Day Two Cloud 189: The Cloud Network Engineer Career Path With Kam Agahian

Today on Day Two Cloud we explore what it takes to transition from traditional networking to a career as a cloud network engineer. Guest Kam Agahian shares insights from his own career journey about what’s the same and what’s different between on-prem and cloud networking, what skills might you want to pick up to make the transition, where cloud networking and security intersect, recommended certifications, dealing with SD-WAN and Networks-as-a-Service (NaaS), and more.

Kam is Director of Cloud Engineering at Oracle Cloud, but this is not a sponsored show. Kam is here just as himself.

We discuss:

• Differences and similarities between on-prem and cloud networking
• The role of NetOps and/or Infrastructure as Code in cloud networking
• Whether it’s easier for a traditional network engineer or a cloud-focused person to make the leap
• Networking skills that will translate well to the cloud
• Labbing and learning suggestions
• Certifications
• More

Show Links:

@kagahian – Kam Agahian on Twitter

Kam Agahian on LinkedIn

Cloud Network Engineering: A Closer Look – NANOG (via YouTube)

How to Break into a Cloud Engineering Career? – Kam Agahian via Packet Pushers

All of Kam’s Packet Pushers posts

The Mechanics of Regret (Demo 2001), by incite – Bandcamp (if you miss the Day Two Cloud musical intro)

Transcript:

[00:00:01.490] – Ned
Hey, everybody, this is Ned with a quick note about Day Two Cloud. We’ve decided to drop the intro music for future episodes. Some folks found it a bit jarring, and you know, that’s not a good way to start your podcast experience. So we’ve decided to skip the music and get right to the important stuff, the awesome guests and their epic knowledge. If you’d like more metal in your diet, we’ve added a link to the show notes for this episode to the bandcamp site that has the entire song and the EP it’s from, would you believe it’s, 22 years old. Wow. Anyway, thanks to everyone for the feedback. If you have suggestions, comments, et cetera, please don’t hesitate to reach out via Twitter or the contact form at multicloud IO. Thanks, everyone, and enjoy the episode.

[00:00:48.590] – Ethan
Welcome to day two cloud.

[00:00:50.260] – Ethan
We got a career show for you today that is how to be a Cloud Network Engineer. I was at Nanog North American Network Operators Group. Their meeting that they held in February 2023 down in Atlanta, and I heard Kam give a talk on this topic, and it just interested me so much and a lot of his slides and his ideas that we invited him to come on and have a chin wag about it. So this is not a rehash of his talk? Exactly. You’ve already heard that talk at Nano. We took it in some different directions and got some more details and angles from Kam. Didn’t we, Ned?

[00:01:22.870] – Ned
Yeah, I really wanted to differentiate what is a traditional network engineer versus the cloud network Engineer, and also what additional skills a cloud network engineer should pick up that you might not already have. And he had some interesting responses to that.

[00:01:38.400] – Ethan
Yeah, he definitely did. Now, Kam wanted us to make one other point, which is this is not a sponsored show. This is just Kam talking as Kam. Kam works for Oracle Cloud, but this show was not sponsored by Oracle Cloud, just to make that very clear for everyone. Okay. Enjoy this conversation with Kam Agahian. Kam Agahian, I don’t even know if I got that right, Kam, but anyway, how close did I get? And tell me how close I got on your last name and then tell us who you are and what you do.

[00:02:06.230] – Kam
That was perfectly fine. Yes. My first name is Kam, last name Agahian, and I’m director of cloud engineering with Oracle Cloud. I’ve been in this field for almost 25 years, and, well, that’s what I do as a full time job. Also part time, I work as a certified personal trainer and blogger and a member of Nanog program committee. So pretty busy.

[00:02:31.630] – Ethan
Yeah. Nanog is where I heard the talk that inspired this conversation we’re going to have in this podcast today, talking about what a cloud network engineer is as you’ve kind of identified this as a role here. So you can go up if you’re listening to this. You can go up to NANOG’s channel on YouTube and find Kam’s talk here. So we’re not going to talk through that talk?

[00:02:52.460] – Kam
Exactly.

[00:02:53.050] – Ethan
Slide for slide or anything. We’re just going to have a conversation based on the presentation that Kam gave at Nanog. And Kam, I want to kick this conversation off with something I was taking from your presentation. I want to understand in more detail here. Were you making a distinction between the traditional network engineer and a cloud network engineer? As if those were two separate roles? Because in my mind, I’m like, well, who’s taking care of a company’s cloud networking if not the Network engineers?

[00:03:20.120] – Kam
Exactly. That’s a great question. In fact, we do. Yes, there is a clear distinction between the two. However, there’s still very strong overlap, and it’s very interesting story if you kind of take a step back. Let’s go back to the 90s when I started as a Network Engineer, you’re responsible for pretty much everything it related. I was responsible for Apache servers. Is servers scoot servers or proxies. And in Mail servers, it really doesn’t matter what Exchange or Send mail. That’s your responsibility. On top of that, we also have traditional networking skills OSPF BGP, ISIS, maybe some experiments as well. But Network Engineering evolved over time, and multiple different groups of people branched off. The first group you have systems Engineers. They decided to have their own field, completely separate field. Today, if someone is a systems engineer, you know exactly what they do. They’re not a small separate Cfmbgp. Same story about NDEs or network developer engineers. They learn Python other coding languages, and they’re more now focused on that field on a newer trend recent years, cloud Engineering, or CNE or Cloud Network Engineering. That’s another evolution of the same trend. I guess so, yeah.

[00:04:41.840] – Kam
That’s a big tree, and it’s one of its branches to be a CNE or Cloud Network Engineer.

[00:04:49.770] – Ned
Okay, when you’re describing a Network Engineer, back in the came in in the early two thousand s, and it was a similar sort of situation. I started as a desktop support person and then became a Systems engineer and then a Network Engineer. And the only difference between the titles was now I was just responsible for more things. It’s not like anything got shuffled off my plate. It was like, no, now you get to do all the other things on top of it.

[00:05:14.810] – Kam
Exactly. Even things like security. Security was a big part of your responsibilities. Go ahead and configure your firewalls. Proxies are security too. Identity recently? Not very recently, but we do have identity teams. Teams responsible for tokens and all those things. Back in the days, Network Engineer was responsible for all that, but got changed, evolved. And we have different branches. Yeah. CNE or Cloud Network Engineering is a new branch, but it belongs to the century.

[00:05:46.670] – Ned
Got you. So when you think about the CNE or the Cloud Engineer, is it really just a network engineer that added some DevOps? Did they just rub some DevOps on it? And that’s all that’s going on there. Is there new network architecture that you have to relearn or network operations? What is different about that?

[00:06:05.880] – Kam
CNE that’s a good question. Many people actually ask the same question. In fact, last week, friend of mine, traditional network engineer, really sharp person, asking me the same question, and his fear was, you know what, I don’t do any coding, but I really like class. Can I just get a start? Is there any room for me? So that’s one of the biggest misconceptions in this field. It’s not like that. So you don’t have to know coding. In fact, I have some of the best cloud architects in the world on my teams. And some of them, they never code anything. They can understand. I mean, they can go through your code, they can analyze your code, they can tell you exactly what this code does, but they’re not going to sit down and code it. They’re not going to sit down and develop anything for you. But if you look at your organizations, generally speaking, at a very, very high level, you have two different kinds of responsibilities. People want to be architects, people who are more on the implementation side, or maybe do some architecture, but not very seriously. The architects don’t have to do coding.

[00:07:13.280] – Kam
They don’t have to worry about anything DevOps related, maybe 1020 percent. They need to understand what’s going on, but they’re not going to do implementation at all. I don’t want them to. I’m not going to hire some of the most expensive resources in the world to have them configure my VCNS or my VPCs. But on the implementation side, you also have very smart people, but at scale, they have to know automation. They have to know how it works from an operational perspective, how to optimize those. So depending on where you’re trying to land, you might need some DevOps skill sets, but it is not mandatory for every single field.

[00:07:50.500] – Ned
So both of those roles you were talking about, the architect and then the implementer, do those both fall under the umbrella of cloud network engineer?

[00:07:59.600] – Kam
Exactly. They do. Oh, yeah, okay. We hire them all the time. And it’s kind of your choice as an applicant what you want to do. And people coming from operations background, they know some coding, they enjoy configuring stuff like CCI style, let’s get on a keyboard, configure this and configure that. There is a job for that. But if you enjoy the whiteboard part of the story and maybe some implementation, just helping customers with proof of concept, or help your team approve a concept that will be more on the architecture.

[00:08:31.080] – Ethan
Side, I don’t think of DevOps as necessarily meaning you have to code, though. Kam, tell me if you agree or disagree. I mean, I’m thinking of it AWS, more of a tooling and a methodology for rolling code out. So it could be configuration standards you’re very familiar with from the Juniper, the Cisco world, let’s say that happens to live in a Git repository and you’re using a pipeline to deploy it. Is that fair to say?

[00:08:58.570] – Kam
But on the client side, keep in mind there is a pretty strong element of coding and automation if you want to do implementation. In fact, it is a lot easier when you compare that to traditional networks. On the cloud side, you have a very, very rich set of APIs. All you need to know the most part, you need to know one coding language, python, C, whatever, great. Just call those APIs and configure your cloud. And then there are other skill sets, including TerraForm that you can add, but you can’t really compare this to what you have in traditional networks. They are getting there too immediately. But on a cloud side, you should not be scared of anything automation related. It’s pretty easy, very available, and it does work. Many customers, in fact, their very first experience, they test this and they start developing their own codes.

[00:10:02.110] – Ethan
If I’m a traditional network engineer, and I am, and I’m looking at public cloud networking, is there something that out of the gate I’m probably going to be missing? I’m not going to get it because I’m coming from this world of hands on networking.

[00:10:16.630] – Kam
That’s a tricky question, and let me give you a cool answer. So let’s take a quick step back. Let’s go back ten years ago, and I’m hiring a traditional network engineer. Believe it or not, many cases I only had one question, and I would ask them one question that was, hey, do you know CSC carrier, supporting carrier? Grab the marker. Here is a whiteboard. Walk me through the process. Show me how CSC works from an IGP perspective, MPLS perspective, label exchange, optimization, convergence. Yeah, that’s one question, but it’s like.

[00:10:51.830] – Ethan
One of the biggest possible questions you can ask.

[00:10:53.940] – Kam
Exactly enough material to cover like 60 Minutes conversation. If you want to bring the same concept to this world and say, okay, what’s the most challenging part of that? So if you are in the traditional network engineer shop where you are, then there’s going to be topics that you don’t work with them on a daily basis. Let’s take DNS as an example. Right, DNS, tier one, the records. Everybody knows a record, PCR, MX and all those things. That tier one you should know, I believe you do. Tier two, a little more complex. Are you able to explain things like delegation, NSG, records? How does that work? Okay, that’s fine. That’s a little harder. The third tier, things like the NSG, are you able to explain very clearly to me how DNSc works behind the scene. So those concepts, since you don’t work with them on a daily basis, it’s going to be a little challenging. But if you ask me, and I do have books and material and blogs and training. The learning curve there is around four weeks. So for you, within four weeks, you should be able to upskill. You should be able to get there, at least from a concept perspective.

[00:12:15.700] – Kam
And then you’re going to need another two months to work on your hands on skills, to be able to get in front of a customer or get a whiteboard and talk to your boss comfortably. And during that four months, depending on what a great network engineer you are, there is going to be some challenges, but you can absolutely get there in about two or three months. So not a huge challenge, but those services going to take probably most of your time.

[00:12:47.110] – Ned
So it sounds like, coming from a traditional Network Engineer background, a few months and you can be up to speed. Do you think it’s easier for someone who comes from that traditional background to make the jump to cloud Network Engineer, or is it easier for someone who’s already working in the cloud on other technologies and is somewhat familiar with networking to make that jump?

[00:13:10.330] – Kam
So if you want to become a CNA cloud and network engineer, absolutely. Coming from a network engineering background is the quickest and shortest path. In fact, the biggest pool of candidates that we hire from a group of network engineers, that community, that’s the target community. It’s a much shorter learning curve. It’s not that steep. You understand a lot of things. You understand how TCP and UDP work. You know how to capture packets. You know how to analyze those packets. You spend some time to learn PGP attributes, and it matters, you know, segmentation, you know, firewalls and basics of those. So those things you already know, you don’t have to go ahead and learn from scratch. Let’s compare that to, I have the best DB, and I want to turn this DB into a CNE. That’s going to be a pretty steep learning curve, probably more than a few months. But as a Network Engineer, acne should not really take more than three to four months.

[00:14:11.790] – Ethan
So if I’m that traditional network engineer that’s been kind of ignoring the cloud thing and letting the cloud team handle that stuff, do I need to prioritize adding cloud networking skills to my resume? Let’s put it even more bluntly. If I don’t add cloud skills to my network engineering resume, am I unemployable at some point?

[00:14:32.520] – Kam
That’s a good question. I don’t see that happening, honestly. But two facts. Let me give you two pieces of information here, going to help you. Number one, definitely you’re talking about the shrinking markets, right? So the data centers that you’re managing right now, look at those data centers. What’s inside a data center? You have power, space, cooling, all the hardware, cable, fiber, all those things. And then you have your servers and routers and switches and operating systems, everything else. Many of those pieces going to leave and those services and the workload is going to go to the cloud. So that is already happening. That workload, that body of work for you to be important. That’s shrinking, no doubt about it. But keep in mind, the cloud service providers, the CSPs, the vendors, people who actually build public cloud, they are still hiring traditional network engineers because behind the scene you look at owner Hood, there is still very strong, very complex, and absolutely efficient network. And that network is built by traditional network engineers. That’s where you’re talking about OSPF, PGPI, Snplst, all those things. That’s not going to go away. It’s going to leave your environment, it’s going to go somewhere else.

[00:15:52.210] – Kam
So that way it works kind of exists, although automation is going to be very strong. But yeah, that works. So, long story short, enterprises, you’re still going to have enterprise incorporate work. You have your buildings, you have your ports, you have your customers, you have your Forestry, maybe some layer three and layer two as well. Your data center is going to shrink and there’s going to be some good amount of work to do on the CSP side of the industry.

[00:16:21.050] – Ethan
But cloud repatriation can I mean, all the workloads are coming back on Prem.

[00:16:25.850] – Kam
Whoa, there is the answer to that too. When we started this journey in public cloud in general, right, let’s say almost ten years ago, many people had questions that there’s this workload because of ultra low latency requirements, because of some order compliance requirements, all those things. I’m not going to let go of this. It has to stay on Prem. I have to have some kind of data centers to run this. Now, there are technologies, there are dedicated technologies that people, cloud service providers actually build data centers. They give you AWS of that cloud. So they will bring AP stuff, public cloud to your facility so you can run whatever you want in our space, it’s going to be ultra low latency. It’s going to check your compliance box and all those things. So yeah, you can still live right next to your workload. It is possible.

[00:17:23.860] – Ethan
You’re talking about all those edge compute solutions that are there and then solutions like AWS Outposts or OCI.

[00:17:31.790] – Ned
Yeah, I didn’t know that one. That’s a new one on me. I’m going to have to check that out.

[00:17:36.180] – Kam
Oh yeah, that’s a piece of cloud. You can have yours.

[00:17:39.340] – Ned
Yeah, that’s the thing that I see most of the public cloud vendors doing is expanding their footprint into your data center to bring the cloud networking that you’ve become accustomed to, to an on premises environment. So you can still use those constructs and those workflows that you’ve developed now back in your on Prem.

[00:17:58.410] – Kam
Right? Very true. Exactly. As the number of regions growing and cloud service providers expanding into new regions, that’s another new trend. Yes, we azure expanding. We don’t have to have massive data centers in one region. It could be smaller, could be even dedicated to your environment just to support your own workload and nobody else’s.

[00:18:22.460] – Ned
So cloud network is creeping into my data center. Oh, no.

[00:18:25.990] – Kam
There you go.

[00:18:28.690] – Ned
When you were talking about the big question that you’d ask Network Engineer when you were interviewing them, and you threw out that CSE example, which I barely know what that is, so I would have failed your interview immediately.

[00:18:39.130] – Kam
It’s a really cool thing.

[00:18:40.070] – Ned
Yeah, I believe you. I was trying to think of something that would be similar in scope and complexity, and the thing that immediately came to me was interconnecting different cloud providers. Tell me how you could connect three different cloud providers together and have it work properly.

[00:18:56.190] – Kam
That’s an excellent question, and it’s actually not as difficult. So these days, that’s one of the easiest thing to do. And that’s one of the major trends. So if you ask me, just name two trends. Two trends? Not even three. Two trends that you see these days. One of them is multicloud. So multicloud is fact. It’s really hard to find one large cloud consumer with only one cloud provider. So that’s the trend. Yes, it’s happening. But connecting those cloud providers is not as not AWS difficult as you think. Some cloud providers, there is connection between their environments. Actually, intentionally, they build fiber between the two OCI and Azure is really a good example. There is fiber between the two. You can have multicloud between the two. You can have split workload and do a bunch of cool stuff and great designs on that. If that doesn’t exist, you also have a second option. There are some companies, like Megaport, they have services, they act as that middleman. They provide writing rather services to connect your cloud A to your cloud B. And that works really well, really good latency. Great bandwidth. Absolutely possible. Let’s say even that’s not an option in your case.

[00:20:14.920] – Kam
Well, just build your own IPsec tunnel. If you don’t need a latency, if you don’t have to worry about jitter and all those things, you can always run your IPsec tunnel from anywhere you want to, anywhere you want. And that’s the case between two cloud providers. So there are different options to connect one CSP to another if you have presence in both.

[00:20:37.130] – Ned
Got you. It’s definitely changed and evolved over time. And I’m glad to see that there Azure, so many companies that are willing to be that middle person sitting in an Equinix data center or something and just literally interconnecting the two clouds for you. Basically.

[00:20:52.370] – Kam
Exactly. Oh yeah, equinix is another great example. 100% Azure. Yes.

[00:20:56.600] – Ethan
Plus you got the third party entrance into that world that will provide their own path between clouds. They have presence in the different cloud pops around the world, and you can run over their backbone to connect. So, I mean, there’s all kinds of options.

[00:21:10.790] – Kam
Very true. Yeah. And very, very popular these days. Like I said, back in the days, ten years ago, yeah. You had one option, maybe two options, but today you can pick the right cloud for the right workload. And don’t be shy. It’s technically possible, but the message that we put out all the time when I talk to anyone ask that question is, do your own proof of concept. Make sure it works for your particular workload, your particular application in your setup and your locations and the latency you’re seeing. If you like it, that’s the way to go.

[00:21:47.570] – Ned
So, by the same token of interconnecting the clouds, if I’m a cloud network engineer, how portable are the skills I’m learning for one cloud provider to the other cloud providers? Because I know in some cases they’re using the same basic protocols and concepts, but the way they implement it can be a little funky. So do you think that if I learn my networking on OCI, I can easily transfer that to AWS?

[00:22:11.750] – Kam
Let’s say that’s a good question. So when you’re talking about CNE or cloud network engineering, let’s just narrow the scope a little, right? Let’s not worry about databases and how they work. Let’s just focus on CNE skill sets. In that particular scope, you have two big verticals. You have Is services and you have SaaS is what we all know. You’re building your own environments up in the cloud. 60% to 70%. Well, I would say very similar. So it’s just like, you know, C, and now you’re trying to code in Java should not be a huge deal. You know, c plus plus. Now you’re learning C sharp again, 60, 70%, you understand? And then you’re going to bridge that gap. So that’s probably not so challenging. Part, I would say this is the easy part, code uncode easy. The more challenging part is on the SaaS. SaaS is very vendor specific, so if you have expertise and one cloud provider with their SaaS solutions, it’s almost impossible to find the exact same experience in another cloud provider. Similar no SaaS, each one of those, they implemented their own SaaS. So ies. Or what we care about, network engineering and network architecture.

[00:23:37.900] – Kam
Part, it’s very easy to transfer. But with SaaS you’re going to have challenges. You got to learn from scratch how their SaaS works and how it’s perceived by your users, all those things.

[00:23:51.530] – Ethan
Can you get specific forest Kam with the skills that we’re talking about that a cloud network engineer needs to have in your nanog presentation? That’s actually what you spent most of your time on in that presentation. We don’t have time to go into all of that detail, but give us that high level overview of those specific skills I need as a CNE.

[00:24:08.130] – Kam
Absolutely, we can talk about it. I do have a couple more points to add, but let’s just run through that list right quick. As a network engineer, we expected you to know TCP UDP, how these things work. I always ask that question. I don’t ask tell me the difference between the two. But I do ask you. I have this use case. You pick the right one. In fact, I have a Nanak presentation, I did that in Nana 77. And that’s focused on network engineering, interview questions, we cover all that. So know your layer four, your TCP UDP, all that stuff. We do the exact same thing on the CNE side. When it comes to layer two, traditional network engineers know a whole bunch of things. A lot of different protocols these days start from a very traditional SDP to the latest version of that with a lot of other things that really doesn’t exist in the cloud. For the most part, we do have some very limited layer two, but for the most part, users do not have to worry about layer two. So that body of work is almost gone. There is a third part of that and that’s routing.

[00:25:19.790] – Kam
BGP routing. Look at your data centers or corporate network. You’re on OSPF, ergrp, ISIS or something else. That price is almost gone too. You don’t have to worry about this routing protocol unless you’re doing some really complex overlay. You don’t have to worry about IGP as a cloud provider. Yeah, the cloud provider is run at in your data centers. But as a consumer of the service, that’s 100% transparency. It’s not the case about BGP. BGP is a little different. BGP, traditional network engineering. We all know BGP inside out all the details across different vendors. But if you look at your CNA, BGP is pretty simple. You just need to know a handful of attributes and how they work, how to manipulate routes, inbound and outbound, manipulation. And that’s pretty much it. You care about convergence and timers, how BFT works, and you’re done, that’s the BGP part. But what is missing? And as a traditional network engineer, you have to bridge that gap to big set of services. Now on this side you have load balancers, different types of load balancers for different types of workloads. You’re going to be responsible for DNS, you’re going to be responsive for DHCP, NTP two.

[00:26:48.850] – Kam
So these are the things that we are adding to the job descriptions. But let me take one example and just clarify something. Load balancers, there is a boundary and that’s a very fine line between your responsibilities as a CNE and your system SEMO application owners. You’re responsible for the load balancers configuration, how things work, web troubleshooting and bunch of other things. You are not going to be responsive for the details of load balancer. You’re not going to decide how to place your workload behind load balancer, how each one of these applications going to work. It is partnership between you and your application owner. So you got to work very closely with your application owners and systems. Same story applies to security. You got to know security. We will talk about security later during this conversation, but at a very high level. Let’s take firewalls as an example. As a CNE, you need to know how to deploy a firewall and how to bring redundancy to your design, how to make sure you have the lowest conversions. All those things, all those questions, they need to be answered by you. But I won’t trust a network engineer to configure the policies on my firewall.

[00:28:07.310] – Kam
For the policies, I’m going to work with my CISO, I’m going to work with my security folks, and I’m going to follow pretty much the same policy I have on prem what to permit in, what to permit out. So that’s the overall picture of the two job descriptions. If you want to work on a presale side, there’s maybe some soft skills involved. But from a technical perspective, what I covered is pretty much 90, 95% of the picture.

[00:28:33.640] – Ethan
It doesn’t sound too different from the traditional network engineering job. And a lot of those folks have had load balancers. I’ve spent lots of time with load balancers over the years.

[00:28:42.470] – Kam
That is true.

[00:28:44.070] – Ethan
And that skill would map directly to the cloud. Learning how a particular like if you’re using a cloud native load balancer and figuring out how that specific tool does what it does.

[00:28:54.890] – Kam
Exactly.

[00:28:55.610] – Ethan
They’re all very similar.

[00:28:57.080] – Kam
Oh, yeah. Ethan, believe it or not, when I was creating that presentation for Nanog, well, part of that presentation, I have slides that take you back to the talk about what was going on back there. It was not part of the original presentation, but when I got to the end of my deck, I felt like, wow, this sounds like something I did in the past. Wow. This is traditional network engineering. Exactly the conclusion that you were talking about. Then I added those slides and explained, look, in the 90s, actually, we did that. Yeah.

[00:29:29.830] – Ethan
Cisco local directors way back in the day.

[00:29:32.580] – Kam
There we go. Ace load balancer.

[00:29:34.540] – Ethan
Yeah, the ace load balancer. And then, of course, F five. That’s what they’re still most known for, is load balancer products and so on.

[00:29:41.280] – Kam
Very true. Exactly. You did not have a load balancer team. It was you. As a network engineer.

[00:29:48.730] – Ned
It almost seems like what we’ve really done is just remove two of the layers from the OSI stack. You’re not responsible for layer one anymore unless something’s gone really wrong, and you’re not really responsible for layer two as much. But all the other layers in the stack, or at least three, four, and seven, you’re still somewhat involved.

[00:30:06.360] – Kam
Very true. That’s actually the abstraction that people enjoy. That’s why Operations we can talk about operations. That’s why operations is a lot smoother. We offer that abstraction. You don’t have to worry about any of those layers anymore. Right.

[00:30:21.830] – Ned
And I don’t have to worry about cage nuts and cutting my knuckles on them.

[00:30:25.130] – Kam
Oh, yeah.

[00:30:29.530] – Ned
So we talked. About the major cloud providers. But there’s also a bunch of sort of third party solutions that are looking to either ease or take advantage of what cloud networking has to offer. So I’m thinking of SDWAN and SaaS products or unified control plane products. I know Prosimo previous sponsors of this podcast, and Alkira and Aviatrix, they all offer some sort of unified control plane. As a cloud network engineer, should I also be bundling those into my tool set or should I just focus on the essentials?

[00:31:06.470] – Kam
So there are two schools of thought here, and let me just be clear. Some people prefer to have a simple design, simple architecture, and they decide what they want to do. So instead of creating a unified control plane, I want to know exactly where I’m going to put each one of these workloads so I don’t have to have that, well, that’s one, I guess, approach. The second approach is mostly you see that trend in small to medium sized customers, even some large customers that no, I do care about that pane of glass. I want to have the single pane of glass. I want to have the unified control plane. It does matter. So there is this to you. Depending on which network you want to work in, you may not need those, but as a hiring manager, I never turned those into one of my care requirements. There’s good reason for that. All these products, azure designed for simplicity. So learning curve is not huge, especially if you Azure. A capable CNE should not be a very steep learning process. You start maybe in a couple of weeks you find your way around them. There’s going to be training for those.

[00:32:22.720] – Kam
So I’m not going to turn them into one of the key requirements. But absolutely good to know. SD One is a different story. SDWAN, I didn’t want to mix SD One with unified control plane because SDWAN by itself is a whole different topic. SDWAN is actually coming to your cloud from on prem. It’s an extension of your existing network. You have SD run because you want to manage your SDWAN. And your SDWAN doesn’t necessarily, quote, unquote, blind to your cloud service provider. That’s your wan. So all in all, SDWAN is not going to go anywhere. You have to know SDWAN. But as it relates to this topic and as a CNE, what you need to know, how to configure, how to design, and how to optimize major SD van solutions this time in the cloud. Sometimes you want to treat your cloud footprint as one of your sites. Sometimes you want to bring your brain, the brain of your speed man, whatever it’s called, depending on vendors to the cloud. So these two major architectures possible, and actually many customers do that, it would be nice to know. But again, not one of my key skill sets that I’m going to go after.

[00:33:44.790] – Kam
If you understand BGP, if you understand how one works. If you understand my cloud, then running a CVN on that is not going to take more than a couple of weeks. These are easy steps to take to onboard you as a new CNE. It’s not a show stopper. So if I do come across this super smart CNE or knows all this stuff, fully certified, does have job experience, I’m not going to stop the hiring process because this guy has no c one experience. This event is something that you can learn later on.

[00:34:15.010] – Ethan
How does security fit into that then? Because you mentioned like, you need my firewalls and so on. Well, there’s all these other cloud related security services like Zscaler should I say, I guess really the same question as the SDWAN and Sassy question. Should I be digging into those things or just kind of stick with the cloud native security offerings?

[00:34:34.970] – Kam
That’s an excellent question. So looking at security, secure is in a cloud, multiple different branches, and CNES probably care about one or two. In a cloud you have identity. So identity solutions do exist. But I don’t think unless you’re working for a very smart company, I don’t think it’s going to be your responsibility AWS a CNE to deal with identity in production. That’s one aspect of that. The other one is compliance. If you as a network engineer or CNE responsible for compliance, there’s something really wrong because that takes a lot of expertise. It’s not a side job. They say, oh, I know FedRAMP, that’s fine, don’t worry, I’m going to configure my BGP, but I’m going to do some FedRAMP as well. You got to understand compliance very well. The third part is firewalls. Firewall is a big, big part. We briefly talked about it. Generally speaking, there are two different approaches when it comes to firewalls in the cloud. All major cloud providers, they have their own built in firewall solutions. And if you want, you can also run your own third party firewall on an instance in a VM, you might have any reasons.

[00:35:52.660] – Kam
Sometimes you have enterprise license agreements and it makes perfect sense to bring the same solution to the cloud. Sometimes you have the single pane of glass like panorama and you want to bring your power to firewall to the cloud. All those things make sense. So either you choose your cloud firewall or you bring your own firewall to the cloud. Again, going back to a previous conversation, you have to know how to build that server, how to configure that, how to configure the nicks, how to bring up different services, how to make your firewall redundant and all those things. You’re not going to be responsible for the policies that’s the firewall piece of this. And then the architecture matters a lot. How you want to design it, is it how it spoke? Or you want to have a separate virtual cloud for your firewalls depending on different vendors. And the other part, security controls things like your network security groups or security lists that many cloud providers have. It’s just like your ACLs or ACLs in traditional networks, you are going to be responsible for those. So you have to understand difference between stateful and stateless, where to put those, which one makes troubleshooting easier, more difficult, which one makes your environment more secure, and which one probably doesn’t play a big role.

[00:37:18.290] – Kam
So those are the calls you need to make. But generally speaking, you’re responsible for architecture and making things work, making this connection work, and not necessarily the policies behind this, how the security policies work. Regarding a third parties, you brought up Zscaler. Any third party knowledge would be absolutely helpful. Any third party knowledge could be Zscaler, could be PalaceR, could be for the Net, even something like Cisco ASA. Still great. Why? Because like I said, many customers still want to bring those solutions to the cloud, and they actually work very well. And there are some advantages and disadvantages, but we see that happen very often.

[00:38:00.330] – Ethan
What about lesser known or less commonly found networking skills, multicast QoS? If I’m an expert in those and as a traditional network engineer, is that helpful to me? If I was a CNE.

[00:38:14.990] – Kam
So speaking of multicast, three years ago, Bill Williamson passed away. It’s been three years. Father of Multicast Training remembering that multicast is one of the skill sets that traditionally, maybe up to two or three years ago wasn’t absolutely necessary in a cloud. However, today things have changed. Many cloud providers, they do support some version of multicast, even sometimes with that overlay. So that’s a possibility. That’s one of the skills that’s going to help you POS. Not so much. But at the end of the day, if you are a network engineer and you know, multicast and kos, I think it’s safe to assume you already have a lot of other skill sets that we’re going to need those. But if you need multicast and kos, probably you can find some projects that you’re going to use those, but not extensively.

[00:39:15.490] – Ned
You mentioned during the interview process, looking through someone’s resume and seeing that they’re certified, what does that mean to you? What certifications and training would you expect to see in a CNE or someone who wants to become a CNE?

[00:39:32.470] – Kam
NAN? Don’t get me started too late. Certifications. Yeah, that’s one of my favorite topics. Absolutely. I’m a double CCI myself, dossier and emeritus. It’s not active anymore, but I do care about certifications. First of all, if you’re a CCIE applying for one of my positions, you’re going to get an interview. I’m going to give that to you right beyond that point. It’s you. It’s you and your capabilities to pass the job interview. That’s one thing. The other thing that I do want to bring up is a pretty annoying trend that I see these days, and people are actually doing it backward. Let’s just explain that a little better. There Azure, a lot of different certifications. Each one of the vendors, they have long list of certifications. You as a CNE would absolutely impress me if you know all the four cloud providers and how to network in those networking, you know, networking in Azure, you know, networking OCI, networking in AWS and networking in GCP. You’re an absolutely great person. I would hire you. Why? Because Mosses Cloud is my biggest concern and you’re an ace. I would 100% interview you. I would 100% hire you if you answer my questions.

[00:40:56.960] – Kam
That’s one good way. The wrong way to see a lot is this is and if you look at the forums and all different social media, that’s actually the path that many people are taking. People go after multiple different, absolutely not related certifications from one vendor. So look at the resume. I have this guy who’s a big data expert, networking expert, security expert, a DevOps experience, a database expert. On top of all these things, he’s also an architect and he knows a bunch of other things. Let me just burst your bubble here. There is no way on God’s green Earth that someone shows up and he’s an expert. I’m not talking about you have a high level knowledge. No. You are an expert in six or seven different fields of science, at least in 2023. It’s not easy. If it is, you should not be applying for a network engineering job. So that’s the challenge. Your right way is if you want to be a CNE, that’s great. There is a path. There is a certification path. All these cloud providers go turn yourself into a multi cloud person. Instead of embarrassing me and yourself and putting all those badges on your resume, you show your experts in every single field with every single cloud provider that I know, you’re not going to be able to get in front of customers, at least experts on the customer side and answer the questions.

[00:42:27.150] – Kam
There is one exception to that. If you want to work on the presale side, you’re an architect or enterprise architect and you want to be able to talk about big data for 20 minutes, it’s good to study big data, maybe get some central beginner level big data certs. But that is pretty much it. As a CNE, you absolutely do not need to have 25 different certifications from databases and big data all the way to security and network.

[00:42:58.490] – Ned
I know exactly what you’re talking about because I go on LinkedIn, I see the fanfare around people getting certifications. And it seems for some people I just want to get every single cert that this cloud provider offers, regardless of whether it’s relevant to what I’m doing.

[00:43:14.720] – Kam
There we go. Exactly. I get it.

[00:43:16.770] – Ned
And I played Pokemon. I understand how it works. But if you’re trying to get a job, I like your advice, be a little more pragmatic about it. And all the cloud providers now have a networking specialization certification.

[00:43:30.130] – Kam
That’s true.

[00:43:31.110] – Ned
Yeah, maybe focus on that. That makes a lot of sense to me.

[00:43:34.210] – Kam
Exactly. If you want to be a CNE, there is a very clear path, in fact, on packet pushers. I have a blog, I published that a couple of years ago. It’s still very much valid. It shows you exactly how to break into this field. And it’s not just rant, no very clear steps. Step one, step two, step three. I’ll walk you through those phases and tell you how to get from point A to point B, where to go, what certifications, where to learn, and then what jobs they apply. It is on packet pushers.

[00:44:08.750] – Ethan
Well, one final question then, Kam, is how do I skill up and using a lab and so on. I don’t want to spend a fortune doing it. And all these certs teams, everybody wants to sell me books and classes and courses, and it can get expensive fast. So how do I not spend a fortune?

[00:44:25.530] – Kam
Good question. So let’s take a quick step back. When I was signing for my first CI, early 2001, of the very first things I did, I bought a bunch of gear. So I bought a lot of devices. I still remember early in the morning, Saturday, let’s wake up, I want to do lab for 8 hours. Now it’s noon, I’m still troubleshooting my elephant, and ATM is down. Four years later, my friend lays down. Why? Because the 2500 for some reason, isn’t doing what it’s supposed to do. And all those problems, eventually I gave up. And then I migrated things over to GNS. And then next generation, let’s go ahead and rent one of those rental labs. And they had their own problems too. That’s not the case with cloud engineering, that’s actually the good news. Cloud engineering, if you want to master any technology, pretty much any, I mean 95% of technologies we’re talking about today, those things. Most cloud providers, if not all, I believe pretty much all of them. They have free tier, they have low cost services, they have live versions of the same services that you can play around, you can configure all the time, you can break and fix and all those things.

[00:45:39.760] – Kam
The only thing is actually in that presentation too. Do not forget to shut down all your services when you’re logging out. You don’t want to pay for some service while you’re asleep. So that’s one way to get hands on skills. The second part is where to go, where to study. I don’t want to promote my own book, but there is a book, however. Love your vendors documentation, their official documentation. If you azure working with vendor, a look at the documentation, the two pieces there, their official documentation that you can find how things are configured, how things work. Some vendors, they also have blog posts, a little informal, but they reveal some really cool architecture designs and corner cases and all those things there. That’s where you can get hands on experience by reading a blog, because those blogs are reading by people work with hundreds of customers every month. Not just one customer, not as a consumer, no, they see customers multiple times a day. So value those blogs. Look at the official documentation. YouTube is of course a good resource, but again, certification paths are very clear. They will show you exactly what’s needed, how to get there.

[00:46:57.400] – Kam
Look at my blog on packetposhers.com. Net as well.

[00:47:01.830] – Ethan
I also wanted to add that you should be willing to invest something into your career. Not everything needs to be free.

[00:47:08.810] – Kam
Oh, yeah, 100%. And especially in this field. Let’s face it, this is one of the highly paid. When you look at the numbers, when you compare this to other folks, compare what we earn in this field to what other folks make. So, yeah, eventually there’s going to be a great Roa. So absolutely great return on your investment is solely worth it. 100% worth it. But do not waste your money. Just spend it wisely. Okay?

[00:47:44.740] – Ethan
As we hit the end of the show here, can you tell folks how they can follow you on the Internet?

[00:47:51.750] – Kam
Don’t. But yeah, so my Twitter account, that’s my last name, the first name that I’m a first name. So K-A-G-A-H-I-A-N. That’s my Twitter handle. And I’m on LinkedIn and almost always accept connections. As long as you don’t want to sell me anything, you’re more than welcome to Connect.

[00:48:14.830] – Ethan
More and more people selling us things on LinkedIn. I get a lot of direct mail, hey, what if I could boost your productivity or boost your sales or they always want to boost something.

[00:48:24.770] – Kam
Five minutes of your time and I will convince you that’s it. So, yeah, Twitter and LinkedIn, I’d be more than happy to hear from people feedback on my talks and all those things. And people do reach out, they ask questions, and I do spend some time to answer those questions. I’m pretty open. I would love to hear from the audience. Why not?

[00:48:45.990] – Ethan
So the link to Kam’s Talk that inspired this podcast conversation will be in the show [email protected]. And you can also find Kam’s article, how to Break Into a Cloud Engineering Career that [email protected] cam’s written that and several other pieces on PacketPushers. Net over the years. So thanks Kam, for appearing on day two Cloud awesome and Virtual high Fives to you out there for tuning in. And if you have suggestions for future shows, either guests you’d like us to interview, topics you want us to cover, vendors you want to see if we can bring on as a sponsor, we would love to hear all of your suggestions. Net and I follow Twitter at day Two Cloud show, so you can send us your information there. Or if you’re not a Twitter person and it seems like fewer and fewer.

[00:49:26.620] – Kam
People are these days.

[00:49:27.620] – Ethan
You can fill out the request form day two cloud IO and we’ll get that and hear everything you have to say. By the way, Packet Pushers has a weekly newsletter. Human Infrastructure magazine Him is loaded with the very best stuff that we found on the internet, plus our own feature articles and commentary. It is free and it doesn’t suck. I promise. You get the next issue at Packet [email protected] newsletter. It’s free. Until then, just remember, cloud is what happens while it is making other plans.