For years, the cybersecurity industry has repeated the same warning: there are not enough qualified people to fill the jobs that need filling. Global estimates of the shortfall have run into the millions, and the default corporate response has been to compete harder for the same narrow pool of credentialed candidates, often by simply outbidding rivals for the same names.

[For more news, click here]

Fortinet has spent the past decade testing a different theory, one that treats the talent gap less as a recruiting problem and more as a production problem. This year, that theory produced a number worth sitting with. The company has trained more than one million people in cybersecurity over five years, fulfilling a pledge it made in 2022 and reaching the goal before the end of 2026.

The milestone is not just a marketing line. It is a data point in a much larger argument now playing out across the technology industry, particularly in the United States, where boards have started treating cybersecurity readiness as a measure of operational maturity rather than a back-office expense. The question that argument turns on is simple. If there are not enough trained people, where do they come from? Fortinet's answer is that you build them, deliberately and at scale, rather than hoping to hire your way out of a structural shortage.

A Decade-Long Bet That Predates the Pledge

Fortinet's commitment to workforce development did not begin with the 2022 pledge. It traces back to 2015, when the company established its NSE Certification program to deliver practical, real-world cybersecurity skills rather than abstract theory. That decade of groundwork matters because training programs built quickly to capture a headline rarely hold up under real demand. The Fortinet Training Institute now supports learners across the entire career arc, from people exploring the field for the first time to experienced professionals deepening specialized expertise in areas such as network defense, cloud security, and secure access. Reaching one million trained individuals, in other words, is the visible result of infrastructure that has been compounding for more than ten years.

Why Certifications Still Carry Weight in a Fast-Moving Field

It would be easy to dismiss certifications as resume decoration, but the data suggests employers treat them as something closer to a screening mechanism in a field where the underlying technology changes faster than most hiring processes can track. The 2026 Fortinet Global Cybersecurity Skills Gap Report found that 91 percent of IT decision-makers prefer candidates with technology-focused certifications, and 92 percent said they would pay for an employee to become certified. Separately, Fortinet's training and certification site reports that 91 percent of organizations prefer to hire certified candidates, and 85 percent of IT decision-makers say someone on their team already holds one.

Those numbers describe a labor market trying to solve a verification problem. When threats, tools, and job requirements shift as quickly as they do in cybersecurity, a credential becomes a faster way for an employer to confirm a baseline of practical capability than a resume or an interview alone can provide. That is also why 73 percent of respondents in the same report say their boards now treat cybersecurity as a high business priority, even as hiring challenges persist. Visibility at the board level raises the cost of getting the talent question wrong, which in turn raises the value of any mechanism, like certification, that makes hiring decisions more reliable.

The AI Variable Changes the Calculus

Artificial intelligence complicates this picture in a specific way. It is simultaneously the thing security teams must learn to defend against and a tool reshaping how that defense gets built. The skills gap report found that 92 percent of organizations are likely to invest in AI-related cybersecurity training or certifications over the next twelve months, a figure that reflects how quickly the threat landscape has absorbed AI-driven techniques into everyday attacks, from automated reconnaissance to more convincing phishing campaigns.

That shift matters for American enterprises in particular, where cloud adoption, hybrid work, and increasingly complex digital operations have already stretched security teams thin. A workforce trained only on yesterday's threat models is of limited use against an adversary that is iterating in real time. Training pipelines built around static curricula cannot keep pace, which is part of why Fortinet frames its certification structure as an ongoing pathway rather than a one-time qualification.

A Skills Gap That Hiring Alone Cannot Close

The deeper argument embedded in Fortinet's milestone is that traditional hiring pipelines were never going to solve this problem on their own. There are not enough experienced cybersecurity professionals already in the workforce to meet demand through recruitment alone, which means the talent pool itself has to expand. Fortinet's approach leans on several channels simultaneously: upskilling employees already inside an organization, reskilling people coming from adjacent technical fields, and supporting students and career changers entering cybersecurity for the first time.

This is a meaningfully different strategy than the one most of the industry defaulted to for the past decade, which treated talent scarcity as something to be managed through compensation and competitive poaching. Training at this scale is closer to infrastructure investment than recruiting spend, and it pays off on a longer timeline. But it also produces a more durable supply of skilled workers, one that does not evaporate the moment a competitor offers a larger signing bonus.

Momentum, Not an Endpoint

Fortinet has been explicit that it does not consider one million trained individuals a finish line. The Fortinet Training Institute plans to keep expanding access to practical cybersecurity skills, recognized credentials, and structured pathways as digital environments continue to grow more complex. For an industry that has spent years describing its talent shortage as an unsolvable structural problem, that is a notably concrete answer. It will not close the gap by itself, but it offers a working model for how the gap actually gets smaller, one trained professional at a time.

Related Articles:

The AI Systems Enterprises Are Deploying Have Become the New Attack Surface

UAE Organisations Show Stronger Resilience Against Cyber Attacks

Exclusive: Edera Targets Kubernetes Security Gaps in Multi-Tenant Environments