Soon after his induction into the 2024 class of Cyber Defenders, we caught up with Steve Hoffman, who is president at Fortinet Federal, for his take on cybersecurity opportunities and challenges, with the promise of continued zero trust adoption high on the list of plusses, and the double-edged sword of artificial intelligence tech still mostly posing question marks on the near-term horizon.
MeriTalk: Congrats on your Cyber Defenders Award, Steve! Please tell us a little bit about what you do at Fortinet Federal and the company’s security work.
Hoffman: In my role as president of Fortinet Federal, Inc., I lead a team of engineering, business development, sales, and systems support professionals who are dedicated to delivering proven cybersecurity and networking solutions to the U.S. Federal Government. I’ve helped establish Fortinet Federal with the sole objective of helping agencies identify, mitigate, and prevent malicious attacks on their data, networks, and operational environments.
To put it more simply, every day I focus on meeting the advanced mission and security requirements of civilian, defense, intelligence community agencies, and the Defense Industrial Base.
MeriTalk: In the bigger picture on security, what are some recent policy and tech trends you are seeing that are helping to improve security and that we should be doing more of?
Hoffman: It’s been really encouraging to see the public and private sector partnerships that have bloomed around federal cybersecurity. From sharing threat intelligence to engagements like the Secure by Design pledge, it’s important for industry and government to work together and we’re seeing that more and more of that these days.
Beyond that, Zero Trust implementation has been the biggest federal cyber initiative over the last couple years and that’s not going to change. While the focus has been on planning and ideation, agencies — at their own individual paces — are now moving toward actual implementation.
For that to be successful, there needs to be a defining vision and concrete goals. The agencies that have already had success implementing Zero Trust have had one thing in common — they coalesced around a common understanding of where they needed to go and settled on defining what capabilities, products, policies, processes and solutions could get them there.
MeriTalk: Also in the bigger picture, what looms large for challenges in improving security?
Hoffman: It’s no secret that artificial intelligence is a double-edged sword. It could prove to be our greatest asset in fighting cybercrime and defending federal networks. AI when used appropriately with the right amount of data can provide incredible new capabilities. And to be honest, we’re probably still just seeing the tip of the iceberg, a foundational glimpse into the future.
However, we need to be aware that AI could also be used against us to break into those very same networks we’re using the technology to protect. AI has supercharged the attack surface to a scale and speed we’ve never seen before. Code can be created quickly and efficiently using AI which significantly lowers the bar for cybercriminals looking to launch an attack.
And while some agencies in the defense and intelligence communities have started doing the work to understand how to better defend against this new breed of attacks, there’s still a lot to learn for the broader federal community. This is surely already a big focus and will continue to be in the coming years.
MeriTalk: How did you find your way to the tech security field, was it something that always seemed like a natural path or was the path more complicated?
Hoffman: When I graduated from the University of Maryland in 1990, I was fortunate to land a position with Bell Atlantic and spent the first portion of my career with the company designing network technology for the Pentagon. From there it wasn’t much of stretch to wonder how you secure those networks. So, for the last 15 years, my primary mission has been to deliver trusted, reliable and resilient infrastructure to secure U.S. Government IT environments.
MeriTalk: And finally, what do you enjoy doing in “real life” that doesn’t have anything to do with technology and security?
Hoffman: When I am away from the office, I enjoy boating and fishing on the Chesapeake Bay and dining with my wife in Annapolis. I’m also a big Baltimore sports fan and enjoy cheering on the Orioles and the Ravens.