FortiGuard Labs Perspectives
As the cybersecurity skills gap continues to impact organizations everywhere, it is more important than ever that both current and prospective security team members take advantage of training offerings to enhance their skill sets. It is also important that everyone involved in cybersecurity encourage others to find opportunity in the field. Recently, FortiGuard Labs’ Aamir Lakhani and Jonas Walker sat down to discuss their careers in threat research, the importance of training, and the lessons they have learned while working in the field of cybersecurity.
Q: How did you get into the field of cybersecurity?
Aamir – Even as a little kid, I was always interested in computers. When I was seven or eight years old, my dad got me a computer. Since I didn’t know what to do with it, I went to the library and took out books to learn about programming. I was always interested in learning why things break – that’s how I migrated into cybersecurity.
I began my career in networking, starting with router paths then moving into wireless. As networking became closely tied to security, I moved into that area, which is how I ended up as a threat researcher at FortiGuard Labs. My “how does this break” questions are still the same. Now, I spend my days researching how attackers launch their attacks, what motivates them, and what their techniques are.
Jonas – I currently work as a security strategist here at FortiGuard Labs. In 2016, I joined the Fortinet European team in Switzerland, where I was born. From there, I was offered the chance to move within the company, and I relocated to Singapore. After that, I moved into my current role, working with the analysts and researchers as a strategist and talking with customers to help them understand how the bad guys operate.
Q: What does a researcher do day to day from your perspective?
Aamir – I look at us as threat hunters in the truest sense of the word. Sometimes, people reach out to me and tell me they came across a new attack they haven’t seen before, wanting to know what it is. As they are usually only seeing the end part of the attack, my job is to go back to find the beginning of that attack to fully understand what it is.
For example, I might find that the attack was launched via email, so I need to figure out which email box started the chain. I might find that it was associated with an attachment, like an Excel file, meaning I also have to learn how the attack got embedded in that file in the first place. We know these attacks happen through macros, but I need to figure out what’s different about each one. Then I have to bring in other team members with diverse expertise to fully address the issue at hand.
Jonas – On a normal day, if you can call it normal, I work closely with our friends in the research department. The beauty of our job is that we need to work with other people – it isn’t something we can do by ourselves. In my role, I work with analysts who spend a lot of time working on the debugger side, where they help detect potential malware. Even there, with so many attack vectors these days, the dramatically-increasing sophistication of threats means we need to work together to understand the whole environment.
So, we come together as peers to learn what’s going on from a threat standpoint, but we also have to collaborate to keep up with new technologies. For example, machine learning (ML) is really important in threat analysis. I really appreciate having the opportunity to talk with some of the best guys in the artificial intelligence (AI) field. I get to learn from them about cutting-edge technologies. Then, I bring all of these different pieces together to create better strategies for securing the environment.
Q: What value have you seen in gaining security certifications?
Aamir – Throughout my career, I’ve gained many certifications. I use them to help me decide what I should learn more about or what path I want to follow. And what I’ve found is that there are so many different opportunities for direct training in cybersecurity, especially right now. If I was starting out today, I might follow a different path simply because of the sheer number of cybersecurity training offerings currently available.
Jonas – Certifications are an interesting topic – they’re not just about passing a test. Some certifications act as an excellent career roadmap and truly challenge you. Overall, I find that passing the certification is less important than the path to the goal. It’s about learning new things every single day.
When I was studying for my CISSP and OSCP, I would get frustrated, so I would reach out to other people who would give me a different point of view. In these cases, the studying became a collaborative effort, which is what I’ve found to be my favorite part about working in the field of cybersecurity.
Q: Can anybody participate in cybersecurity training, even if they are not a security professional?
Aamir – I love our Fortinet Network Security Expert (NSE) certification program because it has curriculum for all levels—from broad infosecurity awareness to technical expert training—and it is free. The basic NSE 1 program, for example, centers on security awareness. I actually have everyone go through it, like my high school-aged nieces and my mom. My mom even told me, “I get it now. I understand that when a stranger calls me on the phone, I shouldn’t be giving them my personal information.” You can go as deep as you want, but the more in-depth you go, the better you become. Other levels are great for upskilling technical knowledge or refining skills for experts in the field already.
Jonas – I think it’s important to realize that you’re never too old to learn something new. When I moved to Singapore, they had a certification in Mandarin. For the first year, I struggled to learn the language. Eventually, I finished that certification then decided to move onto the second level. In that class, I realized everyone was a lot younger than me – around 10 or 11 years old. You have to be willing to adapt and change, especially when it comes to cybersecurity awareness.
Q: What should people keep in mind as they look to join the cybersecurity workforce?
Aamir – One of my favorite phrases that I like to say to myself is, “You have to keep on moving.” I think it’s essential in life and cybersecurity. Cybersecurity is really about learning how to adapt, not getting set in your ways. I think this is one of the biggest challenges people face in their careers.
When I first started in networking, you needed to know how to configure a router or input firewall rules. People don’t do that anymore. Everything is really about automation, learning about Python and AI systems. Technology changes because the demands from the world or business are doing the same. You have to be willing to adapt, and you have to be humble because there are always going to be things you will need to learn.
Jonas – I’ve truly appreciated the opportunity to move within a global corporation. When I joined Fortinet in 2016, I told my managers that my long-term plan was to go abroad, even though I wasn’t really sure where I wanted to go. Over time, I’ve gained certain experiences – not just on the technical side, but also culturally – that helped me realize how important it is to be able to adapt, both in cybersecurity and in life. Ultimately, we all need to understand our surroundings then have a plan to make sure we fit in well.
Q: The Key to Bridging the Cybersecurity Skills Gap
The threat landscape is continually evolving and becoming more sophisticated, highlighting the need for qualified talent that can help in the fight against modern attacks. And while some cybersecurity careers are molded in the traditional sense, through college programs and internships, there are various paths that individuals can follow to enter this field.
This is the backbone of Fortinet’s NSE Training Institute, which helps develop career pathways and supports more than 300 academic institutes across 80 different countries with programs for all levels. The NSE Institute encompasses the Certification Program, the Fortinet Security Academy Program, and the Veterans Program, all designed to help reduce the cybersecurity skills gap so companies can better secure their information and environments. Further, those interested in transitioning into a career in cybersecurity can also take advantage of Fortinet’s education pathways to enhance their skill sets in the areas of Security Operations, Security-Driven Networking, Adaptive Cloud Security, Zero Trust Access. By embracing these types of opportunities, individuals can play an active role in bridging the cybersecurity skills gap while also laying the groundwork for their own career and future.
Find out more about Fortinet’s NSE Training Institute programs, including the Certification Program, Security Academy Program and Veterans Program, which provide critical cybersecurity training and education to help solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.