Securely Connected Everything S4-4: Beyond the Firewall: Jack Chans Vision for a Safer Digital Future

Ever wondered what it takes to stay ahead in the fast-paced world of cybersecurity? Join us this week to learn what it takes.

Ever wondered what it takes to stay ahead in the fast-paced world of cybersecurity? Join us as we chat with Jack Chan, Fortinet’s Vice President of Product Management and Field CTO for APAC, who brings nearly two decades of industry experience to the table. We’ll explore Jack’s fascinating journey from a NetScreen trainer to a leading figure in cybersecurity, providing unique insights into the evolving landscape of cyber threats in the APAC region. Our discussion highlights how cloud adoption and remote work are reshaping security measures and the vital role of innovative solutions in managing data more effectively.

Discover the cutting-edge strategies behind Fortinet’s rollout of Zero Trust architecture and Secure Access Services Edge (SASE) technologies. Jack sheds light on their phased approach, starting with small user groups, and expanding to a larger scale while integrating SD-WAN with SASE. This episode highlights the challenges and benefits of transitioning to cloud-native technologies and the crucial importance of constant device posture checks. Jack also shares Fortinet’s internal deployment experiences, offering valuable insights into their scalable technology solutions and what lies ahead in the world of cybersecurity.

Finally, we explore how Fortinet maintains its leadership by effectively managing IoT devices, from home networks to smart cities, with an emphasis on security and connectivity. Jack provides a glimpse into Fortinet’s product development strategies, which balance in-house innovation with strategic acquisitions like Lacework and NextDLP. The conversation wraps up with reflections on generational shifts in technology use, particularly AI, and its growing influence on our daily lives. Listen in for a rich, engaging discussion that not only highlights today’s cybersecurity challenges but also paints a picture of where the future might lead us.

Jack Chan:
0:02

It might be secure now, but the next minute someone does something silly and your network might not be secure anymore.

Michael van Rooyen:
0:08

The most uncontrollable element the human Today I have the pleasure in interviewing and having a chat with Jack Chan, who is the Vice President of Product Management and the Field CTO of APAC for Fortinet. We’re just going to talk all things cyber, converged networks, new technologies and everything else, jack. Welcome to today. Before we get started, do you mind sharing a bit about your background in the industry and what led you to your current role as VP of Product Management and field CTO of APAC for Fortinet? All right, thanks for having me.

Jack Chan:
0:40

I guess, first of all, at a personal level, I’m a Kiwi, I work in the APAC region and secondly, I think I’ve spent 18 years in Fortinet. Now I’m not saying HR will be pleased about that, but before that I was. Actually. I’ve got quite a bit of technical background. I was working in reseller distribution. What brought me to Fortinet was I actually worked as a NetScreen trainer. Oh wow, NetScreen trainer oh, wow, before that.

Jack Chan:
1:02

So you know the story how can? And michael, our founder, and cto, found the net screen, yes, and then sold the juniper and then came out find the fortinet. So a bit of legacy sort of there, the whole firewall story and how fortinet has evolved to where we’re now. So I looked after three regions hong kong, new zealand, australia, new zealand and now I’m in a global role.

Michael van Rooyen:
1:21

Few products in the product management group wow, wow, that’s’s a bit of a history and certainly always been security related, right? You’re luckily one of these that’s had the opportunity to be doing. You know, used to be called information security and now obviously cybersecurity, but you’ve been doing it before it became cool, right, you’ve been doing it for a long time. Correct, everybody thinks it’s cool now, but it’s been around a long time, been part of history, so that’s great context. So you’ve seen a lot of change over the years. Then, as someone who is out in the field, as a CTO and obviously looking at products et cetera, what are the most significant technology trends that you’re currently seeing in our cybersecurity landscape, and maybe particularly in the APAC region, because obviously you have a global view, but maybe more specifically around APAC?

Jack Chan:
2:00

Yeah, sure, I think I mean over the last what 20 years? I think we’ve seen the explosion of technology in general. I mean everyone knows that we’re surrounded by over 60 plus solution, that anything you think about osi layer, anything from layer 2 to layer 7, we pretty much have a solution for and after covert and use of cloud, you know, we see highly remote workforce needing to access highly distributed resources, right. So that drives some of our solutions and, of course, the never-ending evolving landscape. I was also the spokesperson for FortiGuard, our R&D security arm, so I’ve seen how, I guess, threats has evolved over time. To give you an idea of scale like 20 years ago we used to have probably 200,000 malware archived from the 18th century, but now, net new, we’ll probably have 200,000 net new malware per day that we do not detect. So what that means is, of course, everything’s automated, with training of new networks, writing signatures and rolling out to our global customers millions of devices and signatures out there. So yeah, it’s just scaled exponentially.

Michael van Rooyen:
3:28

Yes, so you touched on and I’ve been to a few Fortinet events this year internationally and obviously we’re catching up at Fast and Secure in Sydney today. But there’s a lot of discussion about converged network and security. Fortify Network is obviously where the Fortinet name came from and the explosion of devices. Are those the biggest trends or are some of the other trends you’re seeing around OT convergence, like what are some of the field discussions you’re having with customers in the software trend?

Jack Chan:
3:55

Oh for sure, OT is definitely a big trend and Fortinet has quite big investment apart from the convergence network security and also in the OT world. So we actually start to build solutions that are OT specific because traditionally it has been quite separated right. We all know that OT and let’s talk about IoT. You can’t really install endpoint sort of software on these OT or even legacy devices, so you got to have different ways to surface attack, like looking at the network data or looking at anomaly. The PLC water pump usually might be on value five, right, but suddenly it says to value nine. It’s not necessary in attack, but it’s definitely anomalies that you want to pick up. And a lot of these solutions the analogy I use is like sea of information and you’re just trying to pick a needle out of it right.

Jack Chan:
4:43

Which is difficult. So how can you manage all this data lake and service the right information at the right time to the users, that is?

Michael van Rooyen:
4:51

the challenge we all face, of course, of course, yeah, just the mass consumption of data, logging, et cetera. And if I think about your heritage there, talking about way back to NetScreen and been doing it for a long time and what you’re talking to a lot of customers about is, how have the cyber threats evolved over the past few years and what new challenges are organizers facing in this area? Yeah, I mean, I spoke about the malware context.

Jack Chan:
5:15

Right, you know it’s still, if you look at, I mean, everyone’s probably bored with ransomware, but you know it’s still a very profitable industry. Why are there still those scam calls, phishing links around? It’s because it’s kind of evolved into its own industry. Right, and with the use of machine learning AI, I mean, it’s almost like a battle of the good and the evil. While the hackers are, I mean, everyone’s lazy, you know they will use the machine learning AI to assist with the attack. Right, including deepfakes and business email compromise, and the vendors, the good guys, the white hats we will also use machine learning AI to combat, right.

Jack Chan:
5:53

So it’s an evolving game and what I tend to educate the users or customers I speak to is you really need to look at what is a usable threat intelligence. People behavior changes when you have different threat intel. Right, if I’m going to tell you, hey, what five steps, you’re going to fall in a hole. You won’t walk those five steps, right? So threat intel is actually quite important and most organizations almost have silos of threat intel. So I guess the Fortinet way is hey, why don’t you leave that to Fortinet? We will wait and we will balance out all this for Intel. So you focus on your core business, whether it’s banking, airline or whatever you guys do, and leave the hard work to the vendor.

Michael van Rooyen:
6:35

Yeah, fair enough, and I was reflecting and I’m sure in the sessions you were representing they called you out during one of the sessions and the presenter was talking about that there’s a perception of it being so much more intelligent or so much more higher type of attack, but it turns out that’s not actually really the case. Based on the data you guys are saying, it’s actually still very basic security that people are missing, but basic lessons learned. Is that the education part you’re talking about, Correct?

Jack Chan:
7:01

I think with the use of AI, deepfakes, social media, the entry point is kind of still the same. The hackers might use the machine learning AI in this area, but it doesn’t differ from the fact that you’re still looking at accessing to information and that information is harder now to protect because it can reside on on-prem, it can reside on someone’s laptop, it can reside in the cloud. It makes companies difficult to protect all this information and it’s very fluid. The information flows everywhere. If you look at the three goals of any IT security solution is you want to keep it simple, fast, speed and secure. So the three S right. But it’s almost like a tug of war. You pull one direction and you lose the other two, like maybe you want more security, but then, oh, it’s not so simple and not so fast anymore. But there are some technologies like 40 sassy or secure ssa which, when you balance it right, you can probably get all three. You can probably win of course.

Michael van Rooyen:
7:59

Of course, and just if I think about, then, the shift to, to remote and hybrid working, because that’s we all talk about return to work and all that, but we’re still seeing this as a hybrid world. Right and security, then, has been a challenge, as you touched on before about workloads everywhere, data everywhere, information everywhere. What impact has this had?

Jack Chan:
8:28

Have you seen, if I think, traditional model coming back from the heritage firewalls, central location, central way to control it, with now the spread everywhere, how organization security strategy changing and how they’re adopting to towards that, from what your discussions have been? Yeah, yes, very good question. I mean I touch on um remote. After covid and explosion of cloud technology, right, companies need a cloud native way to control access to, yeah, data. So I’m a traveling employee. You know, I was in different countries every month really. But when I bring my laptop to work and I have the, now, with the secure SSH, I have the ability to access critical finance system or whatever important application I need access to, without connecting to different VPNs. Probably like five, 10 years ago, not long ago, you’ll be okay, I need to access this application. Let’s connect to Europe or let’s connect to US. So the world has quickly changed. Secure SSH has kind of become quite important and Fortinet has invested with our partners in that technology area.

Michael van Rooyen:
9:17

Right, right, which really leads onto a great topic of zero trust, right? So we know that the US is deploying at presidential level this kind of zero trust right? So we know that the US is deploying at presidential level this kind of zero trust mandate. We know the big hyperscalers have been built for zero trust for a long time. That’s kind of top down. We know that today there was a discussion around from the user up point of view and from the application device point of view. So zero trust is obviously a big topic, right, and it’s a long journey. It’s not something you can just turn on tomorrow. I’m keen to see in your discussions what people are thinking about zero trust, where you think we are in the maturity cycle of that and kind of what else we need to do towards approaching zero trust and the adoption of that, or at least implementation.

Jack Chan:
9:54

Yeah, I mean, vendors almost abuse the word zero trust they do. But I mean, I’ll boil it down to really simple messaging. It’s really around need to know, right From a device and a user perspective. And Fortinet has actually been through this journey, rolling out Zero Trust ourselves, right. So Fortinet is a relatively big company now. We actually ship half of the firewalls around the world and we’ve got like 13,000 employees worldwide and we journey from six months to a year.

Jack Chan:
10:24

We’ve rolled out the secure SSH with the zero trust architecture, but what that really means is that people, laptops and users will only need to access what they need to, right, and we do constant posture check on the devices. Like I’ll bring my laptop around that’s my core working device, right, but before, oh, maybe CISO or the CEO might go. Oh, I want to access that on my core working device, right, but before, oh, maybe CISO or the CEO might go, oh, I want to access that on my iPhone, but sorry, now because your device is not trusted, no, byod, sorry. And then you need to access this application from your laptop and that’s really a simple example of how Zero Trust works. And when Fortinet rolled it out, we took stages. We don’t roll it out like globally, like no, hey, everyone needs to switch now because you’re affecting user behavior, which is quite important. So you always start small, a few applications, a small bunch of users. After success, mis gets used to it and then you start gradually rolling it out, yes, yes.

Michael van Rooyen:
11:18

Now, I did do a session with one of your counterparts, carl Windsor, earlier in the year and we talked a lot Gateway. Do you want to just, at a very high level, just explain for those who haven’t heard that, or getting familiar with these technologies, what SASE, secure Access Services, edge and Secure Web Gateway are and why they’re essential today just as part of that cyber environment or architecture?

Jack Chan:
11:43

Good question. So we spoke a little bit about the Secure SSH. There are some companies I was actually in Singapore like two weeks ago and there were still big companies, finance companies that will use this secure web gateway like local proxy, maybe due to compliance reasons. Most of the VLE very large enterprise still thinks, hey, if I have a single point of internet access that prevents me attack, I can check all the data, et cetera. But events may attack. I can check all the data, et cetera. But with the cloud native technology, often it’s almost a challenge with enterprise. Now it’s like, okay, should I proxy everything through a local proxy or should I just trust the cloud and send it off there? And how do I control this technology? It’s almost like a push and pull. Now it will be quite interesting what happens in the next five years. You know with okay, is SWG going away? Is everything just going to SSH?

Michael van Rooyen:
12:36

right, it will be very interesting to see how the organizations will adopt to the adoption of the technology of both. Yeah, look, and that’s a good point, and I think what we’re seeing with customers and again I’d be interested to see what you’re seeing across the APAC region, which our opinion is, our organization is all about securing client to cloud right, which is really a good way to boil it down. But if you haven’t really deployed SD-WAN today, there’s no point. Well, of course, sd-wan is fundamental to it, but but you should be having a SASE discussion, right, it shouldn’t be that pointed SD-WAN discussion.

Jack Chan:
13:01

It should really be a SASE discussion and then SD-WAN just forms part of that discussion yeah, absolutely correct, because I think Fortinet has quite a unique foundation, you know, because we started from the firewall and then we built SD-WAN, sort of quoted free features, and then that will evolve to a SASE, versus some pure plate SASE plate who say, hey, sase is all you need, send everything to the cloud, trust us, no, we don’t want customers’ investment to go away. Right, your investment in the current firewall infrastructure, sd-wan and on your endpoint. All that will be translate and almost kind of quote-unquote migrate you to the SaaS infrastructure.

Michael van Rooyen:
13:36

So very good point Are there some common challenges that organisations have been facing when looking at integrating or deploying SaaS or Secure Web Gateway, and have they overcome these or have you engaged them to overcome those?

Jack Chan:
13:50

I think I spoke about how Fortinet actually deployed some of these internally. Actually, michael C, our founder, has a directive and go hey, why don’t we talk about our own story of how we actually rolled out, like SESI and SD-WAN, globally with 13,000 users and a couple of thousand, like 8,000 endpoints or whatever it is, and we took on the journey. It’s almost six months to a year. I mentioned we started small, you know, with a couple of users called guinea pigs, a couple of critical applications, put them behind the chassis and then MIs get used to their technology so they’re comfortable managing the volume of support, and then you gradually roll this out Basically now, scale-wise, basically any city you can name worldwide will have a Fortinet presence in there, right Apart from a few countries, and everyone is on the Zero Trust and SASE architecture. And now I guess MIS can have a few good sleeps. They don’t need to manage a lot of IPsec, ssl, vpn and sitting in the cloud, and the technology is scalable in nature.

Michael van Rooyen:
14:56

You’re not bound to a hardware device and because it’s cloud-native technology, we can implement the stack just exponentially grow it based on the user’s needs, right right and there’s so many options, we haven’t really seen the outcome of SASE deployment, if I think alone just about even secure private access right for OT being able to remotely get into those environments using that. Secure private access is kind of one common use case we’re solving really solve the remote access challenge. So while SASE has been around for a couple of years from a Gartner framework point of view and we’re seeing a lot more adoption in that, I just want to pivot a little bit, knowing that you’re really focusing on product management and those components of the Fortinet family. But what emerging technologies do you believe will significantly impact cybersecurity over the next few years? What do you think is going to change our cyber?

Jack Chan:
15:44

landscape? Yeah, no problem. I think one good way to answer this question is if you look at the recent acquisition, so that will kind of reveal you a little bit of what’s on Michael C’s and Ken’s mind of where the company is heading. While we have our three pillars of secure networking alternative firewall, switching, routing, access point we have the user success and then now we have the security operations. But recently we’ve acquired two companies. But recently we’ve acquired two companies. The first company is Lacework, which focuses on cloud security, posture management, cspm, some people call it CNAPP Cloud Native Application Protection.

Jack Chan:
16:18

I hate acronyms, sorry. And then you work in the tech industry. I know, I know Because in my presentation just now I tried to explain every acronym, not assuming the audience understands it. That’s a fair point. And then the company that we completed acquisition about only two or three weeks ago was NextDLP, nextdlpcom. So it’s to do with data leakage.

Jack Chan:
16:39

Basically, if you think about our traditional security, from security operations to SASE cloud, and we’re adding the cloud native security on top because organization now uses a lot of cloud, whether it’s Google, azure, aws, even Alibaba in Asia. Right, there needs to be a way to. It’s almost like an overlay and go hey, how is my cloud security posture looking at For the SecOps great opportunity for partners to sort of add additional services so they can add it to like your existing SOC services yes, and also look at insider threats data leakage using machine learning, ai that’s what Next DLP is about. But if you think about the future, fortinet’s got all these technology that we can mix and match and combine. It puts us in a really unique place because we’re not a pure play.

Michael van Rooyen:
17:29

So to use and utilize all these data lakes, yeah, yeah yeah, right, right, and you’ve touched on the AI, machine learning, which is obviously a big focus and and some of these acquisitions help drive that strategy and, if we think about this, the additional amount of consumption of these logs and data and AI obviously really helps us get through that data. How vital is the threat intelligence in today’s cyber landscape and how are you guys integrating into those solutions to really leverage that footprint you’ve got at FortiGuard’s research center?

Jack Chan:
17:58

Yeah, correct, I mean if you think about how Fortinet uses machine learning AI. I mean we’re almost separate into three areas where we roll out different services to our products and, of course, we’ve got the product AI as well. An example will be network detection response, where we collect a lot of network telemetry data and a client recently in the US it was quite interesting use case. They wasn’t using like NDR for detecting attacks, they were actually using it down to hunt down BitTorrent clients on network. I was like, okay, okay, fine, this is a good way to use the solution, not bad. And NDR is probably the first type of solution where they because we’re collecting a lot of data and we’re using machine learning AI to harvest the attack.

Jack Chan:
18:40

An example which I just gave in the Fast and Secure event is, for example, fortinet is keeping track of all the botnet IPs and bad IOCs out there in the world. So we can build models that will look like oh, to this botnet network or to this ransomware IOC phishing link. It will have time to live, it will have a number of packets beginning interviews. So we feed all that into machine learning and go oh, here’s the model of what malicious traffic looks like. Hackers are not dumb. They will use DGAs to generate thousands of domains, spin up something on Azure new IP address that no one detects in a C2, right. But if it matches that profile of beginning interview time to live number of packets et cetera, we kind of know it’s kind of bad traffic, right. So that’s one model of how we use, like, ai, machine learning in a product, right?

Jack Chan:
19:29

The third part is degenerative AI Think open chat GDP on Fortinet products. Just think about the possibility we want to reduce the expertise required to run and operate these solutions. So even if you hire junior engineers, which you pay them less, and then they can interact with the solution and type in using LLM models, large language modeling and go, hey, have I got an outbreak in this area? Yes, how do I build the best SD-WAN out of these Fortinet technologies? Right? That’s kind of the three areas where Fortinet is invested and heading towards Right right.

Michael van Rooyen:
20:04

So that’s a real reduction in time to resolve, time to find the root cause. And I think the big step here is those tools are so powerful. It’s really come down to the hygiene and making sure people are seeing all the logs to it. It needs the best data source for that right. So it’s fascinating. I think we haven’t even seen many of the use cases.

Jack Chan:
20:20

Too many. If I’m honest, I think we’re still at the beginning of tapping into the gold mine of information, right? I agree? I mean you mentioned surfacing of attacks Most of the time, not just Fortinet, with every vendor solution it can detect, but it’s just been flooded with other logs that you could not see, you know. So part of the I guess the AI promise quoted is to kind of surface the important elements of what is important for you so you can actually imagine feeding and training the AI to go. This is important to me. I look at this every day. It changes my behavior, it changes my decisions and the solutions should eventually I’m talking about like quite future here so eventually learn what is important to that user, whether it’s a size or the soft analyst, right, so to service the information to them.

Michael van Rooyen:
21:05

Yeah, yeah, yeah, great. And if I think, I think about small, medium, medium enterprises right, so enterprises, government have obviously much bigger resources and ability to put cyber in, but SMEs have generally got a limited resource pool to do that. Have you got any suggestions or how you work with customers on solutions for SMEs to kind of protect themselves without the human power law? How do I help in that area?

Jack Chan:
21:28

Great question, I guess. First, fortinet has got quite a good strategy to tackle SMEs. So first, I mean we run the same operating system from our desktop firewall, which is the size of a laptop, to our firewall, which can tackle thousands of users, and, of course, our trusted partner. We give them a lot of room to build services to serve the SME market. So you can either rely on the partners and Fortinet has also got a service. Basically it means eyes and ears on your logs so that SMEs don’t need to hire engineers overnight to look at the logs. So I think that that’s kind of where Fortinet will help and differentiate with our partners community and also what Fortinet offers.

Michael van Rooyen:
22:13

And look, one of the common themes this year has been very much again why Fortinet exists is around the evolution of security networking or secure networking, or there’s many ways to say this but especially increasing the adoption of cloud and internet of things. How do you see that landscape evolving around the convergence? Do you see customers really adopting the convergence? Do you think it’s still a bit of a trial? My feeling is and I was saying this this afternoon is that the IT industry generally has always been very siloed. We’re always doing an upgrade of a particular service, which is why we’re out of sync, right, so it’s very rare you get a customer who does an end-to-end play. Obviously, the end-to-end play is there from seeing the same sort of life cycle, or how do you see this convergence really playing out?

Jack Chan:
22:50

yeah, I’ve answered this question in two contexts. Sure, on a small scale, like on my home 40k of course I run a 40k, right, to block my kids games. Apart from that, um, you know, we’ve got so many iot devices. Man, look at my firewall scope. What is this mac address or hidden mac address that’s connecting to to it? Is it my xiaomi, like home vacuum, that’s trying to connect to the internet? Right, that’s the small scale. Right, on the larger scale of IoT, I was in Singapore two weeks ago, as I mentioned.

Jack Chan:
23:18

We’re talking about smart cities. Smart cities need smart IoTs, right? And we are talking about the scale, with thousands or tens of thousands of devices needing network access, connecting to URLs or the vendor’s URL. How do you maintain the patches and security for those? Well, you think about that. It really creates a big headache, right? You think about the security manager or the network manager on the smart city and they go oh, I’ve got, I don’t know, just a couple of hundred devices, one access to the internet. What are these devices? What OS do they run? Who do they need to connect to? So that’s why we have different solutions, like next solutions or automatic approvals, and, and all these solutions to tackle anything as small as my home. Yes, to aspect as like a smart city. Yeah, of course of course.

Michael van Rooyen:
24:04

What’s the statistic I read recently? Most homes are kind of 30 plus to 60. Devices is becoming pretty standard and common, and of course, course, then you talk about large cities, right, but the key really is this convergence. If I then turn a little bit away from specific products we’ve been talking about, I really want to just have a further few questions with you around cybersecurity leadership. Obviously you play a significant role within Fortinet. You have the benefit of assessing new products and everything like that. What are some of the principles that guide you in your approach to product management and field leadership at Fortinet?

Jack Chan:
24:36

Very good question. I think, from a product strategy perspective, fortinet always have like two options we either build our own because we’ve got enough developers with 60 products, or we look at what technologies are out there which are new and shiny and we acquire it. So we actually do both. So, ken and Michael, I guess their philosophy around running a company is, hey, we build what makes sense and we acquire what makes sense. So, with recent acquisition of Lacework and NextDLP, that will give us additional age. Yes, that will give us additional age, and as a technology vendor, it’s almost on a bleeding age, because you are supposed to be the most innovative solution provider out there, right? So I think the great thing about Fortinet is we have lots of broad range of technology. Just look at our share price over the last 20 years, I actually joined the company before IPO and we actually halved the price of our shares and double the shares twice, right. So I guess we must be doing something right in order for that to happen.

Jack Chan:
25:39

So I think this technology cycle will continue. I mean, of course, firewall we still sell a lot of firewalls nowadays but the way it’s evolved to SD-WAN and SASE and now with the different cloud security solution, secops solution, I think, yeah, fortinet has just changed over the last 20 years.

Michael van Rooyen:
25:57

Yeah, yeah, 100% right, and it’s been timely. What the markets needed, how we want to secure this digital lifestyle, that would that we live right. So it’s really moving into that. That. That and at heart, really, fortinet is still an engineering company, right? I know some fortinet.

Michael van Rooyen:
26:11

People don’t like me saying that but realistically, you are a real engineering company, yeah, and that’s why you’re having a success and being able to develop that. And one of the key insights I got in April at Accelerate in the US was you’ve been limited on acquisitions because you don’t want to break the core fundamentals right. So it’s tempting to buy lots of organizations, but really you want to think about what it means to the software base, the code, the reliability, yeah very good point.

Jack Chan:
26:36

Like when Fortinet acquired our company, we actually try very hard to integrate it into our security fabric and that is not just kind of vendor chat speeding, I call it. But if you look at historically, hey, when we acquired Maroo for Wi-Fi, when we acquired ExcelOps, which becomes Fortisim, and Silo becomes our EDR, and all of these data lakes are starting to talk to each other and the same will happen with Lacework and NextDLP, right? No, we’re not a type of company who will buy something and just fold away the technology because they’re a competitor. So we try to really integrate it into our fabric and provide some useful scenarios and use case for our customers. Yeah, great, and one of the ideas, statistics-wise, if you look at our patents, we are like you said, we’re a very engineering-orientated company. Our patents are probably like three times as a competitor and we award I think there was a presentation from a telco team which two of the field engineers has got patents and we actually award innovative ideas within Fortinet and that really drives the culture in the vendor world. You know to be more, I guess, quoted superior.

Jack Chan:
27:40

Also, I think we share the same mentality with our partners, you know, and our partners are on clever people. You know, selectively pick. Hey, which vendor has the vision, has strategy to partner with them? And customers are clever people too. When I spoke to a lot of customers in singapore, basically I would tell them hey, of course you can pick the best of breed of everything, but then you you’ll be end up like the poor guys trying to integrate all these best of breed vendors together and then why don’t you leave it to the vendor so that you can focus on business? And that’s what actually the fortinet security fabric offers. And while we pay big bucks for marketing to name products, but we actually implement it in the product management philosophy. So it’s actually in our DNA.

Michael van Rooyen:
28:21

Yes, so is the heart of security is really awareness and training, et cetera, et cetera, as we come near the end of the session. But can you explain to me or tell me how you help customers foster a culture of security awareness amongst employees and, from a leadership point point of view, how you really do that to help in that area?

Jack Chan:
28:39

yeah, um, good question. Actually. Years ago I was actually I was a CSC, issp guest speaker for security awareness. I still remember those days. But to foster a culture of security awareness, 14 has ramped up our certification program, I think the last 10 years. We realized the need so we partnered with, like the US retired army and also Fortinet University training programs that we can roll up in tertiaries across with our partners and roll out this like new shiny program for training awareness, and we also got products that are specific in this area, like FortiFish, like 45, etc. And then we are actually, yeah, using our products every day. So maybe sometimes I accidentally clicked on a link and michael might lock on my door and go why, jerry? Why?

Michael van Rooyen:
29:25

did you do that?

Jack Chan:
29:26

so we constantly test our own solution. It’s super important, I think. I think people from the headlines, especially customers and partners, and they do realize the impact of a security breach and how important that the most uncontrollable element, yes, the human- yeah, of course.

Michael van Rooyen:
29:42

Of course. That’s where it all starts right so to some extent. A couple final questions for you jack um. What advice would you give emerging cyber security leaders who want to make an impact or get into the industry to make an impact?

Jack Chan:
29:53

wow, it’s a very broad question question, but I would say keeping up with the threads, which is very challenging. If you go to 40guardcom, our friend research center, fortunately, try to make it easy for customers. Hey, we waited out all the threads so that you don’t have to do all that type of job. Keep up with the emerging threads and know what the weakest link is. Years ago I presented at RSA, us where I show a scanning or hacking of a IoT camera. Of course we can see what the camera sees, but it was used as a scanning platform for the rest of the network. So in that particular case, your weakest link is actually not the human, it’s actually your device that talks out to the internet, your camera. It might be secure now, but the next minute someone does something silly and your network might not be secure anymore. So, keeping up with the threads, the latest hacks and how a vendor approach, a use case, I think that’s quite important, but that will kind of show you where the cybersecurity area is heading.

Michael van Rooyen:
30:54

And if you’re able to share what’s Fortinet’s long-term goals in the APAC region and what exciting developments can we expect from yourself and the team?

Jack Chan:
31:02

Yeah, so I guess, apart from the two acquisitions, I think in the next year or so we’ll try very hard to integrate those as a standalone offering, as well as information for the customers to implement, and of course this offers great opportunities for partners and end users to adopt and try new solutions.

Michael van Rooyen:
31:19

That’s pretty much what we’ll be focused on in the next year or so, Right right and sticking with your core stitching, which is fortifying people’s environments right, fortifying networks, fortifying. You know the picture better than me and look. Finally, one of the questions I like to ask all participants in the podcast is tell me about the most significant and it doesn’t have to be specifically 14-year-old related technology change or shift you’ve seen or been involved with during your career.

Jack Chan:
31:44

Yeah, I think I mean, apart from cybersecurity, you know the use of devices or AI, right? I think a good example is like my son. We do some charity, free coaching of sports etc. And when I asked him to come up with some junior development plan, the first thing he did is he typed a question in ChatGDP and that was his coaching program. So I think that the generations just grow up with different technologies now and the way they use it. I would call my friends and the Generation Z. They will ask things on Facebook. The Facebook is used by uncles and aunties now. Right, the next generation will use chat GDP and who knows what’s next? Right, in the next five years, we’re probably just at the beginning of this generative AI. When our kids’ generation grow up, a few jobs might be replaced and let’s see what jobs are left out there for us to do.

Michael van Rooyen:
32:36

Yeah, absolutely Couldn’t agree with you more. Well, that’s really it for today, jack. So, look, I really appreciate the time. Thanks for the insights and appreciate it again.

Jack Chan:
32:45

No problem. Thanks for having me. No problem, thanks.

Subscribe to Securely Connected Everything

Other Podcasts

Season Three
Have you ever wondered how time management can revolutionise Operational Technology (OT) in critical infrastructure?
Season Four
Unlock the full potential of your industrial operations with private 4G and 5G networks.
Season Four
Join us as Matt Maw shares his transformative journey from bricks-and-mortar operations to spearheading digital change in the gaming industry, promising insights into maintaining revenue streams amidst diverse regulations.