What CISOs Need to Know About Network Engineering and Operations Leaders

By Editorial Team | February 21, 2020

Digital transformation (DX) is having far-reaching implications across virtually every IT function. This is certainly true for network engineering and operations. The volume and velocity of traffic being pushed across the corporate network is growing exponentially—extending from data center and corporate campus to the software-defined wide-area network (SD-WAN). Unsurprisingly, a recent study by Deloitte finds that organizations are not only focused on adding bandwidth to their networks but also exploring ways to embrace software-defined networks (SDN) and to expand their networking capabilities.

Exploring the Challenges to Network Operations

The sources of this traffic growth vary and include rapid adoption of public cloud services—led by Software-as-a-Service (SaaS)-based applications—Internet of Things (IoT), video, and Voice over IP (VoIP). Additionally, users seek to attach myriad devices—wired and wireless—to the network.

The challenges for network engineering and operations leaders go beyond funneling more traffic through the network at faster and faster speeds. To begin, all of this traffic—from various sources—requires intelligent traffic routing. Not all traffic is the same, with business-critical applications and specified users and devices requiring dynamic traffic routing to ensure low latency and maximum speed. This demands a completely new approach to network engineering and operations.

Cybersecurity Ratchets up Network Challenges

Cybersecurity is another area where change is transforming the charge of the network engineering and operations leader. DX is expanding the attack surface. Users are connecting more devices. Organizations are connecting IoT devices for telemetry and other functions. More cloud services and applications are being added—and from multiple cloud providers. We could add more to this list.

At the same time, managing all of these additional users, devices, and applications makes it immensely more complex to manage the network. A growth in the number of point security solutions, driven by the need to plug gaps in the expanded attack surface and to address new threat vectors and compliance requirements, exacerbates this situation. The resulting fragmentation of the network architecture obscures visibility, making it difficult for network engineering and operations teams to see across all of the different access points and the users, devices, and applications that are connected at each.

 

Learning and Development,Skills,Training,Strategy
Click on the above image to download a copy of “The Head of Network Engineering and Operations: A Highly Strategic and Integrated Technologist” report.

 

In addition to the above, the evolution of the advanced threat landscape, which includes more nation-state actors, increased sophistication and velocity of attacks, and utilization of advanced technologies such as artificial intelligence (AI) and machine learning (ML), makes network security an even bigger challenge.

These challenges cascade, in many instances, to the network engineering and operations function in the form of service-level agreements (SLAs), where the business requires specific availability, reliability, and performance levels. SLA requirements also extend to cybersecurity, as network engineering and operations teams assume greater responsibility due to the convergence of networking and security.

Mapping the Objective, Takeaways for the CISO

Seeking to understand how the role of the network engineering and operations leader is evolving to meet these network and security challenges, Fortinet engaged Datalere, a consultancy firm specializing in data engineering, data science, and managed analytics, to use natural language processing (NLP) to analyze and compare what employers seek in candidates as evidenced in their job ads and what network and security candidates highlight as evidenced in their resumes in terms of hard and soft skills. The objective of the analytical series by Fortinet was to gain a better understanding of the state of each of the roles in the face of a cybersecurity skills shortage—and the associated gaps that come with it.

CISO,Skills and Hiring,Skills Development

Figure 1: Top 20 hard and soft skills for employers.


CISO,Skills and Hiring,Skills Development
Figure 2: Top hard and soft skills for head of network engineering and operations jobseekers.


CISO,Skills and Hiring,Skills Development
Figure 3: Percent difference in top 20 skills listed by employers and head of network engineering and operations jobseekers.

 

One of nine occupations in the network and security fields included in the analysis was that of the network engineering and operations leader. The resulting report, titled “The Head of Network Engineering and Operations: A Highly Strategic and Integrated Technologist,” pinpoints areas of convergence between employers and job seekers as well as places of significant disparity.

For CISOs, the network engineering and operations leader is typically a peer—either in an adjacent organizational department (if the CISO reports outside of the CIO’s organization) or as an intradepartmental colleague. Understanding the top hard and soft skills organizations seek in network engineering and operations leaders provides CISOs the ability to align their cybersecurity organizations with network infrastructure and operations. It also gives them a closer view into the strengths and weaknesses of the typical network engineering and operations leader, plus the potential issues that may arise because of gaps in skill sets.

 Skills Alignment and Gaps

Datalere examined hundreds of job ads and resumes as part of the analytical undertaking. Hard and soft skills were identified, and soft skills were broken into four quadrants—1) Leadership Skills, 2) Analytical Skills, 3) Communications/Interpersonal Skills, and 4) Personal Characteristics.

One area of discernible difference between employers and jobseekers is in the level of emphasis on hard versus soft skills. Only two of the top 20 skills listed by jobseekers are soft skills, whereas soft skills comprise a little more than half of total skills listed by employers in their top 20 skills lists. Further, jobseekers include just over half as many soft skills in their resumes as mentioned by employers in their job ads.

A deeper investigation and comparison reveal that employers seek network engineering and operations leaders who embody soft skills in the Leadership and Analytical Quadrants and possess generalist hard skills. In contrast, jobseekers focus more on hard skills that are tactical, while giving short shrift to soft skills in the Leadership and Communications/Interpersonal Quadrants. And the hard skills jobseekers include tend to be more tactical in nature than strategic, such as network optimization and technical design. Another area where jobseekers are remiss is emerging technologies, which is significantly underrepresented by jobseekers, while employers cite them more frequently in job ads.

CISO,Skills,Hiring,Skills Development

Figure 4: Employer job ad soft skills quadrant matrix.

 

Breaking Down the Soft Skill Quadrants

 For employers, soft skills account for five of the 10 most-cited skills, and 11 of the top 20. Interestingly, of the nine different occupations Datalere analyzed, the network engineering and operations leader is the only position where the top 20 list for the employer had a majority of soft skills.

As the importance of the network engineering and operations leader comes into greater focus, employers are going to place a higher premium on leadership skills. Thus, employers in the job ads analyzed by Datalere list 4.8 leadership skills on average per job ad (appearing in 90% of total job ads). An average of three analytical skills and 2.9 communications/interpersonal skills are cited per job ad by employers. While cited at a lower rate, personal characteristics (2.3 per job ad on average) are also important to employers.

As noted earlier, the frequency at which network engineering and operations leaders include soft skills on their resumes is certainly less than that of hard skills. The highest reference point is the Leadership Quadrant, where the median resume lists two soft skills (and 80% include at least one).

CISO,Skills,Hiring,Skills Development

Figure 5: Jobseeker resume soft skills quadrant matrix.

 

Exploring Demographic Details

Beyond hard and soft skills, Datalere also examined education and certifications, job tenure, and gender issues. In terms of educational degrees and certifications, the data shows a divide between employers and jobseekers. Employers, in general, want candidates with advanced degrees; however, the bulk of the network engineering and operations leaders in the data pool only possess a bachelor’s degree. When it comes to certifications, employers and jobseekers are closely aligned.

The discrepancy between employers and jobseekers on advanced degrees makes sense when analyzed in light of other findings in the report—namely, as the role of the network engineering and operations leader becomes strategically more important, so do the educational requirements and expectations of employers.

In an already tight labor market, professional positions in fields such as network engineering and operations are going to be in even higher demand. As a result, professionals in these fields will have a higher rate of job-hopping compared to their peers in other fields where the demand is not as high. The analysis by Datalere reveals that network engineering and operations leaders have held slightly fewer than two jobs (1.8) over the past two years but the median have held only slightly more than two (2.3) over the past five years. This would seem to indicate that job-hopping has become a significantly greater issue for network engineering and operations leaders over the past two years.

Much has been written about the gender gap in technology in general and cybersecurity more specifically. Depending on the research source and the specific occupation in question, the gender gap in technology ranges around 20%—and it tends to be worse in certain areas such as cybersecurity. For network engineering and operations leaders, the disparity seems even more severe, with only 1.3% of resumes included in Datalere’s analysis from women. Hiring leaders and CIOs who are writing the job descriptions can certainly help improve the recruiting picture; our study showed a two-to-one ratio of male-oriented terms to female-oriented terms.

Top Takeaways for CISOs

For CISOs, this report on the network engineering and operations leader offers useful insights. Following are some of the more obvious ones that CISOs can put into practice today.

Strategic risk management

Employers want network engineering and operations leaders who possess strategic risk management skills and experience. This is good news for a CISO, who needs more peer-level proponents in the organization to evangelize and track risks in frameworks that align with business issues. That is the good news. Here is the bad news. While most organizations seek network engineering and operations leaders with strategic risk management skills and experience, most lack them—but rather are still focused on network speed, availability, and reliability and struggle to translate those into measurable risk.

Analytical approach

Our report findings indicate that network engineering and operations leaders are highly technical and analytical and communicate in those same terms. However, this terminology and mode of communication will not resonate with most C-suite leaders and boards of directors. The vast majority of them are not technologists, and they will be unable to translate technical analytics into business risk. CISOs must roll up their sleeves and work with their network engineering and operations counterparts to articulate network security issues into language the C-suite and boards of directors can understand.

Build diversity

Only 11% of the cybersecurity workforce is made up of women, and our research seems to show it is even worse when it comes to network engineering and operations. The need to build diverse teams goes beyond corporate and social responsibility. Research shows that diverse teams, including those with greater levels of gender diversity, are more creative, innovative, and profitable than those teams that lack diversity. To correct the current state of affairs in cybersecurity and network infrastructure and operations, CISOs need to partner with their leadership counterparts in network engineering and operations to increase the pool of female candidates.

Focus on emerging technologies

There is a lot of transformation taking place with network infrastructure and operations, and the CISO needs to ensure that security measures are integrated into each of them. DX-driven initiatives can derive substantial business value; they can also introduce significant risk.

For example, SD-WAN can reduce bandwidth costs by moving traffic from expensive MPLS to the public internet while improving network performance (as traffic no longer needs to go through the corporate data center). But it can also introduce significant risk if the right security protections are not built into the SD-WAN solution. Here, the CISO needs to team with the network engineering and operations leader to determine risk and map out a solution that includes integrated security components.

Understand where the network priorities are

Findings from the analysis conducted by Datalere, coupled with external reports on network infrastructure and operations, indicate employers want their network engineering and operations leaders to prioritize around a few different things—technical design and architecture, operations, and security and compliance standards.

Studies demonstrate that getting the right network security architecture in place is a fundamental starting point. With employers highlighting technical design and architecture as a key focus for network engineering and operations leaders, CISOs have an opportunity to gain support for their efforts in this area. The same is true in their efforts to integrate network and security operations and to adopt security standards such as the National Institute of Standards and Technology Cybersecurity Framework—areas that also percolate to the list of top priorities for network engineering and operations leaders. 

Ignore the Data at Your Own Peril

No organizational function can reside in its own silo and succeed today. While the network engineering and operations leader and CISO may report to different C-suite executives in many cases today—the network engineering and operations leader to the CIO and the CISO to the CEO, board of directors, or other executives—significant synergies and opportunities between the two leaders and departments they lead exist. Specifically, network infrastructure and operations and cybersecurity are inextricably intertwined, and CISOs who ignore the marriage do so at the peril of their organizations and themselves.