Fortinet CISO And Trusted Customer Adviser Phil Quade Leaves
Quade reported directly into Fortinet CEO Ken Xie and spent four years driving the company’s information security strategy, expanding its federal business and serving as a strategic adviser to customers.
Fortinet Chief Information Security Officer (CISO) Phil Quade has departed after spending nearly a half-decade helping government and large enterprise customers formulate their cybersecurity strategy.
Quade joined Fortinet in early 2017 from the National Security Agency (NSA), where his responsibilities over more than 30 years included representing the agency at the White House and overseeing classified information systems and nuclear codes. Fortinet tasked Quade with driving the company’s information security strategy, expanding its federal business and serving as a strategic advisor to customers.
Quade led the strategy and expansion of Fortinet’s federal and critical infrastructure business, ensured the company’s compliance with the latest information security regulations and standards, and reported directly into Fortinet founder, Chairman and CEO Ken Xie. He also served as a strategic consultant to C-level enterprise customers and partners to help inform their product development and innovation.
“I have resigned as CISO effective today,” Quade wrote on LinkedIn May 28. “It’s been a pleasure working with you in that capacity, and hope to run into you again in our collective goal of keeping the nation’s (and our allies’) businesses, infrastructures, governments, and personal information safe, trustworthy, and productive.”
Quade didn’t respond to a CRN request for comment. Fortinet confirmed to CRN that Quade left the company to pursue other opportunities, and the company didn’t respond to questions about who will replace him.
“We have a broad bench of internal CISOs and expect this to be a smooth transition without any impact to our partners,” Fortinet said in a statement. “We thank Phil for his contributions during his four years at Fortinet, and wish him the best.”
Early in his time at Fortinet, Quade helped the company push beyond its traditional SMB customer base and into the midmarket and enterprise by leveraging the company’s marketing spend and holistic fabric approach. “The large and midsize companies need to up their game and demonstrate their ability to do serious cybersecurity,” Quade told CRN in February 2018. “So that creates an opportunity for us.”
Unlike enterprises, Quade told CRN that midsize companies typically can’t afford to do their own independent testing and instead rely on third-party experts to assess the efficacy of vendor products. One of the things driving demand for more simple and robust platforms like Fortinet has been the expansion of compliance standards beyond financial matters and into the world of cyber, Quade said.
A year later, Quade told CRN that enterprises are no longer buying huge volumes of security products and have instead invested their time and energy into ensuring the core products in their ecosystem work well together. Products must be designed from the beginning to integrate and work together well, Quade said at the time, and orchestration cannot just be attached later on as an afterthought.
As ransomware actors began targeting solution providers, Quade in April 2019 urged MSPs to pursue well-defined segmentation to help prevent, minimize the scope of, or recover more quickly from nation-state attacks. Partners must balance the desire to maximize protection by segmenting off everything with the operational challenges excessive segmentation introduces into the IT ecosystem, Quade said.
During his time at Fortinet, he praised former National Intelligence and NSA Director Mike McConnell for his understanding of both foreign threats as well as what’s needed on the commercial side to take on those threats. Officials with an intelligence background like McConnell can easily inject their perspective from dealing with bad actors on a routine basis into the commercial side of a business, Quade said.