The talent shortage in the world of cybersecurity is real, and it’s growing. One of the ways Fortinet is addressing that talent gap is through the Fortinet Veterans Program. The mission of the Fortinet Veterans Program is to give Armed Services veterans across the country the training and mentoring needed to help them transition into the cybersecurity industry through employment at Fortinet, as well as at our distribution and technology partners. Today, dozens of “FortiVets” have already been trained, with many more currently enrolled or successfully starting their careers in cybersecurity.
We spoke with Tony Alfaro, a 20-year veteran of the Marine Corps who recently went through the Fortinet Veterans Program and now works with Fortinet, to get his take on the program.
I served twenty years in the Marine Corps and recently retired. Initially, I worked in IT and Help Desk, but in 2002 the Marine Corps started focusing more on cybersecurity – at that time it was called Information Assurance. I applied to transfer over to that field, was accepted, and then started doing that work after attending school. I worked in all aspects of cybersecurity, from policy to technical roles, like firewall configuration and implementation. One of the greatest benefits for me was that, during my Marine Corps career, I got to see all aspects of cybersecurity: information risk management, security controls, threat intelligence and analysis, intrusion prevention, and policy. We even conducted investigations with NCIS (the Naval Criminal Investigative Service). All that experience helps me to see the bigger picture now.
When I began this job, I learned all about the products I was responsible for: FortiGate, FortiAnalyzer, and FortiManager, but also became aware of the many additional products my company also provides. Having the broad knowledge base in networking and cybersecurity that I developed during my Marine Corps career helped me quickly gain an understanding of our security portfolio. However, when I go see customers, the products we have are not where the conversation starts. They want to know “what is the biggest threat to my company? What are the risks and how can you help me mitigate these risks?” That’s where my broad, real-world experience really benefits me.
As I began to prepare to transition out of the Marine Corps, someone referred me to Andrew Adrian with the FortiVet program. I was trying to figure out what the best opportunity for me for employment as I left the military. We actually use FortiGate in the Marine Corps, so I was excited to get the opportunity to interview for the Veterans Program.
Candidates who want to enter the program are categorized into three groups: the C group is people that already have cybersecurity experience. B is people who have IT and help desk experience. They have a good understanding of networking and general knowledge. They know what cybersecurity entails but haven’t worked in it. People in the A category don’t have much IT experience, but they have other talents that would be useful, whether it’s in HR or Sales or other areas of a company. Everyone has to go through two initial interviews, and if you are accepted into the program you get a Battle Card created for you, in addition to a wealth of resources to assist in gaining employment. That Battle Card has all your contact information, where you’re located and if you’re willing to relocate, your military service and experience, and your training and certifications. That Battle Card is then distributed within Fortinet and its partners to assist the veteran in gaining visibility by many different employers.
The Fortinet Veterans Program is really comprehensive. There are a lot of programs out there, even for transitioning out of the military, but none have the breadth of services, nor the support and follow-up. The program covers everything: how to set up your LinkedIn profile, how to target certain jobs, even how to prepare for an interview – everything from what kinds of questions they are going to ask to how you should dress. Prior to my retirement from the Marine Corps, I don’t think I owned a pair of slacks or a button-up shirt. For the last 20 years, someone else picked out my “business attire” for me.
They also put you through mock interviews to get you ready for the real thing, which I found very beneficial. I hadn’t had a job interview in twenty years, so I didn’t know what to expect. This really helped me get that experience prior to the actual interview, and allowed me to not be as nervous because I knew what to expect.
The mentoring that is provided to veterans in the program is also highly beneficial. People like Andrew Adrian and Stephan Tallent were extremely valuable to me. When I had questions about anything, I could always reach out to them. There’s also technical training provided to give you a good understanding of the multitude of products Fortinet provides, as well as a broad understanding of the Security Fabric, and how everything works together.
I was in the program for a couple of weeks when I saw this opportunity with Fortinet, and I decided to go for it. I submitted my resume, just like any outside applicant, but I also sent the recruiter my Battle Card, so he knew I was part of the Veteran’s Program. I think that gave me a leg up on my competition because they already knew what I was capable of, and what my experience was. I got the position and now work for Fortinet as a Commercial Systems Engineer. I work with a sales associate who makes calls to potential clients and gives them a better understanding of what Fortinet is all about, then I come in and talk with the person responsible for their network security to see what fits best and what their needs are for their architecture.
It’s a new role for me - I’ve never done anything sales-related - but it’s not difficult because of my experience with FortiGate in the military. I can tell customers that I used this product extensively for the last eight years, and wholeheartedly believe in it, and that the Marine Corps continue to use it. The fact that the Department of Defense trusts the product should tell you a lot – and I have that kind of trust in it also. Then we show them what the product can do, and that speaks for itself.
All of the military branches put a tremendous amount of time and effort into training, certifying, and getting their members experience, especially in a field like cybersecurity. Why wouldn’t you want to take advantage of that training and experience for your company? You already know they are going to have a lot of the prerequisites, like certification, but in the end, the experience that military members come out with is so valuable to companies. You can go to school, and get certified, but the experience you gain through the military, in many different environments, is second to none. That kind of experience in cybersecurity is something that translates easily to the civilian sector.
And beyond the technical side, the skills you gain from your experience in the military – the leadership, the discipline, the self-motivation – are all key components for success that you don’t find in just anyone.
With the shortage of qualified security personnel, it’s getting difficult to find people who have real-world experience in cybersecurity. That experience gives you an extra capability. In the military, we do exercises where we build networks from scratch, from the ground up, on a monthly or bi-monthly basis. So you don’t just get to know your job, you get to know the whole architecture and how it all works together. There are also threats that we saw on the military that are easily transferrable over to a banking or financial institution, or any big company that could potentially lose a lot of revenue because of the risk. Military members have that in-depth knowledge and have seen those different scenarios, and can put that experience to work in helping customers.
Absolutely. When you’re in the military, mission accomplishment is always our biggest priority. It’s a different environment now, but I do everything I can to build a solution that helps my client achieve their goals. And obviously, coming from the military, we understand pressure, and how critically important it is that information is secured. In an enterprise, there are serious consequences if security is compromised – businesses can be brought down. In the military, it’s even more serious. We’re defending information, and if that information gets compromised, lives can be at stake, both here in this country and around the world.
Companies can feel good about hiring FortiVets because they know those candidates have been vetted, they’ve been trained, and that they have the certifications and real world experience that will be extremely valuable to their company - and that will help that candidate not only succeed but excel. They know if they interview someone out of this program, it’s not going to be a waste of their time.