The Security Vendor’s Role in Closing the Cybersecurity Skills Gap

Cybersecurity vendors such as Fortinet have a responsibility for closing the cybersecurity skills gap that goes well beyond providing training on products and solutions.

As the cybersecurity skills gap continues to widen, it is creating what some now consider to be one of the top cybersecurity risks for many organizations. According to a recent workforce development survey, 59% of organizations have unfilled cybersecurity positions, with Frost & Sullivan forecasting a shortfall of 1.5 million by 2020.

This critical shortage in the cybersecurity workforce has resulted in security operations teams who are overworked and understaffed, which can often result in either neglecting to adhere to cybersecurity best practices, or careless errors in caring for network and security resources.

Although much of the energy in closing the cybersecurity skills gap is focused on technical skills to fill cybersecurity jobs, we need to be aware that the cybersecurity skills gap goes far beyond the job market for cybersecurity professionals. One of the biggest cyber risks in today’s workplace is a general lack of awareness of even the most basic attacks, such as phishing emails and other social engineering techniques at all levels of an organization. It’s therefore important to understand that cybersecurity is everyone’s job, and organizations need training and education programs that address many different audiences.

Cybersecurity vendors tend to do a great job at delivering training programs that equip customers and partners with the knowledge and skills required to deploy and operate their own products. This is certainly critical as cybersecurity solutions become more sophisticated; however cybersecurity vendors who truly want to become trusted advisors for their customers need to adopt a training and education strategy with a much wider focus than their own products and solutions. A comprehensive strategy needs to include training and education programs designed for:

• Teenagers and parents—both in school and at home
• Technical colleges and universities implementing new cybersecurity programs or integrating cyber into more traditional IT and computer science courses
• Security operations teams deploying company-wide awareness programs for employees
• Customers implementing and managing cybersecurity products and solutions
• Professional services organizations providing services to assist customers
• Academic institutions conducting research on advanced topics such as AI and its applicability to cybersecurity
• Governments and NGOs tasked with establishing cyber policies and global initiatives
• Recruitment programs targeting women, minorities, and high-potential candidates such as veterans transitioning back to civilian careers

Creating and executing a strategy with such a wide scope can be a daunting task, but this is precisely the mandate and strategy of the Fortinet Network Security Expert (NSE) Institute. While the Institute’s flagship NSE Training and Certification program has issued over  200 thousand certifications for product training, it is equally focused on education programs such as the Fortinet Network Security Academy program for high schools, colleges and universities, the FortiVets program focused on retraining for military personnel transitioning into new careers, as well as free publicly available awareness training that can be accessed by any company wishing to deploy an internal cybersecurity awareness program for employees.

In addition to formal programs, a comprehensive training and education strategy must include strategic partnerships within government, academia, and NGOs. For cybersecurity vendors this provides a means for our subject matter experts to share their knowledge and vision with thought leaders and the next generation of cybersecurity experts. In future posts I will provide more insight into the various programs within the Fortinet NSE Institute as well as some of our strategic partnerships with organization such as the World Economic Forum, the Global Threat Alliance, CompTIA and various university research programs.

In summary the cybersecurity skills gap has become a much bigger issue than simply filling open job positions. It has become an enterprise risk and a top priority for security operations. Effective strategies for closing the skills gap must focus on a wide range of audience needs. As cybersecurity vendors, our role and responsibility in closing the cybersecurity skills gap goes well beyond providing training on products and solutions and entails becoming trusted advisors for our customers and for society as a whole.

Read more about the Fortinet Security Fabric and how Fortinet is delivering solutions for the Third Generation of Network Security. 

Read more about the news announced from Fortinet at Accelerate 19.