 From theCUBE Studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is a CUBE Conversation. Hey, welcome back everybody. Jeff Frick here with theCUBE, coming to you from our Palo Alto Studios today for a CUBE Conversation. You know, we're like six, seven, eight months into this COVID thing. We're going to be doing it for a while. And one of the themes we've heard about over and over as kind of a result of COVID is an increase in the attack surface, as more people are working from home or working from anywhere. And security has only been increasing in importance. And we're excited to have somebody from the alumni group who's been on before. She is Sandra Wheatley, the SVP Marketing Threat Intelligence and Influencer Communications at Fortinet. Sandra, great to see you. Thank you, Jeff. I'm happy to be here. Yeah, I think actually I misspoke. We've had a ton of great Fortinet people on. We've talked to John and Ken and Phil and Tony. But actually, I'm not sure that we've had you on before. So great to have you. This is my first time. Awesome. So let's jump into it. But we're going to take a slightly different tack today. And we're not going to talk about the technology as much as this other pesky little problem, which is people. And we know there's a huge skills gap in tech in general. There's tons and tons of open recs if you go into all the big sites. And then security, it's even a more specific and a more acute problem. I wonder if you can tell us a little bit about kind of your perspective on this problem, being a senior executive at a security company. People is a big issue. How do you guys kind of look at the problem? How should people think about it? And what are we going to do about it? Well, Jeff, you were completely right. The Cypress security skills gap, it's one of the biggest challenges that are facing organizations today. I mean, if you look at the larger landscape, cyber crime, it's one of the fastest growing crimes in the world. In fact, by 2021, it'll cost the world about six trillion in total. And so tackling this issue continues to be a big problem and it's exasperated by the skills gap. We recently did a study at Fortinet and 73% of respondents acknowledged that at least one intrusion could be attributed to the lack of skilled professionals. So it's a huge problem. We know that it would take about four million professionals to close that gap. And in particular with COVID, it's become even more increased. We've seen a big uptick in attacks from cyber criminals, really targeting remote workers. It's a way into the enterprise network. We've seen a resurgence of ransomware and phishing targeting that workforce. And so as this landscape continues to increase, it's definitely a problem that cybersecurity organizations, public and private partnerships really need to tackle. It's interesting, because we talk a lot about automation and we talk about the scale of the attacks and the scale of data and everything is just going so up and to the right that without automation, you have no hope and you need some help to basically separate signal from noise, that said, you still need people. And really that automation is going to hopefully get the high visibility, the high priority issues to the right people, but ultimately that's an enabler for a person, not a replacement for people. And it doesn't take away this tremendous need for more security professionals. And the other thing that we hear, Sandra, over and over, right, is that security is no longer a bolt-on. It's no longer, you just build a wall around the outside of everything, right? It's got to be baked in throughout the entire process of the product development and deployment. So the importance and kind of the reach and the breadth of security people and the influence of building new products and shipping new products has never been greater. And yet we've got this huge shortage. Exactly. And I think you touched on it, what we're hearing from our customers is that they're really using this period during COVID to really take a long-term look at their cybersecurity investments and strategy. And so you're right. Increasingly, organizations are taking more of a platform approach to security where they have more automation integration and AI. That's one help. The other area is organizations need to be making their employees more cyber aware because it impacts everyone, even employees working at home, organizations. We just released InfoSec training and we offered it. We made it available for free and it really enables organizations to help educate their employees about the risk of cybersecurity and helping them to understand not to hit on the phishing email because 68% of intrusions happen as a result of careless mistakes by employees. That's a big issue. But also really making sure that we bring more professionals into the industry. I like to say there's no job security like cybersecurity. So at the beginning of COVID, we made all of our training free and to the public in general. And I believe we had 500,000 registrations in the first six months. So that really underscores the demand for cybersecurity skills. And then organizations can also really be tapping into under-representative demographics like veterans, like women, who make up only 14% of the workforce overall. So there's lots of things that we can be doing and working together on this problem. Yeah, you touched on a whole bunch of things here. So let's unpack a couple of them specifically. One of the cool things about security is that you guys do work together and that there is a big benefit from working together. So it's a great place for kind of co-opetition, especially as new threats come in and you guys can share that information. So there is an interesting kind of an ecosystem that there's shared basically resources against the bad guys. But you guys did a really interesting thing with Salesforce, with the World Economic Forum, specifically to go after this problem. So where did that come from? Why Salesforce? Why World Economic Forum? And why take kind of a, I guess out of the industry approach to really addressing getting more people as cybersecurity professionals? Well, Fortinet is a founding member of the C4C cybersecurity forum. It was created by the World Economic Forum about two years ago. And right from the beginning, one of the initiatives that we began working on was to reduce the skills gap. And so we started working with the World Economic Forum, Salesforce, which is another founding member and others to tackle this problem. And so we provide all of our training, we provide our training and curriculum on the Salesforce Trailhead platform. We've also entered into another partnership with IBM where we're providing our training on there as Cypress Girls platform. We're working with local universities like Berkeley and others to make sure that we're getting more of the curriculum into their certifications and degree programs. Interestingly enough, one of the issues with this challenge is that there's not a lot of universities offering degrees in cybersecurity, which is really surprising. And so we're seeing a lot more uptick and interest and awareness around this area. So it's very encouraging to see the results of some of these partnerships. I don't, I mean, I'm going to tease you, kind of buried the lead, but some people understand what you just said. You guys basically opened up your training catalog for free during COVID as a reaction to help basically get more people trained. Am I getting that right? That's completely right. We saw that this is something that can really help our customers during this time. It's something we're committed to closing and we felt this was a really impactful way to help with that issue. That's amazing. And I saw, I saw you in an interview with Rob Rashat, I believe is his name from your team. I wonder if you can again, share with us some of the details in terms of the numbers of people that have gone through this program. Cause he mentioned them some, I didn't write them down. There's pretty significant numbers that you guys are running through this free program. Yeah, so we just passed a great big milestone of 500,000 certifications. Half of those have just been this year and that program's been in place for many, many years. So there's no doubt that this is something that's in huge demand. And so we continue to offer those trainings. This was one of the reasons why we just rolled out the InfoSec training for our customers and others to educate their employees. I mean, at one point, I think we had someone registering every seven minutes. And so the response to that was excellent. And that training program has eight different modules and the curriculum in that program actually provides credits for ISC, which is a big certification in cybersecurity and CISSP. So, it's just an invaluable training program. That's wild. And again, it's free all the way, not just to register for the 101s, but all the way through the certification process at the end. Well, I think at the end, if you want to get the actual certification, that's something that you can do separately after you do the training. Although we're working with some nonprofits to order to help pay for those certifications so that there's no financial burden to people. Wow, that's tremendous. And then the other piece that you mentioned, but I just want to highlight it, is the opportunity to go after underrepresented groups. And you specifically mentioned that you have a program for veterans. And again, it seems so logical, but some people just don't get it, right? Then you've got a skills shortage and you got a talent shortage. Why not tap into those markets and those pools of people that are underutilized? Cause, oh, by the way, they probably have a bunch of good qualified people in there that you can leverage. That's exactly right. Like if you look at, take veterans for an example, they already have a lot of the skills that really work well for cybersecurity, like situational awareness. They work very well under pressure. And so we started our veterans program about two years ago. And in addition to our training, we offer mentoring, curriculum, vitae, resume building, interviews, skills building. And we're now at this point trained about 1,000 veterans. Many have had jobs. And one thing that we do that's different to other programs is that we bridge those candidates to our partners and customers who are looking for talent and really close that whole loop. So it's not just about the training, but it's also finding them jobs as well at the end of the training once it's been completed. Right, that's great. I also want to touch on another thing that you do beyond just training. And this comes from, you published a blog on July 8th of this year talking about overcoming the cybersecurity gap, skills gap, but you talked about other things beyond just the people. And I want to highlight really some some attitudinal things that you suggest for people to get over this. One, view cybersecurity as an enabler. Right, not an obstacle. Recognize cybersecurity as a team effort. It's not just some superstar. Get the C-suite involved, collaborate on cybersecurity awareness. And, you know, thinking about this issue at a little broader and a more kind of macro company-wide scale versus it's just the security people's job over in the security people's corner. And that's really the best way to take care of it. Absolutely. And that goes back to my earlier point. I mean, the insider threat continues to be the biggest vector for attacks. A lot of times it's, you know, employees hitting on a phishing email. I'm sure you've seen the increase in those. And so it's really, you're right. It's more, the responsibility just doesn't lie with the folks who lead the cybersecurity organization. We all have a responsibility to be much more educated and aware. And so I think, you know, the board has to get a more involved executive management needs to make sure that they're providing the right training and education to their employees, that they're providing mentoring, that they're really encouraging more employees to move into cybersecurity and become certified. So there's lots of things that organizations need to be doing that include education, training and then also making sure that you're making the right technology investments so that you have an infrastructure in place that's agile and can be flexible enough to meet the increasing demands of the threat landscape. Right. I just wonder if you can share some insight on the conversation that happened before you guys opened this up to be free. Cause it's clearly, it's a move to do the right thing. It's a move to, you know, to respond to the community that's suffering. And it's something that you guys could do. You had at your disposal, but I'm sure there was some naysayers in there that are saying, no, we can't, we can't get this away. This is super valuable stuff. How has, you know, how did you kind of make that decision to move forward? And I'm curious how it's kind of played out over time now that you've basically, as you said, increased your exposure and people that are trained and, you know, I'm sure a lot of positive, you know, kind of second order benefits that you really didn't plan on when you were just trying to make a decision to help the community. Well, this was a decision that came from the top. Our CEO has always been committed to training. I mean, this is why we even started the program, which our NSE program is one of the most robust in the industry. And so it's something that are, the founders have always been committed to. It's something that we've invested in. So there really wasn't any obstacles to doing this. This was something that everyone jumped on board with. The other thing is we really wanted to help our customers during this time. And we felt that this was one really meaningful way we could help them by providing this training for free and making sure that they have the talent that they need to really address all of the, you know, the expanding attack surface. So, but we were surprised by the demand and the response that was outstanding right from the get go. And so while we, you know, we've talked about this being offered to the end of the year, we haven't really made any plans to change that. And so that it may continue beyond the end of the year because the demand is so great and the results have been so positive. Right, right. And I'm just curious, do you have in the training, and I didn't go through exhaustively through the whole list of all the courses, but beyond just the professionals, do you have all the basic training just for employees? Like just don't click on the link. You know, it's so funny. I was at, I think it was RSA, one of the keynotes was a Cisco executive, as she said, you know, we tell people not to click links, but that's what we do all day long. We click links, that's what we do. It's part of our job. And you know, it's such a weird behavior to tell people not to do. And I'm still confused how SurveyMonkey gets people to click on SurveyMonkey links, but that's a different conversation for another day. But I mean, are you offering the whole suite? And I just love to get your perspective as a security executive when you talk to clients to how to think about things beyond just the obvious, you know, don't click on phishing emails and, you know, tighten up everything. But, you know, more kind of high level, how to think about security in this increasingly complex and dangerous world, if you will. Yeah, well, the training program has eight modules. It goes from the most basic training to the most advanced training. So our NSC one and two are really more about educating people about the threat landscape, the threats out there, what it looks like, the most basic emphasis security awareness around what you should do and what you should be looking out for. And all of our employees at Fortinet take that training. We take up to NSC four. That's something that's mandated. And so at the very basic level, all organizations should be leveraging those modules for their employees and for individuals who are just interested at large. And then it really advances very quickly after that. And it's around the most advanced, you know, it covers, you know, cloud, the whole attack surface, AI, threat intelligence. And actually, as I mentioned earlier, it provides credits for some of the top cybersecurity certifications in the industry, especially at the level of CISO. So it's very broad, it's extremely robust. In addition to those modules, we also have what we call fast track training. And that's really utilized by our customers and partners. And that's more focused on specific technology areas. It's very condensed, it may be a day or two days. And the demand for that has been phenomenal. So that's been another program we added about two years ago that's been very well received. Wow. Well, good for you guys. Good for you guys for making a proactive move in a very positive way to help your customers and help the community at large. It's just, it's great to see these are tough times, they're going to be tough times for a little while longer. So, you know, it's nice that you have resources available that you're able to make available to the larger community. And I'm sure it's nothing but goodness will come from it. So good move by you guys. And I'm sure there's a lot of 10 gentle benefits as well. Thank you, Jeff. Well, thank you Sandra for sharing the story. Great to meet you and expand our community over on the Fortinet side. We've had a lot of great guests over the year. So it's great to have you on as well. Thank you very much. I'm really appreciate all the support. Absolutely, thank you. All right, so go out and get your free training. Go to Fortinet.com and sign up. And you too could be a security expert, or at least as far as you want to go, all with the certification. I'm Jeff, she's Sandra. You're watching theCUBE. Thanks for watching. We'll see you next time.