Industry Trends

Byline: Companies Are Taking the Cyber Skills Gap Into Their Own Hands

By Scott Edwards | March 07, 2017

The growing cybersecurity skills shortage couldn’t have hit at a worse time. We are in the midst of a global transition to a digital economy. To compete, organizations are continuously correlating, analyzing, and making decisions based on massive amounts of information collected from highly distributed data sources, including IoT (Internet of Things) and endpoint devices, cloud-based resources, free-ranging edge devices, and hyperconnected ecosystems of networks.

As a result, networks are being completely transformed. Virtualization, cloud services ranging from software and storage to Infrastructures as a Service, and the growing IoT are all being woven together into a complex ecosystem of networks that are highly dynamic and often temporary.

Of course, this new digital world has become a playground for cybercriminals. Any data that can be collected can also be stolen, ransomed, or corrupted. Because this data is increasingly distributed, the potential  attack surface also continues to grow. And as devices, data, and networks, including critical infrastructure, become increasingly hyperconnected, new cyberattacks can cause significant economic and social disruption.

The cybersecurity skills shortage is a global problem. It is the most wanted skill set in Israel, Ireland, the UK, the US and Germany, and is a growing need in emerging countries where competing in the global marketplace requires a digital presence, but there is a lack of trained specialists. It is estimated that there are currently about a million more job opportunities than there are viable candidates, and that gap is expected to grow significantly over the next few years if nothing is done.

Cybersecurity training and certification are essential tools in combating this challenge. The biggest gating factors, however, have been the availability of reliable and comprehensive training materials, and the prohibitive costs often associated with getting trained and certified.

I believe that it is time for the security industry to step up and address this problem before it becomes a crisis.

Ken Xie, CEO at Fortinet, recently said that “businesses are expanding investments in infrastructure security but struggling to source the increasingly rare talent needed to implement and operate their solutions. As an industry-leader, Fortinet believes it is our responsibility to foster the development and continuing education of cybersecurity talent and close the cybersecurity skills gap.”

Fortinet has long championed the cause of increasing awareness, understanding, and knowledge within the global cybersecurity landscape, which is why we launched Fortinet’s Network Security Expert (NSE) training and certification program, designed specifically to help close the cybersecurity skills gap. Fortinet’s NSE program is built around a tiered curriculum that progresses from cybersecurity fundamentals and overall context up to advanced security implementation strategies and technical concepts.

NSE level 1 covers network security fundamentals and provides a historical context of the cybersecurity market. NSE level 2 details the core security solutions used to address the challenges outlined in NSE 1. NSE level 3 examines advanced security products and capabilities used to defend against specific threats and attack vectors. And NSE levels 4 through 8 provide a deep dive into technical knowledge, skills, and assessments for architects, engineers, and network security operators for both enterprises and service providers.

Since its inception in 2015, the NSE certification program has become an industry-standard. In these first two years we have issued over 55,000 NSE certifications. And to keep up with growing public demand, we also launched a Network Security Academy designed for secondary and post-secondary schools. As a result, a growing number of educational institutions have now partnered with Fortinet to leverage our NSE curriculum, delivering NSE-based cybersecurity courses at schools located in 46 different countries.

But that is just the start. For the next step, we just announced that we are providing universal access to our NSE program. As of this quarter, NSE level 1 courses are currently available to the public free of charge, and NSE levels 2 and 3 will start to become available in the second quarter of 2017.

According to Ken Xie, “Opening Fortinet’s Network Security Expert program to the public increases access to educational resources and creates new opportunities for current and future IT security professionals whose skills will be critical to ensure the continued growth of the digital economy.”

I believe we need to do more than just develop powerful security technologies – we must work to change the security landscape for the better. To this end, we are members of organizations like the Cyber Threat Alliance, which is an independent organization dedicated to the sharing of critical, global threat intelligence collected from the top cybersecurity vendors across the industry. Outside of Fortinet, preparing students for a career in cybersecurity and building a workforce skilled in aspects of cybersecurity technology is really important work. Pouring resources into aggressively growing the number of certified security professionals capable of planning, designing, implementing, and managing effective cybersecurity strategies is vital to the future of our industry if we hope to meet the demands and challenges of the new digital economy.

A version of this byline originally appeared in ITSP magazine.