Q&A with CTA Founding Member Ken Xie, CEO and Chairman of Fortinet

What inspired you to found CTA?

In addition to increased performance and integrated technology solutions, IT teams need access to real-time threat intelligence to quickly detect and identify threats and automatically respond at digital speeds. 

Prior to founding the Cyber Threat Alliance, higher-level intelligence was historically out of the reach of most companies. To address this challenge, cybersecurity leaders from across the industry came together to form the Cyber Threat Alliance. Our purpose was to share threat information so we could achieve two things. First, even though we were competitors, together, we could develop and maintain a complete view of the threat landscape bringing together our collective intelligence. And second, sharing threat intelligence would allow us to better protect our customers, advance the cybersecurity of critical IT infrastructures, and increase information systems’ security, availability, integrity, and efficiency.

What do you hope to accomplish as a member of CTA’s board of directors?

The Cyber Threat Alliance is the first industry trade association designed exclusively by and for the cybersecurity industry.  Collaboration is at the core of CTA’s mission, which may seem strange given that we are all competitors. But collaboration, cooperation, and disclosure are essential pieces of the process that can only be accomplished by organizations coming together around a common goal.  

Has CTA lived up to your vision?

The threat landscape is dynamic and constantly changing and organizations need to move quickly to stay ahead of increasingly sophisticated threats.  As more organizations have joined this cause, our defenses and resources have naturally grown as well. This helps us come closer to achieving the vision of CTA as a global hub of cybersecurity information and defense, providing IT teams with access to real-time intelligence to protect their customers.

Of course, CTA’s vision will need to grow and adapt as the security landscape evolves. Improving critical resources and fostering collaboration will bring new ideas and spark more innovation from organizations across the board, especially when they are willing to work on new defense methods together. Overall, CTA has lived up to our initial vision, but as the scope of the challenge expands, there will always be more to accomplish.

What role does CTA play in the global sharing ecosystem? Is that different from other sharing activities?

The Cyber Threat Alliance serves as the foundation for an effective global sharing ecosystem. We don’t share threats directly with end-users. Instead, we provide CTA members with live threat data, threat updates, and detailed reports on everything from the latest outbreaks to the techniques and strategies used by cybercriminals. This information is then added to the threat feeds individual members then share with their customers.

Our top concern is protecting the common good of the internet, and that requires coordinated efforts that allow the sharing of intelligence to combat sophisticated global cyberattacks. By bringing together industry competitors to contribute their unique threat insights, the CTA builds an enriched understanding that helps organizations provide enhanced protections against global attacks. CTA members are better able to protect their customers in real-time and prioritize their resources based on collective knowledge.

Additionally, the alliance aims to improve the cybersecurity of the global digital ecosystem by significantly reducing time to detection and closing the gap in the detection-to-deployment lifecycle.

Is there a particular program at CTA that you are most enthusiastic about?

In my mind, the sharing model is the most essential aspect of the CTA. It was developed to increase the impact of intelligence collected by different organizations, enabling it to be scaled across the global ecosystem of threat data. This model allows CTA members to share timely, actionable, and campaign-based intelligence that can be used to improve products and services to better protect their customers, systematically stop adversaries, and improve the security of the digital ecosystem.

Where do you see CTA in 5 years?

The CTA started as an informal agreement between organizations. But as it grew, it eventually needed to be run by an independent organization. This model allows CTA to serve as a blueprint for more collaboration across the globe, not only with corporations but also with the public sector. I anticipate that the CTA’s sharing model will continue to evolve and develop. More and better data will allow CTA to do things like develop fingerprints for attackers and known cybercriminal organizations that will help member organizations better identify and stop threats. And as the CTA expands its members—and contributions from its member organizations—additions will be made to the sharing platform that will allow the CTA to grow its initiatives and expand its global reach to more organizations around the world.

Where should CTA focus next / what should be CTA’s next priority?

While a monumental event such as COVID-19 is rare, it has challenged common perceptions about how organizations handle cybersecurity and how employees should operate within corporate networks. The CTA needs to help member organizations continue to develop a more global perspective of attackers. This insight was essential in assisting organizations in gathering data and improving customer defenses due to their rapid transition to a new work paradigm during the pandemic. But as this shift to hybrid work becomes permanent, device security, hybrid networks, and the need to protect critical infrastructure moving between clouds, home networks, data centers, and the campus network make it more difficult to provide all-encompassing security. CTA’s next priority is on securing “work from anywhere” and how global threat intelligence sharing can provide a security model that can work on multiple levels and locations of access.


A cybersecurity expert and successful entrepreneur, Ken Xie is Founder, Chairman and CEO of Fortinet, the global cybersecurity leader. Fortinet’s broad portfolio of solutions spans network, infrastructure, edge, cloud and IoT, serving approximately 70 per cent of the Fortune 100 as well as Governments around the world. Its Security driven Networking approach combines security and networking to deliver the most advanced, AI driven protection across the entire attack surface. Fortinet is the third cybersecurity company founded by Ken that has been instrumental in shaping the cybersecurity industry. His second company, Netscreen developed the industry’s first ASIC and dedicated hardware systems for high-performance firewalls and VPNs and was acquired by Juniper for $4 billion. Ken earned an M.S. degree in electrical engineering from Stanford University and B.S. and M.S. degrees in electronic engineering from Tsinghua University. He is a member of the National Academy of Engineering. Ken is a member of the board for the Cyber Threat Alliance and the Center for Cybersecurity for the World Economic Forum.

Back to News