A Discussion About Women in Cybersecurity, Certifications, and Training

istock 1291622774

To help bring more people into cybersecurity careers, the need for access to training, career pathways and connecting individuals to employers is essential. Fortinet is working to increase diversity by creating access and opportunities to cyber careers for all, including women, students, veterans, minorities and others. In an effort to close the cyber skills gap, Fortinet provides training, certifications, and career resources through its Training Advancement Agenda (TAA) initiatives and Fortinet Training Institute programs and partnerships.

As part of Fortinet’s focus on Women's Day, I had the opportunity to speak with Aimee Carter, the Director of Support Services at SymQuest in South Burlington, Vermont. Aimee has an NSE level 4 certification and won a silver medal at a 2021 regional Fortinet Ultimate Fabric Challenge (UFC).

During the interview, Aimee gave us her impressions of the state of the industry and thoughts on the role of women and certifications in cybersecurity. She also told us about her background, how it led to a position in cybersecurity and how Fortinet NSE training has helped her in her career.

What is your take on the cybersecurity industry right now?

The cybersecurity industry is very dynamic and it has been another interesting year dealing with the changes the global pandemic has created for the threat landscape. We are definitely seeing a lot more attacks than we have in the past and we have to protect our network in different ways than before with a broader attack surface. There have been different types of attacks like Log4J and SolarWinds, that require qualified teams to remediate, but there aren't always enough people to fill our open positions. Everything is moving faster now as well.

What is your observation regarding the cybersecurity skills gap?

My primary role at SymQuest is managing a network operations center, and hiring people is challenging these days. You can usually find someone with technical skills, but people also need to have the right personality and the ability to troubleshoot. Also, if we do find the right person, it is also challenging to find time to get certifications completed to stay ahead of the curve.

Where do you find people? Are you cultivating employees?

Yes, I am. I'd much rather bring somebody into an entry-level position and provide the skills, training, experience, and exposure as opposed to hiring somebody off the street for a higher-level position. Not only does an entry-level person learn our process our way, but they also learn how we implement things and work with customers. It is also a win-win for them, giving them an opportunity to learn. So, we work to cultivate training and advancement internally before looking elsewhere for somebody new.

Do you think women need to play a larger role in cybersecurity as a whole?

The short answer is women are not well represented in this field yet. Do they need to play a role? Yes, but I think everybody needs to play a role -- both women and men. Cybersecurity is underserved in many ways, and many women aren't introduced to it until later in life. Figuring out all the various aspects of cybersecurity, from technical knowledge to troubleshooting experience, or even people management and industry terminology can be a monumental feat.

When is the right time to introduce cybersecurity?

I honestly feel like we are underserving our children from kindergarten. We put a computer in their hands in kindergarten, and they think "magic" is what connects it to a network. I can't tell you how many conversations I've had with my children over the years to explain that there's DNS involved and all these other components involved. I think it starts very young, and it's such an immense amount of information that starting at a younger age allows them to develop that over time, as opposed to being frustrated with it when they hit high school.

Parents are constantly saying, "Don't talk to strangers online." But kids don't understand; they don't get it. So, you have to start at a young age with all of the components of the way the world truly is. It's no longer acceptable to say, "I don't understand computers or technology."

And yes, I do have a copy of the book for kids "Cyber Safe. A Dog's Guide to Internet Security."

In your role now, do you work a lot with women in cybersecurity?

I don't. I've had a few women working for me, but they were geared towards server-side support and maybe some virtualization. To be honest, for the most part, in the networking fields and cybersecurity, I don't encounter many women. Although there's probably something closer to 20 or 25% of women in the industry, I live in more of a rural portion of Vermont, and in this region, it's probably only 10% women.

I don't encounter a lot of women in technology in general. And when I do, I get really excited. It may sound strange, but I feel like, "Wow, okay. I could talk straight to you about technology, and you understand me." It's fantastic to have that experience.

How do we draw more women into the cybersecurity industry? How can we make it exciting?

I don't have a solid answer for that question. Every human is different. The things that excite one person will be different for another. Getting women excited about this type of technology can be hard. I'm one of those parents that is cognizant of what I'm providing my child as a toy. I don't want them to be stuck on a tablet, but they have one because they need to learn technology.

Do you feel like there is a mystique about cybersecurity? Do you think training has helped you crack through those barriers?

When I was ten years old, I was given a Commodore 64, and before I hit my senior year of high school, I could type 120 words a minute. I was typing programs and working on networks and doing things that a lot of kids didn't have the opportunity to do. A lot of what I did was self-trained, and I loved it. I loved technology.

I started in the military. I was in the military for five and a half years. I learned as much as possible, but I had to be one step better than my male counterpart to be validated.  You learn applicable skills in defense, the military, or in service that transfer to cybersecurity. The military is more like technical school training as opposed to book training. I learned how to troubleshoot systems 30 years ago because they had methodologies for training you on the job.

You received your NSE 4 certification. How did you find that process, and what benefit did it have to you?

I've been in networking for thirty years, I've been the firewall specialist for a good portion of that time and I've also been managing teams for more than ten years now. All this amounts to a lot of experience in the industry but there were still a few reasons why I got my NSE 4 certification.

To start, our company made a shift to Fortinet solutions. At that time, we only had one person on our staff who knew the products. Because I was an escalation point, I needed to know the products too. The certification helped me to understand what Fortinet saw as foundational knowledge for FortiGate next-generation firewalls. This was a big help.

I also feel that certifications are necessary for partnership. And when I got the certification, it showed my team that we could do it.  

I should note, I am now also working on my NSE 7.

What would your advice be to anyone debating a Fortinet certification?

I consistently advise people to just do it. Take the exam, learn what you can learn, go through the training, and take the labs. Any bit of training that you receive can help. I've never been one to absorb everything in training, and I think most people can't. But even if you learn one area, so you know more than you knew before, it's going to help in your day-to-day work.

Learn more about the Fortinet free cybersecurity training initiative, the Fortinet NSE Training programSecurity Academy program, and Veterans program.


Copyright © 2022 IDG Communications, Inc.