Business & Technology

Addressing the Cyber Skills Gap with Great Talent

By John Maddison | August 20, 2018

One of the most pressing concerns of today’s CSO is filling positions in their security teams with qualified, trained, and motivated security professionals. The few applicants trickling out of universities may have deep theoretical skills, but few have been seasoned on the front lines of a real world security environment. Other applicants may have a handful of certifications, but are almost always junior-level operators without the confidence needed to deal with the stress of managing a live environment, especially during an active attack. And seasoned security professionals are in such demand that many organizations, especially small to mid-sized companies, can’t afford them.

Part of the challenge is that few training and certification programs are focused on real-world issues and technologies. Academic approaches may have their value, but they often lack serious practical application in a live SOC or production environment. The Fortinet Network Security Academy (FNSA) program is designed to address this challenge by providing industry-recognized training and certification opportunities to students around the world. The academy collaborates with academic institutions, non-profit agencies, and veteran programs to provide a real-world framework to academic environments to help students apply knowledge to practical situations.

Likewise, the Fortinet Network Security Expert (NSE) program is an eight-level certification course designed for post-education technical professionals interested in the independent validation of their network security skills and experience. This program includes a wide range of self-paced and instructor-led courses, as well as practical, experiential exercises that enable participants to demonstrate the mastery of complex network security concepts, including the ability to design, configure, install, and troubleshoot a comprehensive network security solution in a live environment.

Like any career, however, cybersecurity isn’t for everyone. So a third challenge is bringing advanced technical training to motivated individuals with the right sort of problem-solving skills and interests. One of the great untapped resources that has been seriously underappreciated by the cybersecurity industry is the number of veterans transitioning into public life from today’s highly digital military. Many of these individuals have had years of training in advanced computer systems, while operating them under some of the most demanding and stressful environments imaginable. They have also developed a strong sense of security and defense, understand critical issues like chain of command, especially during times of active threat, and have been trained to learn how to think like the enemy—all skills that few of today’s traditional security applicants possess.

One of the ways that Fortinet is helping these individuals successfully transition into a career as a security professional is through the Fortinet Veterans Program. The mission of the Fortinet Veterans Program is to facilitate the transition of exceptional military veterans into the cybersecurity industry by providing professional networking, training in the latest networking and security technologies, and mentoring in both civilian and business expectations.

While the veteran unemployment rate continues to drop—from 4.3 percent in 2016 to 3.7 percent in 2017 to the current historical low of 3.3 percent according to the US Department of Labor—new veterans are being transitioned back into civilian life every single day.

To provide both private and public sector employers with a better understanding of the value that trained veterans bring to the table, I spoke with David Khull, a 6-year veteran of the Navy who recently went through the Fortinet Veterans Program and found a role with one of our employer partners.

Before we start, give us a quick snapshot of your military background.

I was a system administrator for the United States Navy, in charge of managing my organization’s unclassified and classified networks. I supervised the maintenance, patching, security, encryption, IT assets, and everything in between that touched my ship’s network infrastructure. Because we often used some of the most cutting-edge technologies available, I feel that the six years I served in the Navy gave me a well-rounded perspective of the challenges and requirements of today’s IT world.

What do you do now?

I just accepted a job offer from Booz Allen Hamilton, a Fortinet partner. As part of the Booz Allen team, I will be a System Administrator out of Beale Air Force Base in Northern California.

How did you get into the FortiVet program?

As my time in the Navy came to an end, I attended a TGPS class, which is a transitioning class that the Navy requires all Sailors to attend before we transition out of the Navy. I noticed the FortiVet Program flyer that was lying on the brochure table. It explained what sort of cybersecurity and IT administrations skills that many organizations were looking for and I could see that there was a good fit given my training and experience. I reached out to Jay Garcia, the FortiVet Program Team Lead, who gave me basic information about the program and did an initial interview. During this interview they determine if you're a good fit for the program, which not only includes a review of your technical skills, but also determines if you are someone who is passionate to learn cybersecurity and willing to put in the work. I completed the two interviews and was accepted into the FortiVet Program. Two months later, I received a job offer. The training and mentoring that the FortiVets team provided me gave me the confidence I needed to value my military experience and apply it to the civilian world as I start my next phase in life.

Why do you think such a program is helpful for organizations to fill their cybersecurity talent gap?

One of the most important things this program does is look for and recruit people who show an interest in cybersecurity. A lot of military personnel receive advanced technical training. What programs like FortiVets do is first, vetting candidates to ensure their skills and interests meet the requirements of today’s businesses, and most importantly, connecting these candidates with employers and partners who hire out of the program. Not only does this really help fill the talent gap, it’s free! They also create awareness among those individuals without an IT/Cyber background and coach them as to where they can get experience through internships and certifications at no cost to them. But their ability to leverage their network once participants are ready to begin the job search is unparalleled.

What is the benefit of hiring military veterans?

Veterans have been trained in the arts of defensive thinking and strategic planning. Most importantly, they possess intangible traits like discipline, confidence, courage (both moral and physical), and adaptability to the changing environments, which are all good traits for a cybersecurity operator to have. Not to mention, plenty of us already have the training, certifications, and clearances required in this industry. 

What would you say the benefits are to a company that hires someone from the FortiVet program?

I'd say the biggest benefit to a company hiring from this program is that you are looking at candidates who have all been through a rigorous interview process. The FortiVet program team also tries to match veterans to those opportunities for which they are best suited within the industry. Furthermore, FortiVet candidates not only come with their military skills and certifications, but industry certifications provided by Fortinet and its educational partners. These two details alone not only reduce the recruiting/hiring cycles by hiring out of this program, but also reduce training and certification expenses that would otherwise come out of the company’s budget.


Educate Yourself: 

Check out our entry level designation of the Fortinet Network Security Expert (NSE) program. It is intended to provide a basic understanding of the threat landscape facing networks today. Anyone interested to learn about the threat landscape and cybersecurity should take this course for more learning.

Also learn more about the Fortinet Network Security Academy available to educators and students or the FortiVets program.