The Fortinet Training Institute, which provides certifications and training in cybersecurity, offers programs that include a wide range of instructor-led, virtual instructor-led training, and self-paced training, as well as labs that demonstrate mastery of complex network security concepts. At the heart of this training is Fortinet’s world-class trainers. Shaabena Abdul Ghani is a Fortinet senior technical trainer in the Asia Pacific region. She joined the company almost four years ago when a Fortinet recruiter reached out to her. At the time, she was a freelance technical trainer and jumped at the opportunity to join Fortinet as a corporate trainer. We recently had a conversation with her to learn more about her career trajectory and learn about the impact being a Fortinet trainer has on helping to address the industry’s talent shortage.
Shaabena: I have a Bachelor of Engineering in Mechatronics, which is synonymous with robotics. It’s completely different from what I’m doing right now. I began my career at Huawei as a technical sales engineer. At the time, they called it “product engineer.” I used to support the sales team, creating RFBs (requests for bid) and RFIs (requests for information) for quality products. When I realized I wanted a more hands-on job, I moved into network engineering. After network engineering, I moved into cybersecurity because I saw that there was huge demand for professionals in this field.
Early in my career, I started at a tech company as an L1, a Level 1 SOC analyst monitoring security threats to the corporate infrastructure. Then I was promoted to an L2 and my tasks were mostly on management of a specific device called SIEM (security information and event management). From there, I kept learning more about security to broaden my experience, which has given me skill sets that I try to pass on as a trainer once I joined Fortinet.
Shaabena: The biggest change I have seen over the years is the awareness level of how important cybersecurity is—or even what cybersecurity is. I think that's a huge accomplishment. Even people I know, who do not have a technical background, are becoming a little more cyber aware. I think it’s because of the increased number of cyber attacks on individuals in Malaysia. The awareness level is not as high as we need, but it's getting better.
I've also noticed that the adversaries—the attackers—are no longer just individual attackers. They can be part of highly sophisticated organizations with artificial intelligence and integrated tools. Where attacks used to take four weeks, now, they can be implemented in two hours. Another trend that I noticed is that security companies like Fortinet are adopting AI and machine learning to counter these attacks, so that cyber criminals can be stopped from the inception.
Shaabena: I love standing in front of an audience, and working with them to make complicated information more comprehensible. Breaking down complex concepts into a digestible and comprehensible format is an important facet to learning. I’m having a direct impact on helping close the gap our industry is facing with the talent shortage.
Another advantage to my role as a trainer, is that I get to test a lot of products. Having knowledge of different products provides me with a better understanding of how learners are working in the field.
Shaabena: While all of my students have been from technical backgrounds, only some have a security background. They range from SOC engineers, security consultants, post-sales engineers, and more. Some of them are network administrators, who normally don’t have a lot of security knowledge. In my classroom there's always going to be a varied level of experience. There's typically a mix of cultures as the students come from different countries in the APAC region, including Australia, Singapore, Malaysia, India, New Zealand, Hong Kong, and Sri Lanka.
Shaabena: As far as I know, it’s to get certified, which ultimately provides validation of one’s skills. To be NSE 4 certified is a big deal for a lot of engineers. It shows that they are skilled and knowledgeable in cybersecurity and also technology like Fortinet's FortiGates. The NSE certification curriculum is well known in the security field, which makes certification and recognition important. One driving factor would be the need to learn in order to do their jobs well.
Shaabena: First, have experience in training, because you need to be able to address a wide audience coming from various backgrounds. The students might have different attitudes, apart from different levels of experience. Second, you must have training experience in a technical field, preferably security. Third, get certified in NSE 4.
Find out more about how Fortinet's Training Advancement Agenda (TAA) and Training Institute programs—including the NSE Certification program, Academic Partner program, and Education Outreach program—are helping to solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.