• United States



UK Editor

HSBC CISO champions neurodiversity awareness in cybersecurity

Jul 05, 20217 mins
Diversity and InclusionHiringIT Leadership

HSBC’s CISO for Asia Pacific Jonathan Scott-Lee discusses his aims as the organization’s ambassador for neurodiversity, the importance of neurodiversity in cybersecurity and cultivating a more neurodiverse technology sector.

Jonathan Scott-Lee, CISO at HSBC
Credit: HSBC

Neurodiversity within cybersecurity is progressively becoming a topic of regular, meaningful discussion across the sector. Despite chronic workforce shortages within the industry, neurodiverse individuals are typically underrepresented in cybersecurity roles and so are regularly a vastly untapped source of potentially hireable and skilled talent.

Research suggests the more diverse a workforce is in terms of thought process and problem-solving approaches, the more holistically effective its output can be under the correct circumstances. It is therefore important and increasingly common for organizations to place focus and resources on addressing recruitment, developmental, and cultural issues to better attract, support, and progress neurodiverse people within their workforces.

Jonathan Scott-Lee is CISO for Asia Pacific at HSBC and has recently volunteered to be the bank's regional ambassador for neurodiversity within digital business services teams across Asia Pacific. He is also the deputy chairman of the Cybersecurity Committee at the Asia Securities Industry and Financial Markets Association, an independent, regional trade association with over 150 member firms comprising a range of leading financial institutions. Scott-Lee previously held a part-time role as an adjunct senior research fellow at the National University of Singapore, researching the regulation of fintech. He began his career as a computer scientist specializing in machine learning and, after a few years working as a technologist in high-frequency trading, he retrained with a master's degree in law.

Speaking to CSO, Scott-Lee discusses his key priorities as the regional ambassador for neurodiversity and reflects on the wider issues of neurodiversity within the cybersecurity sector.

How does it feel to be the Asia Pacific ambassador for neurodiversity?

First and foremost, I'm proud to be able to serve HSBC as Asia Pacific CISO. It is the culture of HSBC that allows me to thrive. Coming into HSBC, I've been able to bring my authentic self to work, so not only am I able to share my own neurodiversity within HSBC, but it is also an organization that values my differences.

What are your key missions in the position and how do you aim to achieve them?

I want to leave a positive impact, and I feel that the most sustainable way to do that in this world is by doing what I can to serve others. I hope that raising awareness will help all of us--both neurodivergents and neurotypicals. One of the things I'd like to do is raise awareness of milder forms of neurodivergence, which are more pervasive than many of us realize. Change takes time, but it begins with small steps of faith. At HSBC, I have received a lot of support to be open about my neurodiversity. It is my hope that my experience in being authentic and transparent at work might give confidence to more people to be themselves, support one another, and create greater space for dialogue on these topics.

Being neurodiverse yourself, what challenges do you face?

I have both ADHD and Asperger's. Earlier in my career, I used to find certain tasks challenging. For instance, I am sometimes hyper-focused on some projects and can find myself working on parallel streams of work at any one time. At times, I can be socially awkward in a corporate environment, and I have to actively expend energy to recognize facial expressions so that I can understand the perspective of my colleagues. I have since found ways to manage my work better, interact with colleagues, and lead an effective team. Part of that is also with the partnership of my business manager and secretary, who support me with their diligence and organization.

How has the COVID-19 pandemic affected you?

COVID-19 has certainly made some things harder; routine is something that is really important to me and so is a consistent structure to my days. During COVID-19, my typical workday has become more fluid and I have to say, life can be a little disorienting without set routines. Furthermore, on a 2D video conference, I have found it trickier to visually read body language. That said, there are also positives because I can use emoticons to convey expressions whilst also parallel working effectively, thereby accelerating work.

Do you think the cybersecurity industry is currently neurodiverse enough?

Interestingly, I don't really look at neurodiversity in terms of areas of work and quotas. The more I learn about myself, and others, the more I realize that we shouldn't necessarily be seeking to increase quotas in an area like cybersecurity. Instead, the real focus should be on increasing awareness so that all of us--both neurotypicals and neurodivergents--actively appreciate the differences that we are able to bring to the table. We were all created differently, so what matters is accepting each other for our differences and building a diverse team where we can support and bring the best out in each other.

What challenges can neurodiverse people face in building a career in cybersecurity?

There are a number of different types of neurodiversity so this will pose challenges to different individuals. However, one of the reoccurring skills is the importance of stakeholder management, particularly at the more senior levels. Generally, neurodivergents find the emotional intelligent and social aspects of life more challenging. It's not insurmountable, but work-appropriate interpersonal skills that many people take for granted (such as not interrupting in a meeting), can take a lot of active thinking and effort for neurodivergents. So, whilst it seems that I can integrate fairly easily at the executive level, it's because I am actively working on it. I appreciate that HSBC recognizes this and accepts me for who I am.

What benefits do neurodiverse individuals within cybersecurity teams offer and why?

It's a typical generalization but quantitative topics are generally quite attractive to neurodivergents because of the focus on binary, dichotomous thinking over the subjectivity and emotional vagaries of qualitative topics. So, a highly technical area such as cybersecurity is fascinating for me. It's one of the most complex areas of technology as it necessitates a detailed understanding of multiple layers of technical aspects. Within cybersecurity--and even in most areas of technology--it is very difficult to truly understand everything unless you are hyper-interested or fascinated by it. Moreover, there are some methodologies and areas of technology which can also be appealing to neurodivergents such as the use of rapid agile techniques over the planning that is required for the traditional waterfall lifecycle development process. Fortuitously, the world is already becoming an increasingly welcoming place for neurodivergents.

Does there need to be more awareness of neurodiversity within the cybersecurity industry?

Yes, but not just the cybersecurity industry--technology as a whole and even broader, across the corporate world. I hope that my vulnerability and authenticity in sharing my journey will help others to see that it's okay to share, thereby raising awareness.

How can organizations attract and encourage more neurodiverse individuals into cybersecurity roles?

It's important to create an environment that brings out the best in everyone. That said, as we begin our journey of learning about how HSBC can better understand and value neurodivergence, I'd love us to figure out how we can support neurodivergents in their existing roles, rather than specifically targeting neurodivergents into different roles. This may inadvertently create another type of unconscious bias which is something we don't want to see.

UK Editor

Michael Hill is the UK editor of CSO Online. He has spent the past 8 years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security. A keen storyteller with a passion for the publishing process, he enjoys working creatively to produce media that has the biggest possible impact on the audience.

More from this author