Hiring and Upskilling Teams for the Cloud

IT talent is in high demand, and many hiring managers are taking creative approaches to finding quality people who can play a role in a transition to the cloud. These approaches include use of targeted ads in social media, sending recruiters to meet-up groups with pizza, cruising Github.com for candidates actively contributing to open-source, and working directly with groups specializing in reskilling workers who come from other fields. 

Job titles in the cloud domain have many different names. Cloud Architects often design systems, whereas more operational roles, such as Cloud Engineers, DevOps Engineers and Site Reliability Engineers (SREs), typically have skill sets related to value delivery. Though the objectives of their roles may be different, they all work in the world of ‘unified engineering’, where they are expected to be cross disciplinary in order to reduce hand-offs and increase the flow of value to the customer. 

Whether you are hiring skilled talent, or new team members with minimal relevant experience, each will need to be trained on your company’s governance/risk/compliance (GRC) and cybersecurity policies along with your approaches to the cloud. With skilled talent, this can be done in about a month, ideally, including the review of company policies and standards, and working with a peer to understand the way it is done at your company. A move to the cloud will often require reskilling of your existing team members.

Here are some guidelines to help you design a training program for cloud in the secure enterprise. Following the steps in the order in which I present them below will help ensure that GRC and technical debt concerns are kept in check.

1. Command Line Skills

Users coming from Windows or Macs often lack the command line skills that Linux users have, or that Windows users had back in the 90s. Many cloud technologies run on Linux or require extensive use of the command line. This skill is easily taught and reinforced with cheat-sheets. There are many YouTube videos that cover the basics. Once someone has the basics, the rest is learned as needed. Your internal training program needs to include the "why”, because many without this skill question the need for it.

2. Version Control Systems

Version control systems should be used to store all your cloud assets. This ensures both your cloud and cybersecurity teams can perform code reviews prior to release, and that your development and production environment configurations do not drift from each other. Team members coming from a software background typically have no issues with version control systems like Git, but those coming from operations backgrounds can struggle understanding the need to learn this if they have never been required to in the past.

The good news is that there are many free training courses for Git. Some of them are even gamified. There are only 10 commands someone really needs to get productive. These can be self-taught or taught internally without requiring a third-party training company.

3. Scripting

Depending on which cloud platform your company uses, and the specific services within, there may be one or more scripting languages required. Basic programming is now a core competency like touch-typing, and if a team member knows one language, learning others is usually quite easy. Scripting is needed to create the cloud infrastructure and to manage systems. There are many free options for learning, and several of the online training academies have courses which include all of the major languages. Knowing what to search for online is far more important than an exhaustive set of expectations in this area. A grasp of the basics, plus knowledge of where to find answers will be enough to get teams started.

4. Basic Networking

An elementary course in computer networking is required. Most likely, the heavy lifting for your cloud networks will be done by a competent networking team, but basic networking skills are needed for day-to-day operations. As above, many online training platforms have two-hour courses in basic networking. Cloud Engineers and SREs may work directly with networking, compute and storage, so therefore, they must have an understanding of all.

5. Cybersecurity

Possibly the hardest skill to train for in the cloud is cybersecurity. Users coming from an operations background tend to pick this up faster than those coming from a software background, because often, the software teams were never exposed to the cybersecurity threats operations teams see. Cloud providers have extensive documentation and tooling to ensure secure systems, but there is still a lot to come up to speed on. Aside from dedicated cybersecurity training from industry sources and cloud provider certification programs, there are internal steps you can take to increase employee exposure, followed by education.

I recommend pairing your cybersecurity team up with the cloud team and having the cyber team demonstrate actual threats and attacks coming into your company. Showing this helps reinforce to the cloud team that these are not just theoretical. Another practice is to ensure cybersecurity validation tasks are built into each work item, building upon an earlier step of ensuring cybersecurity requirements are considered at the beginning. If team members cannot close out their work items without cybersecurity sign-off, then there will be more desire to build in security correctly at the beginning. Retrofitting for anything at the end is wasteful rework. Whole books and careers are based on cloud security, so consider the above to be just the beginning for a new team member.

6. Dev-Ops Pipelines

Best practices for deploying cloud applications and services dictate the use of DevOps pipelines. These automated workflows ensure that a number of important checks are met prior to deployment of code into production, such as: i. passes functional tests, ii. peer-reviewed, iii. complies with open source licensing legal requirements, and iv. scanned to prevent vulnerability exploits. Each company’s pipeline is different, depending on tooling, maturity, services, cloud provider and other factors, so customizing your training is often necessary, which can be a bit of work. Most cloud providers have free training programs on the concepts, but an on-the-job course created by your own teams along with documentation will be required to help newer team members understand.

7. Cloud Training

Once your teams have completed the above, they can start learning cloud. Cloud vendors and third-party online training providers offer great training to help your teams learn. Though many may insist on a formal class, the online offerings can be more than sufficient for the basics. Save your training budget for custom or more specialized topics.

I have had great luck gamifying cloud certifications. Some may consider certifications a “vanity metric,” but the programs teach and measure on what the cloud providers find important. Cloud is much more than “someone else’s computer” and taking advantage of services outside of “virtual machine hosting” can allow a company to deliver more value to its business partners and customers faster. Therefore, it is important that your teams know what is available.

As important as it is for your team members to have opportunities to learn on-the-job on company time, there is too much risk for unsupervised learning in your main cloud environments. Despite one’s best attempts to prevent accidental disclosure, mistakes can be made — we read about them almost weekly. Your company needs either a completely sandboxed and hardened learning environment, or access to the dedicated online training platforms with disposable lab environments. This author has had great success with the training platforms and has even included courses from them into the department's goals in the performance review system. 

Having transformed a team to cloud, a team that is now helping a dozen others to do the same, this list is an outline based on real-world experience and lessons learned. Feel free to reach out to me with questions via the comments section below.