(upbeat music) >> Narrator: From theCUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is theCUBE conversation. >> Hey, welcome back, everybody Jeff Frick here with theCUBE coming to you from our Palo Alto studios today for a cube conversation, you know we're like six, seven, eight months into this COVID thing. We're going to be dealing with it for a while. And one of the themes we've heard about over and over as kind of a result of COVID is an increased in the attack surfaces. More people are working from home or work from anywhere. And security has only been increasing in importance. And we're excited to have somebody from the alumni group who's been on before she is Sandra Wheatley the SVP marketing threat intelligence and influencer communications at Fortinet. Sandra great to see you. >> Thank you Jeff, I'm happy to be here. >> Yeah, I think actually I misspoke. We've had a ton of great Fortinet people on we've talked to John and Ken and Phil and Tony, but actually I'm not sure that we've had you on before, so great to have you. >> No, this is my first time. >> Awesome, so let's jump into it but we're going to take a slightly different tack today and we're not going to talk about the technology as much as this other pesky little problem, which is people. And, you know we know there's a huge skills gap in tech in general right. There's tons and tons of open recs. If you go into all the big sites and then security it's even a more specific and a more acute problem. I wonder if you can tell us a little bit about kind of your perspective on this problem, being a senior executive you know, at a security company, people is a big issue. How do you guys kind of look at the problem? How should people think about it and what are we going to do about it? >> Well, Jeff, you were completely right. The Cyber security skills gap. It's one of the biggest challenges that's facing organizations today. I mean if you look at the larger landscape, cyber crime is one of the fastest growing crimes in the world, in fact by 2021, it'll cost the world about 6 trillion in total. And so tackling this issue continues to be a big problem. And it's exasperated by this the skills gap we recently did a study of Fortinet and 73% of respondents acknowledged that at least one intrusion could be attributed to the lack of skilled professionals. So it's a huge problem. We know that it would take about 4 million professionals to close that gap. And in particular with COVID, it's become even more increased. We've seen a big uptick in attacks from cyber criminals, really targeting remote workers. It's a way into the enterprise network. We've seen a resurgence of ransomware and phishing targeting that workforce. And so as this threat landscape continues to increase it's definitely a problem that cybersecurity organizations public and private partnerships really need to tackle. >> It's interesting because we talk a lot about automation and we talk about the scale of the attacks and the scale of data and you know, everything is just going so up until the right that without automation, you know you have no hope and you need some help to basically separate signal from noise. That said you still need people. And really that automation is going to hopefully get the high visibility the high priority issues to the right people. But ultimately that's an enabler for a person, not a replacement for person, for people. And it doesn't take away this tremendous need for more security professionals. And the other thing that we hear Sandra over and over right, is that security is no longer a bolt on it's no longer, you know, you just build the wall around the outside of everything, right? It's got to be baked in throughout the entire process of the product development and deployment. So the importance and kind of the reach and the breadth of security people in the influence of the building new products and shipping new products has never been greater and yet we've got this huge shortage. >> Exactly and I think you touched on it. You know, what we're hearing from our customers is that they're really using this period during COVID to really take a long-term look at their cybersecurity investments and strategy. And so you're right increasingly organizations are taking more of a platform approach to security, where they have more automation integration and AI that's one help. The other area is organizations need to be making their employees more cyber aware because it impacts everyone even employees working at home organizations. We just released InfoSec training and we offered it we made it available for free, and it really enables organizations to help educate their employees about the risk of cybersecurity and helping them to understand not to hit on the phishing email because, you know, 68% of intrusions happened as a result of careless mistakes by employees. That's a big issue, but also really making sure that we bring more professionals into the industry. I like to say, there's no job security like cybersecurity. So at the beginning of COVID, we made all of our training free and to the public in general. And I believe we had 500,000 registrations in the first six months. So that really underscores the demand for cybersecurity skills. And then organizations can also really be tapping into underrepresented of demographics, like veterans like women who make up only 14% of the workforce overall. So there was a lots of things we can be doing and working together on this problem. >> Yeah, you touched on a whole bunch of things there. So let's unpack a couple of them specifically. One of the cool things about security is that you guys do work together and that there is a big benefit from working together. So it's a great place for kind of coopetition, especially as new threats come in and you guys can share that information. So there is an interesting kind of an ecosystem that there's, you know shared basically resources against the bad guys. But you guys did a really interesting thing with Salesforce, with the world economic forum specifically to go after this problem. So where did that come from, Why Salesforce? Why world economic forum and why take you know, kind of, I guess, out of the industry approach to really addressing getting more people as cybersecurity professionals? >> Well, for dinette as a founding member of the C foresee cybersecurity forum, it was created by the world economic forum about two years ago. And right from the beginning one of the initiatives that we began working on was to reduce the skills gap. And so we started working with the world economic forum Salesforce, which is another founding member and others to tackle this problem. And so we're provide all of our training we provide our training and curriculum on the salesforce Trailhead platform. We've also entered into another partnership with IBM, where we're providing our training on there as cyber skills platform. We're working with local universities like Berkeley and others to make sure that we're getting more of the curriculum into their certifications and degree programs. Interestingly enough, one of the issues with this challenges is that there's not a lot of universities offering degrees in cybersecurity, which is really surprising. And so we're seeing a lot more uptick and interest around awareness around this area. And so it's very encouraging to see the results of some of these partnerships. >> I don't, I mean, you I'm going to tease you kind of buried the lead but so people understand what you just said. You guys basically opened up your training catalog for free, during COVID as a reaction to help basically get more people trained. Am I getting that right? >> That's completely right. We saw that this is something that can really help our customers during this time. It's something we're committed to closing and we felt this was a really impactful way to help with that issue. >> That's amazing. And I saw you in an interview with Rob Rashad I believe is his name from your team. I wonder if you can, again, share with us some of the details in terms of the numbers of people that have gone through this program. Cause he mentioned them, somebody didn't write them down this is pretty significant numbers that you guys are running through this free program. >> Yeah, so we just passed a great big milestone of 500,000 certifications. Half of those have just been this year and that program's been in place for many, many years. So there's no doubt that this is something that's in huge demand. And so we continue to offer those trainings. This was one of the reasons why we just rolled out the InfoSec training for our customers and others to educate their employees. I mean, that's one point I think we had someone registering every seven minutes. And so the response to that was excellent. And that training program has eight different modules and the curriculum in that program actually provides credits for ISC, which is a a big certification in cybersecurity and CIISSP. So, you know, it's just an invaluable training program. >> That's wild, and again, it's free all the way, not just to register for, you know, the one-on-ones, but all the way through the certification process at the end. >> Well at the end, if you want to get the actual certification that's something that you can do separately after you do the training. Although we're working with some nonprofits to help pay for those certifications so that there's no financial burden to people. >> Wow, that's tremendous. And then the other piece that you mentioned but I just want to highlight it is the opportunity to go after underrepresented groups. And you specifically mentioned that you have a program for veterans and again, it seems so logical but some people just don't get it right. Then you've got a skills shortage and you've got a talent shortage. Why not tap into those markets and of those pools of people that are under utilized because, Oh, by the way, they probably have a bunch of good qualified people in there that you can leverage. >> That's exactly right, like vets if you look at take veterans for an example, they already have a lot of the skills that really work well for cybersecurity like situational awareness. They work very well under pressure. And so we started our veterans program about two years ago. And in addition to our training we offer mentoring curriculum, resume building, interviews skills building and now at this point, trained about a thousand veterans many have had jobs on one thing that we do that's different to other programs is that we bridge those candidates to our partners and customers who are looking for talent and really closed that whole loop. So it's not just about the training, but it's also finding them as well at the end of the training once it's been completed. >> Right, that's great. I also want to touch on another thing that you do beyond just training and this comes from you published a blog on July eighth of this year talking about overcoming the cybersecurity gap skills gap. But you talked about other things beyond just the people. And I want to highlight really some attitudinal things that you suggest for people to get over this world view, cyber security as an enabler, right? Not an obstacle recognize cybersecurity is a team effort. It's not just some superstar, get the C-suite involved collaborate on cybersecurity awareness and you know, thinking about these this issue at a little broader and a more kind of macro company-wide scale versus it's just the security people's job over in the security people's corner. And that's really the best way to take care of it. >> Absolutely, and that goes back to my earlier point. I mean the insider threat continues to be the biggest vector for attacks. A lot of times it's, you know, employees hitting on a phishing email I'm sure you've seen the increase in those. And so it's really, you're right. It's more, the responsibility just doesn't lie with the folks who lead the cybersecurity organization. We all have a responsibility to be much more educated and aware. And so I think you know, the board has to get them more involved. Executive management needs to make sure that they're providing the right training and education to their employees, that they're providing mentoring that the really encouraging more employees to move into cybersecurity and become certified. So there's lots of things that organizations need to be doing that include education training. And then also making sure that you're making the right technology investments so that you have an infrastructure in place that's agile and can be flexible enough to meet the increasing demands of the threat landscape. >> Right, I just wonder if you can share some insight on the conversation that happened before you guys opened this up to be free. 'Cause it's clearly, it's a move to do the right thing. It's a move to you know, to respond to the community that's suffering and it's something that you guys could do you had at your disposal, but I'm sure there was some naysayers in there they're saying "No, we can't give this away. This is super valuable stuff." How, you know how did you kind of make that decision to move forward? And I'm curious how it's kind of played out over time now that you've basically, as you said increased your exposure and people that are trained and you know, I'm sure a lot of positive, you know kind of second order benefits that you really didn't plan on when you were just trying to make a decision to help the community. >> Well, this was a decision that came from the top. Our CEO has always been committed to training. I mean, this is why we even started the program which our NSE program is one of the most robust in the industry. And so it's something that the founders have always been committed to. It's something that we've invested in. So there really wasn't any obstacles to doing this. This was something that everyone jumped on board with. The other thing is we really wanted to help our customers during this time. And we felt that this was one really meaningful way. We could help them by providing this training for free. And making sure that they have the talent that they need to really address all of the, you know, the expanding attack surface. But we were surprised by the demand and the response that was outstanding, right from the get-go. And so while we, you know, we've talked about this being offered to the end of the year we haven't really made any plans to change that. And so that it may continue beyond the end of the year because the demand is so great and the results have been so positive. >> Right. And I'm just curious, do you have in the training and I didn't go through exhaustively through the whole list of all the courses, but beyond just the professionals do you have all the basic training just for employees? I just don't click on the link. You know, it's so funny. I was at, I think it was RSA. One of the keynotes was a, a Cisco executive and she said you know, we tell people not to click links but that's what we do all day long. We click links, that's what we do, it's part of our job. And, you know, it's such a a weird behavior to tell people not to do. And I'm still confused how SurveyMonkey gets people to click on SurveyMonkey links but that's a different conversation for another day but I mean, are you offering the whole suite? And I just love to get your perspective as a security executive, when you talk to clients how to think about things beyond just the obvious you know, don't click on phishing emails and, you know, tighten up everything, but you know, more kind of high level how to think about security in this increasingly complex and dangerous world, if you will. >> Yeah, well, the training program has eight modules. It goes from the most basic training to the most advanced training. So our NSE one and two are really more about educating people about the threat landscape the threats out there, what it looks like the most basic emphasis security awareness around what you should do and what you should be looking out for. And all of our employees afforded that take that training. We take up to NSE 4, that's, something that's mandated. And so at the very basic level all organizations should be leveraging those modules for their employees and for individuals who are just interested at large. And then it really advances very quickly after that. And it's the most advanced, you know, it covers, you know cloud, the whole attack surface, AI, threat intelligence. And actually, as I mentioned earlier, provides credits for some of that top cybersecurity certifications in the industry, especially at the level of CSO. So it's very broad, it's extremely robust. And addition to those modules we also have what we call fast track training and that's really utilized by our customers and partners. And that's more focused on specific technology areas. It's very condensed, it may be a day or two days. And the demand for that has been phenomenal. So that's been another program we added about two years ago. That's been very well received. >> Wow, well, good for you guys. Good for you guys for making a proactive move in a very positive way to help your customers and help the community at large. It's just great to see, these are just tough times. They're going to be tough times for a little while longer. So, you know, it's nice that you have resources available that you're able to make to make available to the larger community. And I'm sure it's nothing, but goodness will come from it. So good move by you guys. And I'm sure there's a lot of tangential benefits as well. >> Thank you Jeff. >> Well, thank you Sandra for sharing the story and great to meet you and expand our our community over on the fourth tenet side, we've had a lot of great guests over the year so it was great to great to have you on as well. >> Thank you very much. We really appreciate all the support. >> Absolutely, thank you. All right, so go out and get your free training. Go to fortinet.com and sign up and you too could be a security expert, or at least as far as you want to go all the way up to certification. I'm Jeff, she's Sandra you're watching theCUBE. Thanks for watching, we'll see you next time. (upbeat music)