When discussing employer diversity, equity and inclusion initiatives, arguments are often grounded in the business case: diverse perspectives result in better business outcomes.
That argument is true. But when it comes down to it, there is a clear justification for DEI programs that rises above all others. As Hyatt Chief Information Security Officer Benjamin Vaughn points out, “It’s the right thing to do.”
At Hyatt, this school of thought translates into real action via Hyatt’s cybersecurity development programs. The Bureau of Labor Statistics projects the rate of growth for jobs in information security from 2020 to 2030 will be 33 percent. Cyberattacks are only becoming more frequent, and security professionals are in high demand.
“There is a shining opportunity to get people who might not have been able to get into this field in past decades in the door and it’s a great field to be in, often with roles offering security and upward mobility,” Vaughn said.
However, cybersecurity is a highly technical field. It’s no secret that there is a shortage of experienced, specialized talent, especially across underrepresented demographics. Vaughn is countering this scarcity by embracing what he calls a “training” mindset on his team. Hyatt offers development programs, such as its RiseHY program, for students and entry-level candidates who may lack the formal training but have the right passion and culture fit.
Built In talked to Vaughn to learn more about the pathways and training programs providing great cybersecurity career opportunities at Hyatt.
Describe the career pathways and development opportunities available at Hyatt.
In the cybersecurity department at Hyatt, we highly value our existing colleague base, and we frequently hire at the more junior level because we like to invest in people. We’re committed to ensuring that our colleagues get the training and tools they need to do their jobs — and we rejoice when one of them gets promoted. The career path upward inside cybersecurity starts at the bottom and goes all the way to the top — some of the most senior leaders inside the department started at the most junior level, and I credit our investment in junior talent to their growth.
“Some of the most senior leaders inside the department started at the most junior level, and I credit our investment in junior talent.”
More broadly, we’re passionate about opening doors to new opportunities for our current and future colleagues. Through our RiseHY commitment, we’ve continued to collaborate with local community-based organizations to accelerate opportunity youth hiring through on-the-job training and employment opportunities across the globe.
For our current colleagues, we strive to have a talent experience that is consistent across Hyatt through our people playbook, which guides leaders to make decisions for their teams based on our purpose and values, with well-being, inclusion, and personal development at the core. Hyatt’s culture is centered on ensuring everyone is embraced and valued for who they are, while encouraging opportunities for growth and development through individual development plans, tools and training, and transparent, regular touch points with managers. Our commitment is to care for people so they can be their best and it starts with our colleagues.
How do you identify individuals who may have limited cybersecurity experience but have the right cultural fit to excel?
We look for the desire to create a feeling of safety and security. That’s a baseline human characteristic and we go in search of those people who are passionate and enthusiastic to learn and grow.
How does this approach to talent impact diversity on the team? Does it level the playing field for candidates from different backgrounds who may not have had access to training resources?
When my love of computers started in 1993, many of the people I met looked like me and this continued into the early 2010s, which posed a major issue when it comes to security. How can we create a feeling of safety for others when we don’t know what safety feels like for other people? Having diverse perspectives, especially on what it means to feel safe, is an incredibly important part of my job and our success as a company.
“How can we create a feeling of safety for others when we don’t know what safety feels like for other people?”
Taking this approach to recruiting talent naturally widens the talent pool — and increases diversity — which is crucial amid a massive shortage of cybersecurity skills and talent in the United States. Luckily, we’re starting to see some great programs, especially at historically Black colleges and universities, that are focused on developing cybersecurity talent to close that skills gap, but as leaders, we still have a large role to play when it comes to hiring, retaining, and investing in the talent, and that really starts with a mindset shift.
Often there are difficulties in filling IT and security roles with diverse talent, especially the senior positions and these challenges can be due to the concept of organizations needing someone who can “hit the ground running,” which can act as an exclusionary principle. If you need someone who can hit the ground running, it implies that you need someone with a broad depth of experience over time, and if you’re trying to find someone with 20 years of cybersecurity expertise and you flashback 20 years, what was the percentage of diverse candidates in that talent pool 20 years ago? I’d guess far fewer than today.
Buying into the concept that you need a senior person may inadvertently reduce the diversity of your talent pool. Given the pace of change with technology disruption and the competition for talent at all levels, we’re at a disadvantage if we limit the kinds of candidates we consider based on tenure. To combat this, leaders should begin prioritizing soft skills such as enthusiasm and culture fit, knowing the hard skills can be taught over time. This approach has allowed me and my team to gain some incredible talent that I thoroughly enjoy working with, which is a large reason I’m here five and a half years later when many CISOs stay at their organizations for less than that.
“Buying into the concept that you need a senior person who can hit the ground running, you may inadvertently reduce the diversity of your talent pool.”
Tell me why it was important to you to create these programs and opportunities?
Creating opportunities for our colleagues aligns with our purpose: we care for people so they can be their best. I remain focused on creating an environment where people can thrive — it’s the right thing to do, and it also makes us stronger.
Building a diverse candidate pool and team allows for more talent, which leads to a variety of perspectives, creativity, productivity and more. This goes hand in hand with the immense cybersecurity skills gap that we have in the United States.
“I remain focused on creating an environment where people can thrive — it’s the right thing to do, and it also makes us stronger.”
What are the benefits of building up talent from within?
There are a few key benefits. From a technical standpoint, hospitality companies are complicated, so by using an existing talent pool that understands how all the technology systems interact with one another, you are going to increase speed and the ability to defend our computing environment from a security perspective.
The second is attrition. Colleagues love Hyatt, and the average tenure is quite incredible. I believe that is largely due to our investment in them. Through that investment, we have the opportunity to lift them up, and they stay longer.
Lastly, our internet adversaries, the bad guys, stay close, communicate actively with one another, and work as a cohesive team. That’s why hackers are so effective at their jobs. To best defend our technology systems, we need to stay just as close and work as a team. The stronger our Hyatt team is, the better the chance we have to beat them.
What is the hardest part of this in-house training? What do people tend to stumble over, and how do they overcome it?
The only drawback is that it takes time. It takes a lot of time to train someone to be an expert at some of these technologies — it can take up to 18 months — and teach someone about the intricacies of the mind of a bad guy. Some organizations may feel that they don’t have that time, but I’d argue that if you invest the time upfront, then you’re less likely to lose colleagues in the long run.
What is the significance of this type of career development work? Why is it so important right now?
Besides the incredible opportunities it can provide for those who are new to the cyber world, it also fills the skills gap, which has rapidly widened in the last two years. The pace of innovation today is higher than ever before, and cyberattacks have only grown more frequent amid the pandemic.
Regarding the in-house internship program, what are some of the most gratifying experiences you’ve had in building this program?
The best days of my job are when we promote someone, especially someone who came to Hyatt in a junior role and is now reaching new heights in their career. There’s nothing more gratifying than that.
Is there anything else you’d like to say to prospective jobseekers about these resources?
Check out our jobs postings! On any given day, there’s usually a job posted in the cybersecurity department, and I would encourage you to learn more about the Hyatt family and apply for an open position. If you’re not sure what you want to do with your career, you should consider cybersecurity. There are innumerable subspecialties in the profession. There is a place for everyone in our field.
What would you say to someone considering joining the team at Hyatt?
“We care for people so they can be their best” is more than just Hyatt’s purpose, it’s our mindset too. It’s in everything we do. Caring is our superpower. We even take it to the point of empathizing with adversaries to understand how to address the challenges they present. Some of the adversaries that want to do us harm may be under a lot of pressure to be successful in their hacking. Some may have no other job prospects and won’t make money without it — or even feed their families. If we’re able to understand our adversaries’ motivations, we are able to better defend Hyatt so our commitment to care also helps us be better at our jobs in unexpected ways.
“Caring is our superpower.”