RETHINKING CYBER RECRUITMENT: ACCESSIBILITY DRIVING WINNING TEAMS

March 11, 2026

Inclusion in Cyber Security Recruitment: From Awareness to Action in Australia

As we recognise Neurodiversity Celebration Week this month, it is an important moment to talk about neurodiversity. But if we stop there, we miss the bigger opportunity.


Inclusion in cyber security recruitment cannot sit within a single awareness week or focus on one cohort alone. Neurodiversity is a critical part of the conversation, but so too are physical disability, chronic illness, mental health conditions, cultural background, gender diversity, First Nations representation and non-traditional career pathways.


The Australian cyber sector faces two realities at once. A persistent skills shortage and a workforce that does not yet reflect the diversity of the community it protects. According to the national strategy led by the Department of Home Affairs, Australia’s vision is for a flourishing cyber industry enabled by a diverse and professional workforce. The Inclusive Cyber Security Recruitment Guidance, developed with the Behavioural Economics Team of the Australian Government, provides evidence based actions to help get there.

At e2 Cyber, inclusion is not a side initiative. It is a commercial and strategic imperative. Recruitment systems shape who enters the industry, who progresses and who leaves. If those systems are narrow, the workforce will be too.


This blog explores what broader inclusion means in cyber security recruitment, why it matters, where barriers still exist and what practical action looks like in Australia today.


Beyond Neurodiversity: A Broader View of Inclusion

Neurodiversity is often the entry point to discussions about inclusive hiring in cyber security. And rightly so. Cognitive diversity aligns strongly with many cyber capabilities such as pattern recognition, structured thinking and analytical depth.


Inclusion in cyber security is often discussed through a single lens at a time. One year the focus may be gender diversity, another neurodiversity in cyber, another disability inclusion. While each conversation is important, viewing them in isolation risks overlooking the reality that people do not experience identity in silos.

The cyber workforce is made up of individuals with layered experiences, skills and perspectives. Some professionals may be entering cyber through non-traditional career paths after working in policing, intelligence, finance or the military. Others may bring lived experience navigating disability or chronic health conditions. Still others may come from culturally diverse backgrounds or regional communities where access to the cyber sector has historically been limited.

When organisations design recruitment systems that recognise this complexity, they unlock a far broader spectrum of capability.


A truly inclusive recruitment approach therefore considers a wide range of lived experiences and structural barriers, including:


  • Physical disability and accessibility
  • Chronic health conditions
  • Mental health and psychological safety
  • First Nations representation
  • Gender diversity
  • Cultural background and intersectionality
  • Socioeconomic barriers
  • Non-traditional pathways into cyber


In practice, these factors often overlap. An individual may be neurodivergent and First Nations. Or managing a physical disability while balancing caring responsibilities. Inclusion must account for complexity rather than assuming a single identity.


The core message we are seeing is that recruitment should be inclusive by default. That means designing processes that reduce bias and friction for everyone rather than implementing reactive adjustments once a barrier becomes visible.



The Commercial Case for Inclusive Cyber Recruitment

Australia’s cyber skills shortage is well documented. Threat actors are adaptive, persistent and increasingly sophisticated. Organisations require diverse thinking to defend against them.

Cyber security is ultimately about anticipating the unexpected. Attackers do not think in uniform ways. They exploit blind spots, assumptions and predictable patterns of behaviour. Teams built from similar backgrounds, training pathways and thinking styles can unintentionally replicate those same blind spots.

Inclusive hiring is therefore not just a workforce initiative. It is a defensive strategy. Diversity of thought increases the likelihood that risks will be spotted earlier, interpreted differently and challenged constructively before they escalate.


Inclusive recruitment delivers tangible benefits:


  • Wider and more dynamic talent pipelines in a constrained market
  • Reduced attrition through better role alignment
  • Increased innovation and risk detection
  • Stronger employer brand
  • Access to broader client and community trust


In cyber security, diversity is not symbolic. It is operational.


For example:

Professionals with lived experience of disability may bring heightened sensitivity to accessibility risks in digital platforms.

First Nations professionals may offer unique community perspectives relevant to public sector cyber initiatives.

Individuals from non-technical backgrounds may identify human vulnerabilities overlooked by purely technical teams.

Neurodivergent professionals may detect anomalies others miss.

Simply put, inclusion expands capability.


Where Recruitment Processes Still Create Barriers

Most exclusion in cyber recruitment is unintentional. It is embedded in habit.

Most hiring managers do not set out to exclude talent. In fact, many organisations genuinely want to build more inclusive teams. The challenge is that recruitment systems are often inherited rather than designed. Job templates, interview structures and assessment methods are reused from previous roles without asking whether they truly measure the capabilities required.

Over time, these inherited practices can unintentionally filter out capable candidates long before they have an opportunity to demonstrate their skills.


Overloaded Job Ads

Cyber job ads often contain extensive lists of skills, certifications and years of experience. Research shows that certain groups are less likely to apply unless they meet nearly every listed criterion. Excessive requirements shrink applicant diversity before assessment even begins.

Clear distinction between essential and desirable criteria is critical.


Ambiguous and Jargon Heavy Language

Phrases such as “excellent communication skills”, or “must thrive in a fast-paced environment” are vague. They may discourage capable candidates who interpret language literally or who do not identify with stereotypical workplace narratives.

Plain English and outcome focused descriptions benefit all applicants.


Inflexible Assessment Methods

Unstructured interviews often reward confidence and rapid social responses. They may disadvantage:

  • Neurodivergent candidates
  • Individuals with anxiety
  • Candidates from cultures where self-promotion is less common
  • Professionals with communication differences


Cyber security roles frequently require technical precision rather than conversational fluency. Assessment methods should reflect that.


Lack of Consideration for Accessibility

Assessment environments and locations may not account for:

  • Physical access
  • Sensory load
  • Fatigue management
  • Time zone differences for remote candidates
  • Accessibility should be considered proactively rather than reactively.
  • Fear of Disclosure


Many professionals living with disability or mental health conditions choose not to disclose due to fear of bias. If adjustments depend on disclosure, some candidates will never access them. Normalising conversations about working preferences reduces stigma and protects privacy.


Designing Inclusive Recruitment by Default

The encouraging news is that inclusive recruitment does not require radical transformation. Many improvements involve relatively small adjustments to how roles are described, how candidates are assessed and how conversations about working preferences are approached.


The guide developed by the DHA with the Behavioural Economics Team of the Australian Government emphasises a principle known as inclusive design by default. Rather than waiting for individuals to request adjustments, organisations can design processes that reduce barriers for everyone from the outset.


The following four structural pillars provide a practical starting point.


1. Design Accessible Job Ads

Before interviews begin, you shape who applies. Practical actions include:

  • Identifying and listing only essential requirements
  • Removing unnecessary years of experience criteria
  • Using clear, outcome-based language
  • Avoiding gender coded or exclusionary wording
  • Including flexible work options explicitly
  • Describing a typical day in the role
  • Encouraging applications from diverse backgrounds


For example, instead of stating “must have strong stakeholder engagement skills,” a clearer description might be “able to present technical findings to non-technical audiences and respond to their questions clearly.”

Clarity reduces ambiguity and cognitive load.


2. Offer Structured and Flexible Assessments

Assessment should evaluate capability, not conformity. Consider:

  • Semi structured interviews with consistent questions
  • Sharing interview questions in advance
  • Using scoring rubrics aligned to selection criteria
  • Offering work sample tests or technical challenges
  • Allowing reasonable time flexibilityBeing transparent about format and expectations
  • Providing options does not reduce rigour. It increases fairness.


In cyber security, simulated tasks can often provide stronger evidence of skill than conversational interviews alone.


3. Shift from Cultural Fit to Cultural Add

Hiring for cultural fit often reproduces existing team demographics and thinking styles. Cultural add asks what perspective a candidate brings that strengthens the team.


For example:

  • Does this candidate bring a different threat modelling lens?
  • Do they offer experience from adjacent industries?
  • Do they challenge assumptions constructively?
  • Structured panel discussions and diverse interview panels help reduce unconscious bias in hiring decisions.


4. Normalise Conversations About Working Preferences

Rather than singling out individuals, organisations can ask every candidate:

“What does a working environment look like when you are performing at your best?”


This allows candidates to share:

  • Communication preferences
  • Flexibility needs
  • Environmental considerations
  • Support structures


Framing adjustments as performance enablers rather than accommodations removes stigma. Universal design supports everyone.


Retention: Inclusion Beyond Recruitment

Recruitment is the gateway. Retention determines impact.


Inclusive retention strategies may include:

  • Structured onboarding processes
  • Clear pathways for progression
  • Ongoing conversations about working styles
  • Flexibility embedded in cyber team culture
  • Awareness of cultural and cognitive load
  • Support for employee resource groups
  • Ensuring remote staff are not disadvantaged


Cyber security can be a high-pressure environment. Sustainable inclusion helps reduce burnout and protects institutional knowledge.


Neurodiversity Celebration Week (and every day)

Neurodiversity Celebration Week provides a platform to talk about strengths-based narratives around cognitive diversity. But the broader inclusion agenda must extend beyond one week.


This week presents an opportunity for organisations to honestly reflect on how inclusive their recruitment systems truly are, and make the adjustments needed.


Practical starting points include:

  • Auditing your latest cyber job advertisement
  • Reviewing interview structures
  • Examining panel diversity
  • Downloading and reviewing the Inclusive Cyber Security Recruitment Guidance
  • Engaging with community organisations
  • Encouraging internal conversations about bias and barriers



The Role of e2 Cyber as Recruitment Partners

At e2 Cyber, inclusive recruitment is grounded in practice and we are on a constant learning and growth journey to improve practices. That means:

  • Challenging unnecessary selection criteria
  • Advising on structured interviews
  • Encouraging flexible assessment pathways
  • Advocating for reasonable adjustments
  • Protecting candidate confidentiality
  • Educating clients on cultural add over cultural fit
  • Recognising transferable skills from non-traditional pathways
  • Using these practices internally in our own hiring


We do not position inclusion as charity or compliance. We position it as strategic advantage and encourage others to do the same to supercharge their teams.


And we certainly don't position ourselves as the experts - we do align ourselves with them and put in the time and effort to absorb as much as we can, to then use in practice and share with our community as we are in this piece.


Our commitment extends to all those benefiting from more accessible work environments. It includes physical disability, mental health, cultural diversity and intersectional identity and more. Cyber security requires complexity of thought and recruitment must reflect that.


A Practical Call to Action for Australian Cyber Leaders


If you are a hiring manager we recommend:

  • Removing non-essential criteria from your next job ad
  • Clarifying outcomes and responsibilities
  • Structuring interviews with inclusion in mind
  • Offering work sample alternatives
  • Discussing flexibility openly


If you are building cyber teams at scale:

  • Invest in panel training
  • Standardise scoring criteria
  • Track diversity metrics
  • Evaluate retention data
  • Review progression pathways


If you are a candidate:

  • Know that alternative communication styles are valid
  • Ask about assessment format
  • Consider what environment supports your best performance
  • Seek cyber recruiters who are open to understanding and advocating for inclusive practice


Strengthening Cyber Security Through Inclusion


Cyber security is about anticipating risk, identifying blind spots and protecting systems from failure.

Recruitment systems are no different.


When hiring processes favour one communication style, one career pathway or one interpretation of professionalism, organisations risk overlooking individuals whose perspectives could strengthen their security posture.


Inclusive recruitment challenges those assumptions and asks a more important question: are we measuring the capabilities that truly matter for the role?


Inclusion is not about lowering standards. It is about removing irrelevant barriers so standards can be met by a broader group of capable professionals.


As Australia continues to build its cyber resilience, the workforce must reflect the diversity of threats, technologies and communities it serves.


The Road Ahead

Australia’s cyber security sector is entering a pivotal decade. Threat environments are expanding, technology ecosystems are becoming more complex and the demand for skilled professionals continues to outpace supply.


Meeting this demand will require more than simply producing more graduates or recruiting from the same established talent pools. It will require widening the lens through which capability is recognised.


Across government, industry and academia there is growing recognition that cyber talent does not follow a single pathway. Some of the most effective cyber professionals have backgrounds in psychology, law enforcement, intelligence, software development, linguistics or mathematics. Others bring lived experience that shapes how they perceive risk, resilience and human behaviour.


Inclusive recruitment therefore plays a critical role in shaping the future cyber workforce.

The conversation is finally moving from awareness to implementation. Organisations are increasingly asking practical questions about how their hiring processes can evolve to reflect the diversity of skills required in modern cyber operations.


For employers, the road ahead involves moving beyond statements of intent and embedding inclusion into operational processes. That means examining job design, assessment structures, leadership behaviours and progression pathways. It also means recognising that inclusion is not a one-time initiative. It is an ongoing capability that must evolve alongside the industry itself.


For the cyber workforce, this shift opens the door to a more accessible and dynamic profession. One where talent is recognised not just through conventional credentials, but through problem solving ability, curiosity, resilience and analytical thinking.


If Australia is to build the cyber capability required for the coming decade, expanding who can participate in the sector will be essential.


Final Thoughts

Cyber security is fundamentally about identifying vulnerabilities before they are exploited. It requires curiosity, scepticism and the ability to view systems from multiple angles.


Recruitment systems should embody the same principles.


When hiring processes favour one communication style, one career pathway or one interpretation of professionalism, organisations risk overlooking individuals whose perspectives could strengthen their security posture.


The conversation sparked by Neurodiversity Celebration Week reminds us that cognitive diversity is a powerful asset within cyber teams. But the broader lesson extends beyond neurodiversity alone. Physical accessibility, cultural diversity, mental health awareness and non-traditional career pathways all contribute to a more resilient workforce.


Inclusion, when approached thoughtfully, does not dilute standards. It sharpens them by focusing hiring decisions on genuine capability rather than convention.


For organisations across Australia’s cyber ecosystem, the challenge now is to translate intent into practice. That may begin with something as simple as rewriting a job description, restructuring an interview or asking candidates how they work best. Small changes at the recruitment stage can have long lasting impacts on team performance, retention and innovation.


At e2 Cyber, we believe the future strength of Australia’s cyber security workforce will depend on how effectively the industry embraces this broader view of talent.


The threats facing organisations are diverse, adaptive and constantly evolving. The teams defending against them should be just as diverse in their thinking, experiences and approaches.

Inclusive recruitment is not just good policy. It is good security.


Looking to build a diverse team and want to be supported? Contact our dedicated cyber recruitment agency specialists.


Let's Chat
Man smiling, wearing a black shirt, in front of a cybersecurity-themed background with a padlock symbol.

WHY CYBER SECURITY ROLES ARE EVOLVING FASTER THAN WE CAN HIRE

By e2 Cyber February 4, 2026
Cyber security roles are evolving faster than companies can hire, driven by skills shortages, expanding job scope, budget pressure and outdated recruitment models.
Man smiling in front of a digital circuit background.

AUSTRALIA'S CYBER SECURITY SHIFT - THE DEFINING 2025 MOMENTS STEERING 2026

By e2 Cyber December 11, 2025
A deep dive into Australian Cyber 2025 and how this year guides what is to follow in 2026 and beyond from our sit down with e2 Cyber director Jacob Bywater.
AISA Logo on black background with futuristic cyber swirls

EXPLORING AISA CYBERCON 2025 - AND WHAT'S AHEAD IN AUSTRALIAN CYBER

By e2 Cyber November 10, 2025
CyberCon Melbourne 2025 insights with Payton Vercoe on workforce design, human-centric security, AI, and leadership shaping Australia’s cyber security future
Woman with glasses coding on computer monitors.

CYBER SECURITY IN TRANSITION: FROM COMPLIANCE TO CULTURE

By e2 Cyber October 14, 2025
Australia’s cyber landscape is shifting from compliance to culture, where leadership, accountability and resilience define the evolution of cyber security.