In this exclusive interview, Petko Stoyanov, the Global CTO at Forcepoint, speaks about their new Forcepoint One offering, the evolving security threat landscape, the skills gap in the industry, and more

You recently conducted the Forcepoint One event. What was it all about?
We announced Forcepoint One way back in February 2022, globally, as a marketing event. And then on, we started focussing on regional events. At the UAE event, we had over a hundred people attending the event and we’ve definitely had a lot of interest in Forcepoint One. We spent some time with our customers at the event, understanding their challenges and explaining how Forcepoint One is a better way to access the internet securely – not just the Internet or cloud, but also private applications.

During the pandemic, many people were working from home and though they wanted to be productive in a new working environment, they lacked the tools. So, the users started using tools they weren’t supposed to. However, if we had visibility into that and gave the users control over the data they could use, it would have been amazing. That’s what is unique with Forcepoint One – we have centralised the management.

In doing so, we don’t need all your data. Your data stays with you and we want to give you control over the data that matters to you. So, the beauty of our solution is centralised management, distributed enforcement of security, and data loss prevention, and just visibly at the same time.

Another pain point customers are facing is hiring the right talent. For managing cybersecurity products and solutions, one needs to be a CSSP. However, the number of certified professionals in this region is far lower than the demand. There is a precise skill gap in this industry that needs to be tackled. We need to change how we approach cybersecurity and hiring.

How has the security threat landscape changed over the past couple of years?
Well, it has changed even in the last two months. We are seeing lots of geo-political tensions everywhere and these instances are being used as a reason to attack government installations, utility services, oil and gas installations, banking systems, telecoms, and so on.

The safety we feel here in the UAE is because of the regulation we have in place, which is a lot of ways, applies to cybersecurity. Regulations also drive other things globally. At Forcepoint, we offer many tailor-made solutions for such industry verticals. Our data loss prevention solutions are used by some of the largest organisations in the world and our threat prevention capabilities are used to protect some of the most sensitive networks in the world.

In terms of the skills gap you mentioned, what do companies need to do to solve this?
I think there are two problems with this. One is the demand issue, where we don’t have enough people to fill up the specialised jobs available. So we’ve got to train more and more professionals so they are qualified to take up such critical jobs. Another problem is that most companies are hiring the wrong set of talents for job openings. We need to list out the job criteria that make sense.

Do not hire someone who is a jack of all trades – he/she will always be a master of none. Companies need to ask these questions. Why do I need that certification? Why do I need 20 years of experience in cybersecurity? Why do I need expertise in a 10-year-old language that is going to be non-existent in the next couple of years? So I would say, companies need to start asking questions about their hiring rates, making sure they have the right talent for the right job.

I think there are multiple things we’ve got to do as an industry. We’ve got to educate more customers so they make sure they have the right people for the job. They need to understand that you do not require a Ph.D. to go configure a router or configure something on the network. You shouldn’t be spending months deploying software. It should be done in days not months. And that is exactly what Forcepoint One is tackling.

What is your take on the Zero Trust Framework?
So, I’ve been working on the Zero Trust concept for the past three years. The US government’s been using it extensively. And the way they started is, they started actually started using Zero Trust almost 10 years ago. Zero Trust is what security should have been from the beginning. Because you’re applying security and controls only to the data – so users need to only access what they need to. But there are multiple layers of security in Zero Trust.

There’s Zero Trust where we need user data. There’s Zero Trust where you need the device. And then there are applications. You want to make sure that the user, the device, and the application have access to data, but also ensure at the same time that any data that goes to those users and devices are authorised. So it’s in many ways, applying the concept of what’s known as least privilege to the data element, the device element, the application layer, and the user.

Do you offer certification programs for your channel partners?
Yes, we do offer certification programs to make sure channel partners are at the forefront of everything we do. We are also investing a lot to make sure this happens – in the last 18 to 24 months, we’ve doubled the size of our team here. We keep our training and certification programs simple, so when our certified partners go to a customer, they know what they are talking about in order to suggest solutions to solve their issues.

What were your learnings from last year and how are you using those to better your strategies for this year?
So, in January 2016, Forcepoint spun out of Raytheon. Even though we are now an independent company, Raytheon still uses our software and hence they are our customers. So, as soon as we went on our own, we got into an acquisition mode – buying technologies and companies that complemented our ecosystem of solutions.

Our strategy has always been to invest in new solutions that complement our existing set of solutions and offer a complete end-to-end solution. So today we are capable of integrating additional solutions such as RBI, CDR and ZT, and so on. So all of these are being offered as a bouquet of services through our management platform.