If you think of the network and IT security of the future, there are signs that this is becoming more of a programmable API than a service done by network or security engineers. We are beginning to see a change in the skillset required to work in networking and IT security soon (personally I think it has been a essential skill all the way, but now we are seeing broader adoption of this).
Programming will be a essential task for anyone in IT and I think it will become much more natural to consume IT services via APIs in the future. And people will love it.
Finding the unicorn
There is a problem though, the skillset we will be looking for in the future is hard to find. I would not go as far as calling those people unicorns, but it will certainly be a challenge and there will be a huge market for them.
It will certainly make no sense to hire a unicorn (or a bunch of unicorns) to totally remodel your workflows. This will be a recipe for failure and adoption of a new model is key to being successful. Everyone I know that deals with this problem is trying to take a approach of hire and train. Benefit from the huge experience your team has and bring in new skills that fit a more modern oepration model.
What to do?
What can we as networking and cyber security professionals do about this? Here is my opinion and the things i hear from my networking and IT security peers:
- Use the right tools that fit into automation and can be completely API driven
- Recruit people that are raised cloud-native, that think infrastructure is code and know the right tools and how to interface them
- Mix those people with the experience of your experienced senior networking and security employees and create mutual wins
- Qualify your workforce to adapt to the new paradigm and give them a way to develop those skills
- Create a environment and a culture of automation
- Take the fears and worries of your employees seriously (will automation kill my job?)
- Be loved by your application teams, because they get things done much faster than before (and ideally more secure than before)
What do you think? Is network and security automation just a trend that will go away? How do you get the right people and train your employees to get there if you believe it will not go away?