Cultivating a New Generation of Cyber Professionals

Many of us in cybersecurity have a chance every day to make a difference in the security of the organizations and people around us. Cybersecurity has a role for everyone and it affects us all. Something I also believe is that as professionals in cybersecurity, we also have a duty to encourage others to progress in the field and more importantly encourage new people to consider transition into cybersecurity. The cyber skills gap is well known and we have a chance each day to help mentor and foster a new generation of talent. I recently had a conversation with someone who firmly understands these goals.

As part of our efforts to showcase cybersecurity talent, Jeff recently shared his thoughts with me on cybersecurity overall as an expert in the field and some inspiring perspective for developing talent in cybersecurity.

Jeff Robbins is the Practice Director, Security/Wireless for Business Communications, Inc. (BCI), a technology partner in the Southeast, USA. BCI is passionate about helping their customers design, deploy, and operate technology solutions that are reliable, scalable, and secure. Jeff is Network Security Expert (NSE) Level 8-certified through Fortinet’s NSE Training Institute’s 8-level Certification program. To reach NSE level 8, an individual must have a significant amount of related industry experience and show mastery of Fortinet’s technology though both a written and hands-on laboratory exam. This demonstrates his commitment to the profession and further learning.

Can you describe the current state of the cybersecurity industry? 

Jeff – The threat landscape has really changed in the past 10 years. Today we are up against some really efficient and technical cybercriminals. They’re not just running scripts; they have sophisticated techniques with malicious payloads. Not everyone outside of our industry understands the level of skill we need to counter in the world of cybersecurity and cybercrime. Cybercriminals are very motivated by the amount of money they can make. Well-known state-sponsored attacks are just one example. Most of us on a day-to-day situation are now dealing with a completely new level of criminal than we were 10 years ago. Savvy, money-driven, technically skilled, and connected with an ecosystem of others. It is no wonder that we read stats all the time about the growth of cybercrime and the increase in cyberattacks.

What do you think is the best cyber defense right now?            

Jeff – I believe it is very important to have a strong governance, risk, and compliance process internally. The one issue I tend to see is that while many organizations might have policies and procedures that dictate how things should work, they often lack adequately trained staff to implement those policies. That is why it is so important to have properly trained staff at an expert level on the technical controls that are used in the environment.

How can we close the cyber skills gap?

Jeff – It’s easier said than done-but recruit more people! At our organization, we have no choice but to cultivate talent inside the organization. Ideally we are looking for people to get on board and engaged in the process we have defined for growing talent. Our security engineers for the most part have an average tenure of 10+ years which is great, but we also need to hire new generations to carry the baton.

Our challenge is to find the next generation of heavy hitters. Upskilling from the inside through hands-on experience and certification programs is vital but not easy, it takes time and investment. I like to tell my team that we want to be better at 5 p.m. than they were at 8 a.m. and every interaction with less experienced engineers should be an educational one. 

What value do you place on certifications? 

Jeff – In our business we have to differentiate with the best engineers. And the way that we prove that is through certifications. It shows our customers that our team is valuable and that we are good at what we do. For example, we have several NSE 8 certified, but I would like to have a lot more. I just need to find some time for our people to take the exams. With the amount of technical and industry experience they have, I know they are ready, which is promising given the talent gap that is out there.

What does it mean to you to have advanced or expert certification?  

Jeff – I lead by example, and I wanted to set our engineers apart from others and show a career path. Having the Level 8 certification shows our customers that we have the strongest bench out there. The certification shows that we are all-in. Showing deep technology creds is important to customers when we are talking about such important technology such as cybersecurity. 

What skills do you look for in an employee? 

Jeff – Today, it’s hard to hire the heavy hitters, because the few who do exist are really expensive. So I have to focus on level 1 and 2 engineers who are eager and able to grow. More than skills, I look for that interest and hunger, and people who have a knack for picking things up quickly and learning on the job. We’re always looking for people who want to make a difference and want to be in cybersecurity. This is not easy work, you have to want to be a part of the field. This is also a reason why cybersecurity training and certification are so powerful since it can help you grow your talent and give career opportunities to those who are willing to learn and invest the time in advancing.

Find out more about how Fortinet’s Training Advancement Agenda (TAA) and NSE Training Institute programs, including the Certification Program, Security Academy Program and Veterans Program, are helping to solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.