How Fortinet’s Burnaby-based teams are saving the world from cybercrime

“We were there on day one when this stuff was still on GitHub,” Derek Manky says to a packed boardroom at Country Hills Golf Club in Calgary. Manky, like myself, had made the trip one province east to attend Fortinet’s Tech Expo and the Fortinet Cup Championship. My itinerary mentioned that there would be a collision of different worlds, exemplified by the two distinct events. The former is cybersecurity, Fortinet’s bread and butter. The latter is golf, the company’s champagne: the Championship is the ultimate tournament in its season-long golf sponsorship.

While I was part of the pack crushing coffee and eyeing the boujee divot tool that came in our swag bags, Manky was delivering the keynote. Different worlds, indeed. Manky is Fortinet’s Burnaby-based chief security strategist and VP of threat intelligence. His ties to his local community are strong, being not only located east of Boundary road, but educated there too. He still supports his alma mater, BCIT, by holding a position on its cybersecurity committee. 

Joining Manky in Burnaby are development, customer support, product management, and quality assurance teams. There’s also a major data centre. Those employees work out of a tech campus just off Highway 1, with a massive sign with the company’s name well-positioned near the Grandview Highway onramp. It’s the global business’s biggest office. Fortinet’s products are developed and built in-house hen sent across the world to its customers. Thirteen million threats per minute are detected, and Fortinet’s AI knocks out 99.99 percent. 

It’s a key facet of Manky’s day job. He leads the 500-strong global team behind FortiGuard: the global threat intelligence and research organization at Fortinet. It’s all powered by AI — a piece I found intriguing. I knew that the tech was the apple of investor’s eyes, and of its association with mining or healthcare. For whatever reason, though, cybersecurity and AI hadn’t connected in my brain. If anything, I thought it would be solely seen as a threat.

But, like Manky’s earlier quip about GitHub, Fortinet is not new to the AI game. It’s true to the AI game. 

I asked him to elaborate further. “How much time do you have?” was his cheeky retort.

AI started to become a buzzword at conferences he attended around 2010, Manky said. A year later, Fortinet implemented its first iterations of it into the company’s tech as an antivirus tool (that's how Fortinet can detect zero-day attacks or zero-day malware.) Manky said that at some point, someone's going to be hit with these attacks. So, the question becomes, ‘How do you actually detect that?’ 

All this work — over a decade’s worth — has taught Manky and co. what the most important aspect of AI is: time.

“You can't just set up an AI system, Manky pointed out. “I see a lot of startups say, ‘Hey, we're experts in AI. This is our model. We're doing this now.’ It actually took us five years until we could release it into production. But we [at Fortinet] did get a head start.”

That 500-strong team he works with? They're still actively training Fortinet’s AI system. That's a large part of the cohort’s job. 

“We don't replace them as they train the AI systems,” Manky explained. “It’s a simple process. It's supervised learning. It's like a teacher and a student, right? Where it has a data set, we give it a new virus. We give it a virus and we analyze it. We give it a file and we analyze it, and ask, ‘Is this a virus? Is this a problem?’” 

The AI would then report back if it was malicious or clean. Fortinet does that thousands and thousands of times, until the AI starts associating the different fields, features, and characteristics of the inputs, and learns what is malicious or not. The company then uses incentivized learning to reward its AI or reprimand it when wrong, allowing it to learn from its mistakes. According to Manky,“It’s a rinse, wash, repeat thing.”

I was curious, then, more about the humans than the computers. How did Manky find working with such a large team that’s spread across the globe? What challenges did he face? 

“There’s actually more solutions, I would say,” Manky countered, with a smile. “Because, I mean, it’s what we need to do. When it comes to the problem we solve, we often say that cybercrime has no borders. It's also interesting, because when you speak to law enforcement, they say, “Well, borders are there, though, they’re just man-made. The challenges that we have are there because cybercriminals can disregard them. We have to adhere to them.’”

So, having people worldwide in different locations — yet working on similar projects — is really important to Fortinet. Manky shared an example of people on his team who will find an issue in the Asia Pacific that is being carried out by servers here in Canada. That's the solution piece. Without that, Manky pointed out, Fortinet would have huge visibility gaps.

But the challenges, Manky did admit, are bringing the people to the data and ensuring the whole team is on the same page. It’s difficult to give — or even receive — proper top-down support. And challenges also arise because, even though there's a lot of goodwill out there for the work that Fortinet does, it’s hard to get buy-in the world over.

Cybersecurity is treated differently everywhere. So is business. ROI metrics aren’t a universally-spoken language across countries or industries. There's a lot of how do I do this? or do we have the tools to do this? in Manky’s world. It’s hard sometimes, too, he says. But, he mentioned both to me and in his keynote that he’s sleeping better these days. So what has the same effect as melatonin for Manky? 

“I just feel more confident that we're making progress towards success,” he explained. “It can be scary, right? Because if we don't do anything… We've had really bad wildfires here [in B.C.]. If you don't contain these things, you’re not able to control it. You have to be on the front lines. That's us [in cybersecurity]. We are the first responders in the industry. We literally do incident responses. The police actually don't go and do that. It's us. We’re breaking down doors.”

Manky’s favourites are the ones that actually lead to action when the doors broken down directly correlate to arrests carried out. One such was a Canadian incident where hackers had tapped into accounts payable, rubber stamping $70 million in funds. In another example, Fortinet’s analysis tools were used to obtain a warrant in Nigeria. The analysis was so important to the case that Manky was asked to present the work. 

Among the usual fare that comes with a work trip, Manky was offered bodyguards for his visit to the African nation. Fortinet’s work was able to take down the kingpin of the operation. But, there were still an estimated 50 underlings at large in the country. That, then, became one travel request that Manky couldn’t deny fast enough. 

While he isn’t pining for a trip to Lagos anytime soon, he did get himself — like yours truly — to Calgary for the Tech Expo and the Fortinet Cup Championship golf tournament. The company inked a deal with the Tour in 2022 to sponsor the season-long points competition, the Fortinet Cup, and be the title sponsor of its season-ending and flagship event. The business will also be donating the proceeds from the Fortinet Cup to benefit non-profit organizations in the areas of STEM, inclusion and diversity, and veteran reskilling programs.

“We are extremely excited to partner with Fortinet as PGA Tour Canada returns to a full schedule,” said the golf organization’s executive director Scott Pritchard in a release. “The Fortinet Cup will give players a week-to-week gauge of how they’re doing, with significant benefits available to them, thanks to Fortinet.”

I couldn’t help but ask Marc Asturias, Fortinet’s VP of marketing, when it would be setting up a Championship here in Vancouver. Our former managing editor Nathan Caddell inspired my question as I reread his coverage. “Our only gripe?” wrote Caddell. “That the parties could find a spot for the championship in B.C. instead. Oh well, maybe next year.” Sadly, “next year” ended up being Calgary. So, I nagged Asturias. 

“Vancouver is very near and dear to us,” he assured. “We have Burnaby, which is where our largest global office is. It would be really amazing to be in Vancouver and hopefully, we'll get to do that in upcoming years.”

Towards the end of our chat, Asturias doubled down.

“I will put this out there in writing. We will do our very best to come to Vancouver.”

Feeling more settled, I went to check out the golf. As I watched, I couldn't help but think back to that itinerary’s disclaimer that these worlds of golf and cybersecurity were so different. The sport demands that its players identify threats. The hole we were situated at featured a well-placed bunker and a green known as a false front. This means that a portion of the landing surface that, while appearing to be safe, is actually too steep to stop the ball. A golfer would talk with their caddy to identify this hidden threat and discuss the best course of action to mitigate it. 

It’s not dissimilar, then, to a phishing attack. Something that is seemingly safe is rife with danger. Fortinet’s analysts are the caddies of the business world. They help identify those blatant threats like bunkers or phishing attempts like false front greens. 

Maybe these worlds aren’t so different after all.