(upbeat music) >> Welcome to this CUBE Conversation, I'm Lisa Martin. I've got two guests from Fortinet with me next talking about an very interesting topic that's something that always piques my interest, cybersecurity, and some of the things going on with respect to that. Sandra Wheatley joins us the SVP of marketing, threat intelligence and influencer communications at Fortinet. Sandra, it's great to see you again. >> Thank you, Lisa. I'm delighted to be here today. >> Lisa: Good and Rob Rashotte is here as well, vice-president, global training and technical field enablement at Fortinet. Rob welcome to the program. >> Hi, great to meet you Lisa. Nice to be here. >> Likewise. So since I last saw Fortinet we've had such a challenging year as we all know, that's an understatement, but one of the things that happened so quickly was the distribution of the workforce. And there were already preexisting gaps in IT Visibility and teams being siloed, security teams being siloed as well exacerbated distinct cybersecurity skills gap. So Sandra I want to start with you. Talk to us about what's going on with the cybersecurity skills gap and how it's impacting organizations today. >> Thank you, Lisa. While the cybersecurity skills gap continues to be one of the biggest challenges facing security organizations today, as you know, the cybersecurity space is very dynamic. It's constantly changing and we saw this even through COVID with more people working from home or being educated from home. Cyber adversaries are using remote workers as a way into the enterprise network. And so security organizations today are facing a lot of complexity. They deal with billions of alerts that come in every day and a lot of these have to be managed manually and they just don't have the professionals to keep up with that. So it continues to be a big issue facing organizations. We have seen some progress about a year ago. It was estimated that we would need 4 million professionals come into the industry to close the gap. We are now at probably a little bit over 3 million. So there is progress being made but we still have a long way to go. >> Yeah, good progress there. But what I mean, one of the things that we saw so quickly was with the distribution center was suddenly, there were tons of trusted devices that were off the network perimeter where all these keep going, "Use your own device at home until we can get you something provisioned on the network." So huge challenge that was almost like a light switch for people in any industry. Rob, talk to me from your perspective the ongoing cybersecurity skills gap. What are some of the things that you were seeing through your lens? >> Yeah, well, I mean it has certainly changed our focus over the last year with the pandemic and the change in workforce and so on. And I think as a cybersecurity vendor, a lot of the times when we talk about training and the skills gap we often tend to think pretty quickly about engineers and technical training and like this has really opened up our eyes too. We need to really broaden our scope when we're talking about training and closing the skills gap, because it's a lot more than just engineers. So we've had to really focus more on really anyone sitting in front of a computer screen and ensure that programs are available for people that are working from home that need to understand, the fact that security is just as big an issue if you're working from home or working from the office. So it's really broadened our scope in terms of who we're delivering training to and within a number of our programs, actually, that has happened. When we're dealing with we have a lot of academic partners that we deliver training with them. And one thing that's happened there is we we've traditionally dealt with engineering schools within our academic partners but now we're starting to see a lot of business schools coming and talking to us about delivering training within MBA programs and so on. So that business leaders can start understand, the need to be addressing cybersecurity in the boardroom for example, not just within the it department. So it's I guess the one thing I would say is it's really broadened our scope in terms of who the audience is for cybersecurity and the skills gap is a, you know it impacts a lot of different areas in the organization. >> Yeah, you brought up a great point there that elevation of security to the board level is critical. As we saw like big spikes and things like Ransomware last year. Ransomware getting much more sophisticated kind of playing on people's concerns for buzzwords like COVID-19 for example, and I talked to a lot of organizations where security is at the board level but the talent gap is another challenge. Sandra talk to us about what Fortinet is doing from a partnership perspective to help shrink that gap. >> Well, it's interesting because if you were to do a survey of people about where the responsibility lies to train more professionals for the industry, you'll see a split about 40% of people feel like academia should be providing the training and the curriculum to bring more professionals into the industry. And then others feel like it's a mix between corporate private public partnerships. And that's something that Fortinet believes in. We are tackling this issue on multiple fronts. We recently launched our TAA initiative or our Training Advancement Agenda, and a lot of the pro programs that Rob manages are part of that agenda like our free NSE training, our security academies, but we're also working with a lot of global partners, corporate partners like Salesforce, and IBM. We're also working with the World Economic Forum on this initiative because we really believe it's a joint effort to really make a difference. And so, for example, with Salesforce we provide some of our curriculum and training for free on their training platform, the same with IBM. And we'll continue to scale these partnerships because with these partners, we can reach more people and accelerate the impact that we can have overall. >> Absolutely that ability to expand it especially as we saw such a change in the cyber threat landscape last year as you said, Sandra you've made great progress needing, you know, a deficit of 4 million folks down to 3 million, but also looking at the opportunity to try to find more folks leveraging partners and to rubs point elevating the conversation or expanding that scope. This isn't just a problem for IT and security folks. This is a challenge across the organization that the board needs to be focused on because we've seen in this rapidly changing last year organizations and enough peril in trying to pivot their businesses. And then you add on some of the cyber threats. Rob can you talk a little bit more about the TAA initiative? I know that about your Network Security Expert program NSE program, you guys also do FortiVet program. Tell us a little bit about some of those programs and maybe some of the things that you've done to broaden the scope during the last year. >> Yeah, it certainly can. I mean, there's a number of programs that make up the agenda and you know we've widened the scope in terms of the audiences that we're looking at. But also as Sandra mentioned, trying to expand our reach as ordinary, obviously we have a reach into our partners and our ecosystem, but the ecosystem of the IBM's and the world economic forums and so on go far beyond our reach. But one of the things that we were able to do as a company almost exactly a year ago, we made the conscious decision that the training curriculum that we've built, we wanted to make it available to as many people as we possibly could. So we we've made approximately 400 hours worth of cybersecurity training available to anyone that wants to sign up and take the training in self-paced format, where they want to take it, when they want to take it. So that was a big commitment on our part and that training continues to be free today and we'll keep it free until we start to see the skills gap closed but that that has resulted I guess it was about a month or two ago when we were tracking numbers that we've exceeded over a million registrations for that training, which really was validation to us that the demand for this training is massive. So that's helped us expand our reach but that training as well we're making it available for free, but we have all sorts of different types of partners who are taking that training and making it three free through their learning portals as well. So it's really expanded the reach in that way. You know, another area that we've really focused on is partnering with nonprofits who are representing underrepresented groups. So you mentioned the veterans program that's been a program we've had for quite a while now, but we've looked at that program and thought, well, you know, we can definitely replicate our efforts there and look at other groups as well and start to see how we can partner with different NGOs to really address the diversity and inclusion, within the cybersecurity industry. 'Cause, you know, I think one thing that's interesting here is because of the skill shortage, a lot of hiring managers have had to start to look at recruiting through non traditional streams. And that that can be, you know, looking at if we have policies that say, we must hire people with four year degrees. Well, maybe we want to take a look at that and see well is that really necessary for all the jobs that we're looking at? Maybe we could look at shorter programs even high school students but then also looking at underrepresented groups it is a great way for us to take a look at this skills gap in cybersecurity and align it with our diversity and inclusion initiatives, internally within our organizations and see how we can bring that to bear on problem and really start to have the same time, create a much more diverse workforce within cybersecurity while we're trying to close that skills gap. >> I love that what a great opportunity to expand upon that. I wanted to ask you just really quickly, Rob she said 400 hours of free cyber training available over a million registrations so far. You're right, that definitely shows the demand. I'm curious when we think of backgrounds we think are these, you know need to be IT folks. Is that curriculum broad enough so that somebody with a marketing degree or somebody that doesn't have a degree could kind of get in on level one and start learning their way up the security stack? >> Yeah, it is a very broad scope. When we look at the catalog, it is multiple levels. And in fact our network security expert program it's an eight level program. And the first couple of levels of that program are applicable to anyone that needs an awareness of cybersecurity and the issues. So, yeah, it's perfect. And `in fact the level one of that program is something that we've integrated into a new service offering which is our Cybersecurity Awareness Program that companies can implement internally to provide that base level of cybersecurity awareness to all of their employees. And then as you go up to level two, three, four and five, and so on, it gets more and more technical right up to the NSE level or we're talking about, you know, architects engineers are developing very large critical cyber security infrastructures. >> Lisa, you bring up a very important point that I'd like to make a comment on. There's this misconception that you need a degree in Computer Science or some other technical degree to be in cyber security. And that's absolutely not the case. In fact, half the people in cybersecurity don't have a degree in any Computer Science program, et cetera, but you know there's a lot of skillsets and backgrounds that really map well to cybersecurity. And it's a very broad industry. There was new roles coming all of the time. So I would encourage people to not let that be a barrier to getting into this industry. And in fact our Veteran's program has been extremely successful because people coming out of the defense forces have a lot of the skills that match very well to cyber security like attention to detail, situational awareness, the ability to work under pressure. So it's definitely a misconception that the industry needs to correct. >> I couldn't agree more, especially as the daughter of a Vietnam Combat Veteran and I love what you guys are doing with veterans but you're right. There's so many other skills that people have that are so transportable and transferable that, and it's such an exciting industry. I mean, we all have a million devices scattered around. I think with those new Apple tags that if I put one on my dog's collar, my dog's going to be a connected device. There's so many opportunities to learn but there's also more exposure. The more people that have different backgrounds I think just that with that thought diversity alone, organizations in any industry can benefit. Sandra talk to us about how partners are taking some of these programs and rolling them into their own to help kind of open that door wider as you say, to make sure that barrier isn't there and also get more folks aware of what they can learn. >> Yeah, the encouraging thing is I just see a lot more creativity around this issue. If you think about it, the lack of diversity in IT has been a challenge for everyone that the issue in cybersecurity is just a manifestation of that. And one of the reasons is that it's particularly cybersecurity. A lot of people don't understand how to get into the industry, or they have a lack of awareness about the different types of roles. And we see this in particular with women and young females as well as underserved minority groups. In fact, the veterans program is one way to bring more of that diversity into the industry. And if you think about it today, women make up about 24%. I think it's single digits for underrepresented groups. So we have a huge opportunity there. And I think somehow working with our partners we're doing a lot of different things. Not only are we providing our curriculum and our training and the technical support, but we're also done a lot of work around mapping roles and the steps you need to take to, to achieve those roles. So we've created that for different roles, and we've shared that with some of our training partners and they provide that information on their training platforms. We also regularly have done a lot of different podcasts and interviews with women and minorities have gone through the industry and been very successful talking about how they did that and how they got there. We're working with lots of nonprofits like Women in Cybersecurity speaking to people out there providing them the support. So it's a multi-phase approach. And I do think that private industry need to be doing things like creating entry level kinds of roles to bring more people in the industry and recruit differently. But the good news is there's a huge amount of awareness around this, and you definitely see companies doing a lot more, as well as our partners. >> Well if I could just touch on something there, well Sandra is talking about the different career roles and so on. The industry can get pretty complicated pretty quickly when we're talking about different roles. And there's a lot of buzzwords. And you know when people are looking at this and say, well, how do I even get into this industry? It sounds very technical complicated. And, you know, there are a number of different career patching tools that you can find out there around cyber security but when there's too many of those that even gets confusing. So the career paths that we've developed, we've done that in conjunction with NICE and there's an initiative called the NICE Framework which stands for National Initiative for Cyber Security Education. And so the pathways that we've developed map to that. So, you know, that's one thing I'd like to encourage other organizations to make sure that we're all following that framework so that as we're providing these career paths to people we're using the same terminology. We're using the same titles and career paths and so on. So it just makes it a little bit more understandable for people to pick a path that they want and then start their journey. >> I also think exposing students earlier in their education about cyber security is really important. In fact, we're just released a book called "Cyber Safe" and it's targeting elementary school children and their parents and making them more aware of cybersecurity, the risks, how they should behave online. It talks about cyber bullying and it also helps has guidance in there for parents. And this is a book that we're making freely available to underserved schools and it can easily be accessed online. We've had great reviews, but it's all part of our TAA efforts to educate and make people more aware about the opportunities on the industry overall. >> I love that, Sandra our SVP of marketing. Is there a URL that you can give our audience where they can find that free resource? >> Yes, you can find that I believe on our NSE training page. You can just go to fortinet.com NSE and or TAA and you will find information about how to get the book. >> Excellent so fortinet.com search TAA or NSE you'll find that information. I'm going to check that out myself 'cause maybe you know, for adult children of parents who also need some cybersecurity help I think I might check that out for myself. >> You can (indistinct) copy Lisa. >> Thank you, excellent. It's been great talking to you guys. This is such an interesting topic. I love the efforts that Fortinet is doing to close those gaps and also what you're doing to bridge that with the diversity and inclusion efforts brought out. That's a great effort, Sandra, Rob thank you for joining me today. >> Thank you, Lisa. >> Thank you, Lisa >> For Sandra Wheatley and Rob Rashotte. I'm Lisa Martin. You're watching this CUBE conversation with Fortinet. (gentle music)