The undertaking was made following last month’s cybersecurity summit at the White House where President Biden urged big US tech companies to step up to address escalating cybersecurity threats.

“We’ve seen time and again how the technologies we rely on, cell phones, and pipelines and the electric grid, can become targets of criminals,” the President said. 

“At the same time, our skilled cybersecurity workforce has not grown fast enough to keep pace … about half a million cybersecurity jobs remain unfilled.”

The (ISC)² professional body for cybersecurity professionals puts the worldwide skills at 3.12 million cybersecurity professionals. Our own industry has struggled to fill cybersecurity roles with border closures cutting off a key recruitment channel – skilled migrants.

Jon McGettigan, Fortinet’s regional director for Australia, New Zealand, and the Pacific Islands, says the company’s training efforts in the region have ramped up to address the skills shortage. 

Last year, Fortinet began offering its Network Security Expert (NSE) training for free online and via education providers such as Wintec and Otago Polytechnic. 

“The students are coming out with a globally recognised certification and can enter the workforce with something of substance,” says McGettigan.

Free security certification

In the 2020-2021 year, 1,767 people across the region were certified by Fortinet, up 252% on the previous period. It’s not just students that being offered the opportunity to develop their skillset.

Fortinet’s Jon McGettigan

A partnership across the Tasman between Fortinet and the not for profit Soldier On, is giving military veterans and their families the opportunity to undertake certification in cyber security skills.

“We saw a trend before Covid toward network security skills moving abroad to Australia and the United Kingdom,” says McGettigan.

“They go for the higher salaries, for the bigger organisations. We saw a massive opportunity for certified training. We used Covid as a bit of an opportunity to help our partners upskill too.”

The skills shortage is a double-edged sword for Fortinet. It needs its customers to have staff capable of managing network security. But it has also benefited from a growing desire by enterprise organisations to buy in network security as a managed service.

Locally, it started with government moving to an “as a service” model. Service provision now accounts for 70% of Fortinet’s business.

“We’ve been working with the likes of Spark and Datacom. The risk, from an end user point of view, has moved out to the managed service provider. Managed service providers are having to fill that skill gap.”

2degrees this week became the latest telecoms provider to offer an SD-WAN (software-define wide area network) security service using Fortinet, offering application prioritisation, improved visibility and cloud enablement through a single interface.

“SD-WAN and secure SD-WAN have a certain cycle of replacement and we are in the fortunate position of having SD-WAN functionality on our security devices,” says McGettigan.

The Covid bump

Fortinet had a strong year locally during the pandemic, growing by around 50% in 2020. Overall, the US-based, Nasdaq-listed company which was founded in 2000, reported revenue for the quarter to June 30 of US$801.1 million, up 30% on the same period last year.

“What we saw was huge uptake of remote working,” McGettigan says. 

“The traditional firewalls in the enterprise that protect them in that environment now had to accept all of these connections coming in form outside as well.” 

Recent contract wins include Foodstuffs North Island, the co-operative behind the PAK’nSAVE, New World, and Four Square grocery chains, which introduced Fortinet for cybersecurity as part of a major infrastructure upgrade.

In a year characterised by high-profile ransomware and DDoS (distributed denial of service) attacks, two key issues pose challenges to cybersecurity efforts – siloed legacy IT systems and a lack of capability in organisations to deal adequately with security efforts.

The issues emerge in Fortinet’s Networking and Cybersecurity Adoption Index, which canvassed the opinions of more than 100 IT decision-makers.

“The general reflection is that people are more underprepared than we thought they would be,” says McGettigan.

Larger organisations were generally better prepared, which didn’t come as a surprise to Fortinet, which also offers managed services for small and medium-sized organisations.

“We’ve formed a thought leadership team in Australia and New Zealand. I think it’s something that’s lacking in the industry.”

Siloed, ageing and complex networks pose major problems for security. 

“You find a lot of these legacy systems aren’t patched and can’t be patched further up. If you are not patching, you will have vulnerabilities coming through over time,” McGettigan points out.

Source: Fortinet Cybersecurity Awareness Index

AI-driven threat detection

Automation and artificial intelligence are playing an increasing role in network security, both when it comes to deployment and the process of monitoring for and identifying security threats.

A project Fortinet undertook in partnership with Spark involved rolling out network security devices to 2,500 schools around the country.

“The boxes delivered were plugged in and automatically integrated. The attacks are changing quickly so if you can’t deploy quickly, then, then you still run into the risk over the time of deployment,” says McGettigan.

Another project in the region, which he describes as probably the largest opportunity we’ve seen in the last five years, saw a large ANZ-based organisation deployed Fortinet’s Security Fabric, which the company describes as “a context-aware, self-healing network and security posture that leverages cloud-scale and advanced AI to automatically deliver near-real-time, user-to-application coordinated protection”.

It’s about automating, where possible, the critical process of identifying efforts to breach network security and keep the attackers out.

“There are people involved, but you’re not going through logs trying to find something and then try and correlate it to another incident that happened,” says McGettigan.

“It’s being able to provide a consistent layer of security across all of the different parts of the attack surface.”