Upskilling Cybersecurity Professionals through Training and Certifications

According to a recent skills gap report from Fortinet, many of the challenges organizations face in the fight against cybercrime are directly related to a lack of qualified cybersecurity professionals. The report also indicated that training and certifications are critical to addressing the skills gap. To help address the skills gap, Fortinet has made a pledge to train 1 million people in cybersecurity by 2026 through its Training Advancement Agenda (TAA) and Training Institute programs. One focus area to help achieve this is to upskill current security professionals to gain more knowledge about the threat landscape through the NSE Certification program, consisting of 8 levels.

According to Christina Lemovitz, a Fortinet Network Security Expert (NSE) Level 7, certifications have helped her advance her career and affected her day-to-day work as a Network Engineer. Through Christina’s work, she helps clients resolve their network issues. She works with vendors to troubleshoot and identify bug-related behavior and performs firewall health checks to find and remediate security concerns.

We recently spoke with her to get her perspectives on cybersecurity and the impact certifications have had on her career.

What is the state of the cybersecurity industry? What is going on? What’s changing?

Right now, there’s a high demand across all industries to keep data safe from being leaked, stolen, or held for ransom.  There are also an increasing number of new threats that need to be mitigated, and the cybersecurity industry needs to be able to keep up. Threats are constantly changing, so we all have to be prepared for whatever threats may arise. And right now, many companies are moving to a more remote workforce, which requires different security. With remote work, you’re not just dealing with the corporate network within your own building anymore. Now the network is spread out with employees connecting their work computers to their home networks. And that requires security that can evolve and keep up with these new types of threats and extra gaps that arise. Also, as cloud solutions become more popular, that’s another security area that we need to pay attention to; it’s changing how networks are designed.

What is your professional observation about the cyber skills gap?

There aren’t enough professionals to keep up with the cybersecurity demands required to keep companies safe.  I also think that, unlike in other industries, in cybersecurity, you have to keep learning. You have to continue to read about all the latest threats, keep up with the journals, and all the resources that tell you what’s going on. When it comes to securing networks, it’s not something you can configure and forget about. It is an evolving threat landscape that we are dealing with, which is challenging for cybersecurity professionals. There is so much change, and there just aren’t enough of us to keep up with the demands.

What value do you place on certifications?

Certifications are valuable. Once you have earned your certifications, you can definitively say, I know this product, and it signals to other people that you are an expert as well. Certifications provide proof that you know what you’re talking about. I like seeing when other people have certifications too. Then  I know automatically that I can speak to this person at a higher level because if they have a certification, they should already have that knowledge.

What Fortinet NSE certifications do you have, and when did you receive them? What was the process like?

I have the NSE 4, 5, and 7 certifications. I started training with Fortinet in 2016 by watching the training videos and PDFs found on the Fortinet portal and paying attention to TAC when I called with issues. Then I began to work with the firewalls more often and became comfortable with how they worked. The NSE 4 was close to what I’d already learned during my daily work that I was able to achieve my NSE 4 quite quickly. After I got the NSE 4, I wanted to keep going, so I figured the NSE 5 would be great and then went on to the NSE 7. I just kept learning while doing my job, which made it easier to take and pass the tests.

I took the troubleshooting NSE 7 because that would help with my day-to-day work and many of the things I’ve learned studying for that test, I use daily. The NSE 7 goes more in-depth in the CLI than the NSE4 so studying for that test helped me troubleshoot better.

What does it mean to you to have a Fortinet NSE certification? Has it helped in your career?

When I got my first certification, it helped me get a promotion to Level Two engineer. I talked to my manager and let him know that I had studied hard and earned the certification. He ended up promoting me because of my knowledge. Being certified also helps me with my clients. Once they know that I have the certifications, it makes the initial conversations about their network easier because they believe I know what I’m talking about. I plan on getting more of the NSE 7 certifications like the SD-WAN one.

Why did you decide to pursue NSE certifications?

Originally it was because we had a client that had some firewalls that were new to them. They said that they wanted somebody with Fortinet certifications to be able to make the changes on their networks because they trusted the certifications. This prompted me to achieve the first certification to be able to work on the client’s network. And I kept getting them because I found it easier to engage with clients once they realized I had those certifications.

What types of projects are you working on? Would you be working on these if you did not have this level of certification?

I recently was assisting on a firewall refresh project, replacing about 60 firewalls with all new hardware and bringing the firewalls back up to best practices. We’re reviewing all the policies, making sure all the UTM profiles are applied properly, and adding FortiAuthenticator into the mix and EMS.  We’re also using FortiManager to deploy many of the firewalls and doing code upgrades on FortiManager and FortiAnalyzer as their VMs to keep them compatible with the firewalls we’re deploying.  We’re bringing the network back up to where it should be, patching all the vulnerabilities they might be experiencing, and fixing bugs they might be running into. 

What advice would you give someone debating getting certified with Fortinet?

Getting certified is worth it.  It’s worth the time and the effort you put in because it allows you to learn the products’ features and its capabilities as well as proves that you know what you’re doing to clients and colleagues. Being certified helps advance your career faster than if you had no certifications.

Learn more about the Fortinet free cybersecurity training initiative and Fortinet’s Training Institute, including the NSE Certification program, Academic Partner program, and Education Outreach program which includes a focus on Veterans.