To raise awareness and understanding of neurodiversity in the cybersecurity field, Michael Hasenfang, CISSP, shares his story of being a neurodiverse professional and what he has learned from it.
Disclaimer: The views and opinions expressed in this article belong solely to the author and do not necessarily reflect those of ISC2.
Cybersecurity was not just a career I fell into; it was something that resonated with how my brain works. From the beginning, I noticed I approached problems differently. Whether analyzing packet traffic or building incident response frameworks, I found myself immersed in patterns, precision and processes. What others considered tedious or overwhelming often felt natural to me. But for much of my 30-year career, I did not have a name for that difference. It was not until later in life that I was formally identified as neurodivergent. Here’s what I’ve learned as a result.
Recognizing Neurodiversity
My diagnosis did not suddenly change who I was — but it did provide clarity. It helped me better understand why specific environments drained me while others allowed me to thrive. It also helped me reframe challenges I once saw as personal shortcomings as simply differences in cognition, interaction and processing.
Over three decades, I have worked across nearly every domain of IT and cybersecurity, from endpoint management and infrastructure operations to enterprise architecture, regulatory compliance and cloud security. I have led diverse, distributed teams in highly regulated industries like healthcare and finance, built cybersecurity frameworks aligned to NIST, HIPAA and PCI, and rolled out governance models that protect both data and people. I have also had the privilege of teaching university-level cybersecurity and IT management courses. I am currently pursuing a PhD focused on leadership and innovation in enterprise technology and governance.
And through all of this, neurodiversity has been a throughline — even before I knew to call it that.
Addressing Challenges and Embracing Advantages
There were challenges, of course. Social cues in the workplace did not always land. Office environments that seemed energizing to others often overwhelmed me. I struggled with unsaid expectations, vague feedback and sudden pivots that lacked structure. In fast-paced, high-pressure roles, I learned to build personal regulation, communication and clarity systems to stay balanced and productive.
But there were also superpowers: hyperfocus during critical incidents, systems thinking in architecture and design and a deep, intrinsic drive to solve problems thoroughly. These strengths became the foundation of my leadership style — quiet, intentional and centered on building strong systems and strong people.
In recent years, I have become more vocal about my neurodiversity. I have shared my story with colleagues, mentored others navigating similar journeys and advocated for inclusive team building, hiring and professional development practices. I have learned that when we create room for different communication styles, sensory needs, or learning preferences, we do not just support neurodivergent professionals — we build better teams.
My Message to You
If you are a cybersecurity professional wondering whether there is a place for you — especially if you feel like your brain works "differently" — I want to say: not only is there a place for you, but this field needs you. It needs your depth, your discipline, your differentness.
Cybersecurity is uniquely suited for neurodiverse talent. Our field demands focused thinkers, abstract analysts, nonlinear problem solvers and people who see patterns where others see noise. But to fully unlock that potential, we need to move beyond surface-level awareness. We need cultures that celebrate cognitive diversity as much as skill diversity.
So, if you are a leader, consider how you support your team's varying needs. Do you offer flexibility in how people collaborate or communicate? Do you normalize written follow-ups for verbal discussions? Are neurodiverse voices represented in your leadership pipeline?
Looking back, I would not change the way I came up in this industry — but I do wish I had had more role models who looked and thought like me. It is one reason I wrote this article: to make sure the next generation of neurodiverse cybersecurity professionals knows they are not alone. Furthermore, that difference is not something to mask but something to embrace.
Michael Hasenfang, CISSP, has over 15 years of experience in regulated utilities, financial services, technology and managed IT sectors. He has held technical roles, with responsibility for infrastructure engineering, cloud platforms, cybersecurity operations and compliance. His cybersecurity work spans enterprise security architecture, regulatory frameworks and resilient technology operations.
