 Welcome to this CUBE conversation. I'm Lisa Martin. I've got two guests from Fortinet with me next, talking about a very interesting topic that's something that always peaks my interest, cybersecurity and some of the things going on with respect to that. Sandra Wheatley joins us, the SVP of Marketing Threat Intelligence and Influencer Communications at Fortinet. Sandra, it's great to see you again. Thank you, Lisa. I'm delighted to be here today. Good, and Robert Schott is here as well, Vice President, Global Training and Technical Field Enablement at Fortinet. Rob, welcome to the program. Hi, great to meet you, Lisa. Nice to be here. Likewise. So since I last saw Fortinet, we've had such a challenging year, as we all know, that's an understatement. But one of the things that happened so quickly was this distribution of the workforce. And there were already pre-existing gaps in IT visibility and teams being siloed, security teams being siloed as well. Exacerbating existing cybersecurity skills gap. So, Sandra, I want to start with you, talk to us about what's going on with the cybersecurity skills gap and how it's impacting organizations today. Thank you, Lisa. Well, the cybersecurity skills gap continues to be one of the biggest challenges facing security organizations today. As you know, the cybersecurity space is very dynamic. It's constantly changing. And we saw this even through COVID with more people working from home or being educated from home. Cyber adversaries are using remote workers as a way into the enterprise network. And so, security organizations today are facing a lot of complexity. They deal with billions of alerts that come in every day. And a lot of these have to be managed manually and they just don't have the professionals to keep up with that. So, it continues to be a big issue facing organizations. We have seen some progress about a year ago. It was estimated that we would need four million professionals come into the industry to close the gap. We're now at probably a little bit over three million. So, there is progress being made but we still have a long way to go. Yeah, good progress there. But I mean, one of the things that we saw so quickly with the distribution standard was suddenly there were tons of trusted devices that were off the network perimeter or all these people going, use your own device at home until we can get you something provisioned on the network. So, huge challenge that was almost like a light switch for people in any industry. Rob, talk to me from your perspective, the ongoing cybersecurity skills gap. What are some of the things that you're seeing through your lens? Yeah, well, I mean, it has certainly changed our focus over the last year with the pandemic and the changing workforce and so on. And I think as a cybersecurity vendor, a lot of the times when we talk about training and the skills gap, we often tend to think pretty quickly about engineers and technical training. And what this has really opened up our eyes to is that we need to really broaden our scope when we're talking about training and closing the skills gap. Because it's a lot more than just engineers. So, we've had to really focus more on really anyone sitting in front of a computer screen and ensure that programs are available for people that are working from home that need to understand the fact that security is just as big an issue as working from home or working from the office. So it's really broadened our scope in terms of who we're delivering training to. And within a number of our programs, actually, that has happened when we're dealing with, we have a lot of academic partners that we deliver training with. And one thing that's happened there is we've traditionally dealt with engineering schools within our academic partners, but now we're starting to see a lot of business schools coming and talking to us about delivering training within MBA programs and so on so that business leaders can start to understand the need to be addressing cybersecurity in the boardroom, for example, not just within the IT department. So it's, I guess the one thing I would say is it's really broadened our scope in terms of who the audience is for cybersecurity and the skills gap is, it impacts a lot of different areas in the organization. Yeah, you brought up a great point there that elevation of security to the board level is critical as we saw a big spike some things like ransomware last year, ransomware getting much more sophisticated, kind of playing on people's concerns for buzzwords like COVID-19, for example. And I talked to a lot of organizations where security is at the board level, but the talent gap is another challenge. Senator, talk to us about what Portina is doing from a partnership perspective to help shrink that gap. But it's interesting because if you were to do a survey of people about where the responsibility lies to train more professionals for the industry, you'll see a split, about 40% of people feel like academia should be providing the training and the curriculum to bring more professionals into the industry. And then others feel like it's a mix between corporate, private, public partnerships. And that's something that Portina believes in. We are tackling this issue on multiple fronts. We recently launched our TAA initiative or our training advancement agenda. And a lot of the programs that Rob manages are part of that agenda, like our free NSE training, our security academies. But we're also working with a lot of global partners, corporate partners like Salesforce and IBM. We're also working with the World Economic Forum on this initiative because we really believe that it's a joint effort to really make a difference. And so, for example, with Salesforce, we provide some of our curriculum and train for free on their training platform, the same with IBM. And we'll continue to scale these partnerships because with these partners, we can reach more people and accelerate the impact that we can have overall. Absolutely, that ability to expand it, especially as we saw such a change in the cyber threat landscape last year. As you said, Sandra, you've made great progress, needing a deficit of 4 million folks down to 3 million, but also looking at the opportunity to try to find more folks leveraging partners and to Rob's point, elevating the conversation or expanding that scope, this isn't just a problem for IT and security folks. This is a challenge across the organization that the board needs to be focused on because we've seen in this rapidly changing last year organizations in enough peril and trying to pivot their businesses, and then you add on some of the cyber threats. Rob, can you talk a little bit more about the TAA initiative? I know that about your network security expert program, NSC program, you guys also do 40 vets program. Talk to us a little bit about some of those programs and maybe some of the things that you've done to broaden the scope during the last year. Yeah, certainly can. I mean, there's a number of programs that make up the agenda. And we've widened the scope in terms of the audiences that we're looking at, but also as Sandra mentioned, trying to expand our reach. As Fortinet, obviously we have a reach into our partners and our ecosystem, but the ecosystem of the IBMs and the world economic forms and so on go far beyond our reach. But one of the things that we were able to do as a company almost exactly a year ago, we made the conscious decision that the training curriculum that we've built, we wanted to make it available to as many people as we possibly could. So we've made approximately 400 hours worth of cybersecurity training available to anyone that wants to sign up and take the training in self-paced format, where they want to take it, when they want to take it. So that was a big commitment on our part and that training continues to be free today and we'll keep it free until we start to see the skills gap close. But that has resulted, I guess it was about a month or two ago when we were tracking numbers, we've exceeded over a million registrations for that training, which really was validation to us that the demand for this training is massive. So that's helped us expand our reach, but that training as well, we're making it available for free, but we have all sorts of different types of partners who are taking that training and making it free through their learning portals as well. So it's really expanded the reach in that way. Another area that we've really focused on is partnering with nonprofits who are underrepresented groups. So you mentioned the Veterans Program, that's been a program we've had for quite a while now, we've looked at that program and thought, well, we can definitely replicate our efforts there and look at other groups as well and start to see how we can partner with different NGOs to really address the diversity and inclusion within the cybersecurity industry. Because I think one thing that's interesting here is because of the skill shortage, a lot of hiring managers have had to start to look at recruiting through non-traditional streams. And that can be looking at, if we have policies that say, we must hire people with four-year degrees, well, maybe we wanna take a look at that and see, well, is that really necessary for all the jobs that we're looking at? Maybe we could look at shorter programs, even high school students, but then also looking at underrepresented groups. It is a great way for us to take a look at this skills gap in cybersecurity and align it with our diversity and inclusion initiatives, internally within our organizations and see how we can bring that to bear on the problem and really start to, at the same time, create a much more diverse workforce within cybersecurity while we're trying to close that skills gap. I love that. What a great opportunity to expand upon that. I wanted to ask you just really quickly, Rob. She said, 400 hours of free cyber training available, over a million registrations so far, you're right, that definitely shows the demand. I'm curious, when we think of backgrounds, we think of are these need to be IT folks, is that curriculum broad enough so that somebody with a marketing degree or somebody that doesn't have a degree could kind of get in on level one and start learning their way up the security stack? Yeah, it is a very broad scope. When we look at the catalog, it is multiple levels and in fact, our network security expert program is it's an eight level program. And the first couple of levels of that program are applicable to anyone that needs an awareness of cybersecurity and the issues. So yeah, it's perfect. And in fact, the level one of that program is something that we've integrated into a new service offering, which is our cybersecurity awareness program that companies can implement internally to provide that base level of cybersecurity awareness to all of their employees. And then as you go up to level two, three, four and five and so on, it gets more and more technical right up to the NSC eight level where we're talking about architects, engineers are developing very large critical cybersecurity infrastructures. Lisa, you bring up a very important point I'd like to make a comment on. There's this misconception that you need a degree in computer science or some other technical degree to be in cybersecurity. And that's absolutely not the case. In fact, half the people in cybersecurity don't have a degree in any computer science program, et cetera. But there's a lot of skill sets and backgrounds that really map well to cybersecurity. And it's a very broad industry. There was new roles coming all of the time. So I would encourage people to not let that be a barrier to getting into this industry. And in fact, our veterans program has been extremely successful because people coming out of the defense forces have a lot of the skills that map very well to cybersecurity like attention to detail, situational awareness the ability to work under pressure. So it's definitely a misconception that the industry needs to correct. I couldn't agree more, especially as a daughter of a Vietnam combat veteran. I love what you guys are doing with veterans, but you're right. There's so many other skills that people have that are so transportable and transferable that and it's such an exciting industry. I mean, we all have a million devices scattered around. I think, you know, with those new Apple tags that I put one on my dog's collar, my dog's going to be a connected device. There's so many opportunities to learn, but there's also more exposure. The more people that have different backgrounds, I think just that with that thought diversity alone, organizations and any industry can benefit center. Talk to us about how partners are taking some of these programs and rolling them into their own to help kind of open that door wider. As you say, to make sure that barrier isn't there and also get more folks aware of what they can learn. Yeah, the encouraging thing is I just see a lot more creativity around this issue. If you think about it, the lack of diversity in IT has been a challenge for everyone that the issue in cybersecurity is just a manifestation of that. And one of the reasons is that it's particularly in cybersecurity. A lot of people don't understand how to get into the industry or they have a lack of awareness about the different types of roles. And we see this in particular with women and young females as well as underserved minority groups. In fact, the veterans program is one way to bring more of that diversity into the industry. And if you think about it today, women make up about 24%. I think it's single digits for underrepresented groups. So we have a huge opportunity there. And I think working with our partners, we're doing a lot of different things. Not only are we providing our curriculum and our training and the technical support, but we've done a lot of work around mapping roles and the steps you need to take to achieve those roles. So we've created that for different roles and we've shared that with some of our training partners and they provide that information on their training platforms. We also regularly have done a lot of different podcasts and interviews with women and minorities have gone through the industry and been very successful talking about how they did that and how they got there. We're working with lots of nonprofits like women and cybersecurity speaking to people out there providing them the support. So it's a multi-phase approach. And I do think that private industry need to be doing things like creating entry level kinds of roles to bring more people into the industry and recruit differently. But the good news is that there's a huge amount of awareness around this and you definitely see companies doing a lot more as well as our partners. If I could just touch on something there as well. Sandra is talking about the different career roles and so on. So the industry can get pretty complicated pretty quickly when we're talking about different roles and there's a lot of buzzwords. And when people are looking at this and say, well, how do I even get into this industry? It sounds very technical and complicated. And there are a number of differences or career pathing tools that you can find out there around cybersecurity. But when there's too many of those that even gets confusing. So the career paths that we've developed we've done that in conjunction with NIST and there's an initiative called the NICE framework which stands for National Initiative for Cyber Security Education. And so the pathways that we've developed map to that. So that's one thing I'd like to encourage other organizations to make sure that we're all following that framework so that as we're providing these career paths to people we're using the same terminology, we're using the same titles and career paths and so on. So it just makes it a little bit more understandable for people to pick a path that they want and then start their journey. I also think exposing students earlier in their education about cybersecurity is really important. In fact, we just released a book called Cypersafe and it's targeting elementary school children and their parents and making them more aware of cybersecurity, the risks, how they should behave online. It talks about cyberbullying and it also helps, has guidance in there for parents. And this is a book that we're making freely available to underserved schools and it can easily be accessed online. We've had great reviews, but it's all part of our TAA efforts to educate, make people more aware about the opportunities and the industry overall. I love that. Senator, our SCP of Marketing, is there a URL that you can give our audience where they can find that free resource? Yes, you can find that. I believe on our NSE training page, you can just go to fordinex.com, NSE, or TAA and you will find information about how to get the book. Excellent. So fordinex.com, search TAA or NSE, you'll find that information. I'm going to check that out myself because maybe I'm, you know, for adult children of parents who also need some cybersecurity help, I think I might check that out for myself. You guys, this is for a copy, Lisa. Thank you, excellent. It's been great talking to you guys. This is such an interesting topic. I love the efforts that Fortinet is doing to close those gaps and also what you're doing to bridge that with the diversity and inclusion efforts. Rob, that's a great effort. Sandra, Rob, thank you for joining me today. Thank you, Lisa. Thank you, Lisa. For Sandra Wheatley and Robert Schott, I'm Lisa Martin. You're watching this CUBE conversation with Fortinet.