on Disability, Independent Living, and Rehabilitation Research, it is estimated that, as of 2022, 13.9 % of the United States population is living with a functional disability. That translates to roughly 46.2 MILLION people in the US alone. Of that population, only 44.5% of people with disabilities are employed vs 78.9% of the non-disabled population.

Many factors contribute to this issue, but in this newsletter, I will share my own experiences and perspectives on inclusivity in cybersecurity.

A Baseline for Understanding

As we begin to explore this concept, we must first start with an agreed upon definition of disability. For this we can look to the Americans with Disabilities Act (ADA), which is the federal law in the United States that prohibits discrimination against people with disabilities in everyday activities. According to the ADA: “A person with a disability is someone who:

has a physical or mental impairment that substantially limits one or more major life activities,
has a history or record of such an impairment (such as cancer that is in remission),
is perceived by others as having such an impairment (such as a person who has scars from a severe burn).”

These disabilities vary in scope and degree, but they all impact the daily lives of those who live with them. In many aspects, however, problems that arise are less an issue of disability than a lack of accessibility.

Reframing Community Perspective

Providing reasonable accommodations can create an equitable environment. This gives individuals with disabilities the same access and employment opportunities as able-bodied peers.

As a first step though, it is important to note that it’s not a bad thing to acknowledge disability. All humans use tools. Shoes help protect our feet from surfaces and objects. Various forms of transportation are used for getting around. Phones and computers allow us to transmit information globally. This is ALL adaptive technology! Sometimes the adaptive technology that one person needs differs from what another person needs. This shouldn’t be viewed as a deterrent or a burden, just a difference. It is simply alternative access! So perhaps we should be approaching this from a perspective of “I can’t do x, but I CAN do…”.

Now don’t get me wrong, I’m not trying to push some toxic positivity story about “overcoming disability and hardship.” Disability is a fact of life. I have a disability that will never go away. However, with the right tools, language accessibility, and supportive peers, I can pursue my passions in an equitable environment.

Information Security Industry’s Flexibility for Disability Accessibility

The field of information security is a massive umbrella that spans a lot of different focus areas. Far more than we can reasonably touch on here, but there are lots of resources out there to get a feel for the breadth of this industry such as this domain map on linkedin.

Information security has a lot of potential for remote positions and flexible work options. Advancements in accessibility tools such as captioning and screen readers work with many of the programs found in cybersecurity workplaces, though there’s still significant room for improvement in this area. The overlap between technology and human interactions also provides a massive scope to the industry that allows for various approaches to the same end goal.

Multiple groups are putting thought into how to expand the accessible nature of the information security industry, and their ideas are worth exploring further. A few examples include this webinar hosted by the National Institute of Standards and Technology (NIST) discussing creating equal opportunities for folks with hearing and vision loss, this article here discussing the suitability of the cybersecurity industry for those with mobility issues, this article discussing a bill that could establish a program within the Cybersecurity and Infrastructure Security Agency (CISA)’s Cybersecurity Education and Training Assistance Program to encourage underrepresented and disadvantaged communities to pursue careers in cybersecurity, and this article by SecurityWeek addressing harnessing Neurodiversity within cybersecurity teams.

The Value of Diversity in Social Engineering

Social engineering is, at its core, the art of human connection. It revolves around building rapport, finding common ground, and influencing others, through psychology rather than technology. Whether used for ethical persuasion or manipulation, social engineering relies on effective communication, keen observation, and sharp analytical skills. Diversity of thought is crucial to enhance problem-solving, creativity, and adaptability when addressing complex social challenges. A team with diverse perspectives, shaped by diverse backgrounds, experiences, and cultures, can anticipate a wider range of behaviors, motivations, and vulnerabilities.

This in turn helps teams better predict and defend against various social engineering attacks by considering diverse cultural norms and communication styles that attackers may exploit. By exploring varied viewpoints, organizations can improve resilience, ethical considerations, and strategic thinking, in social engineering and overall information security efforts.

At SECOM, the diversity of our team allows more realistic testing for clients. There is no single “type” of malicious actor. So, having diversity within our operations team helps us design the best possible pretexts and scenarios, and present them in ways reflective of what clients see in the real world.

The value SECOM places in maintaining a diverse workforce, and the team atmosphere has made it an ideal place to work as an individual with a disability. Check out our April blog on social-enginner.org coming out later this month for a personal glimpse into both the benefits and challenges that hearing loss has had on my experiences as a Human Risk Analyst with Social Engineer, LLC.

Written by:
Faith Kent
Human Risk Analyst, Social-Engineer, LLC