Almost every IT career has the same origin story: a knack for computer problem solving, little cash-only gigs to fix things for family and friends, a lucky break somewhere with an entry-level position, and the combination of a nimble mind and strong work ethic got them noticed for bigger and bigger challenges. Training, such as it was, happened on the job. Even now, three decades after IT support appeared as an industry – spurred by the widespread adoption of Windows and Mac personal computers for business use – the candidates we interview for open positions have mostly gained their knowledge that same way: incrementally, informally, and without overall direction.
Alternatives do exist. Short-term career readiness programs or associate degree programs from community colleges both do a solid job of supplying foundational knowledge; graduates have done something important and are ready to launch into rewarding IT careers. At Net Friends, we’ve hired fantastic graduates from both Durham Tech and MyComputerCareer, and we routinely engage with both groups because of their high-quality programs.
However, a growing gap has appeared between the kind of knowledge that existing training paths produce and the kind of knowledge that firms like Net Friends need in our employees.
Increasingly, the design and support of our customers’ IT infrastructure is a fundamental part of their risk management. The financial risk exposure to a small business from an attack on an unsafe network (or even an accidental loss) is on par with the risk from a catastrophic fire.
Just as it would be irresponsible for a real estate developer to leave the design of a multi-story office building to someone whose last project was a backyard treehouse, it would be irresponsible of Net Friends – or any managed service provider – to place the safety of our customers’ networks in the hands of an employee not adequately trained for that task.
What we need is a professional qualification for those who practice safe network design and operation.
Common IT certifications such as Security+ show only that the cert-holder understands basic security terms and concepts. Others, such as A+ and Net+, are useful for proving basic operational aptitude at the “tier 1 help desk” level – but there’s a limit to the number of tier 1 help desk personnel we need.
The limits to on-the-job training become clear when you realize how much troubleshooting amounts to “I’ve never seen this before, let me Google it.” Would you trust someone to repair the brakes on your car if they said that?
While many professions that occupy critical public safety roles – such as law, architecture, and medicine – have set up trade associations that support rigorous standards through formal, comprehensive credentialling, the IT industry has yet to establish such credentials. No standard certification exists that truly tests a candidate’s operational security preparedness, their ability to design safe networks, or their grasp of network administration ethics.
Beyond operational knowledge and ethical standards, a practitioner of safe network design needs one more tool that we rarely see in job candidates: vendor-specific training. In part, this is a chicken-and-egg problem – why invest in training for a platform before you’re hired to manage it? However, at many managed service providers, a policy of being officially “platform agnostic” reduces the incentive to specialize.
The results we’ve seen when onboarding new customers: critical firewalls configured with inexcusable security holes, a mix of incompatible devices, and an alarming lack of documentation. None of these are part of a safe network.
In the absence of an industry-wide standard, or, dare we suggest, mandatory licensing requirements, Net Friends has identified three core resources for which we require employees to receive safe-networks training before they’re allowed to manage these resources for our customers:
- Firewalls (hardware and virtual)
- Cloud-based servers such as Azure and AWS
- Security products such as Palo Alto’s Cortex XDR
Our safe networks philosophy follows a 3-step process:
- Find a specific product in each category to specialize in, such as Palo Alto Networks firewalls and HPE Aruba for network switches and wireless access points. Vendors must provide a training and certification process for each core class of product they offer.
- Supply staff the time and resources to engage the training comprehensively, including sales solutions (so we only promote and describe the products correctly), engineering and implementation (so we can design, configure, and implement the solution), and operational processes (so we can support and troubleshoot the system).
- Continue hands-on training in our Stack Lab, and through table-top exercises that stem from post-incident reviews.
To our knowledge, no MSP other than Net Friends prioritizes safe network design in this way, which speaks to the maturity of our operations and our commitment to building a strong cybersecurity culture. We invite you to reach out to Net Friends if you have any interest in engaging with a managed services provider with a deep bench of specialized and credentialed IT experts who deliver best-in-class skills and services.