Matthew Watkinson is the chief security architect at Secure Sense, an IT security provider based in Canada. He has achieved Level 8 certification through Fortinet’s Network Security Expert (NSE) Training Institute’s Certification Program. He is skilled in the technical aspects of unified threat/next-generation firewall operations and design, web application security, and SIEM operations and deployment. He’s also knowledgeable in offensive security assessments including penetration testing and social engineering. We spoke with Matthew recently about how he got into the cybersecurity industry, why he sought Fortinet’s NSE 8 Certification and what the process was like.
I fell into cybersecurity accidentally. I went to school for something completely unrelated, and then I got laid off and needed a job. A local company was hiring a Linux admin; I had previously done some server administration and was hired. So, I started there, learned on the job and worked my way up.
I already had an interest in cybersecurity, and just learning how everything worked. At the time, where I was employed, nobody was filling the cybersecurity skills gap. So, I took it upon myself to learn when I saw the opportunity in this high-demand field. That's actually when I started working with Fortinet appliances.
I was looking for a larger challenge and looking for more exposure into the security space. I was an end user of the Fortinet appliances, so a mutual contact put me in touch with my current boss, Peter Humphries. Peter had just begun a small startup called Secure Sense and hired me to be his presales engineer for Fortinet appliances among other things. That got me started on the certifications path, helping me keep my skills and knowledge up to date alongside my career growth
One of the things I really like about it is the wide scope. For the NSE 8, basically anything that’s Fortinet-branded is fair game. It’s definitely a challenging process and a challenging exam. Because of that, there's a lot of credibility that goes along with it. When I'm speaking to existing and prospective customers, I can say, “Look, this is the process that we had to go through to get NSE certified.” So, when we're talking about certain architectures or implementing certain specific features, prospects know we've done it in production and have been assessed by Fortinet, demonstrating our competency.
It definitely comes up. As a managed service provider, we pride ourselves in our technical excellence. Our founder was a sales engineer before he started Secure Sense. His vision for Secure Sense was very technically focused because he felt that would be a key to our success. And it's been a successful strategy.
So, when we talk to our customers about managed services, we can say, “More than 50% of our organization is actually hands-on technical people. And they've all been trained by someone who is at the upper echelons of Fortinet certifications. So, you know that the people who are actually doing the hands-on work in your environment know what they're doing. They've been trained and they're very competent.”
Absolutely. It’s the breadth of skillset. I know a lot of people who are really good at networking, and I know a lot of people who are really good at firewalls or malware analysis or authentication; I don’t know a lot of people who are really good at all of them. And with the breadth of requirements for NSE 8, you need to know what you are doing on FortiGate, on the switches, on the wireless, on the authenticator, email, the web – everything comes together in that exam. So, you need to be good at all of it – not just really good at one thing – to be able to get you through an exam.
Honestly, it's experience. The NSE 8 is absolutely experienced-based because there's no real list of things to study – if it starts with “Forti,” it’s fair game. It’s just making sure that you’ve worked on the entire product portfolio – they’re all great products in their own right – and being able to leverage them in customer production environments is an important aspect of the test. That’s definitely what helped me through it. That's really the best advice I can give: get your hands on Fortinet solutions and start playing around with them. Experience in a multiple number of platforms is essential to success when preparing for the exam. People are doing themselves a disservice by pigeonholing or only focusing in one area – whether they are preparing for the exam or not.
I found the actual exam process to be really enjoyable – the practical exam, that is. There is something really fun about that challenge of having to work through these problems, getting from point A to point D. It was two days of pure problem-solving and technical hands-on.
I think we're still in need, but it's not because there are fewer people in security. It's just that the demand for security has outpaced the number of people entering the security space. Especially within the last five years, with the high-profile breaches that have been made public, a lot of businesses are now seeing the cost of having no security or at least poorly thought-out security strategies. And because of that, more companies are specifically hiring security-focused and security-trained individuals. It's no longer “You’re the person who’s the best at networking? Congratulations – you're now the security person!” Now that everyone has a security person, the security specialists are spread thinner even though there are more of them in the market.
So, there's still a security gap. We're always trying to hire qualified security people who have that breadth of knowledge in all of the individual technical subcomponents of security as well as understanding security frameworks at a larger scale. It's become problematic for us. Demand is definitely outpacing the supply of security people.
Find out more about Fortinet’s NSE Training Institute programs, including the Certification Program, Security Academy Program and Veterans Program, which provide critical cybersecurity training and education to help solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.