Non-obvious questions of NGFW development: how we form a team and train partners

This means that, in addition to technological and organizational aspects, the human factor must also be taken into account — hiring, training, and retaining personnel. Albert Mannanov, Solar NGFW product manager, spoke about the challenges of forming and developing a team, as well as how they are handled in the Solar Group.

The vendor who undertakes to develop their own NGFW has two paths open. The first is development using open-source products, where the assembly is deployed on some operating system, and then the components are tuned. However, if the task is to develop a high-speed NGFW, then the standard Linux network stack will no longer be suitable — the Linux kernel code, aimed at high versatility, was not developed for high-speed network packet processing. In this case, the vendor has several approaches to choose from, but they all require taking part or full functionality from the Linux kernel.

“Solar” has taken this path because our PAC is focused on the needs of enterprise-level organizations, therefore demonstrating high performance, from 5 Gbps in NGFW mode to 75 Gbps in firewall mode. In addition to the standard IPS set, unique signatures from Solar 4RAYS are used to protect against the newest threats, which adds additional load. And this second path, the path of creating a high-performance platform as the basis for Solar NGFW, requires high expertise from our development team.

Among the key competencies are:

• development of hardware components;

• development of software components (specialists in the Linux kernel, software architects, front-end developers, and other specialists are needed);

• proficiency in methodologies for conducting load, functional automated testing;

• network engineers' expertise;

• product analytics.

The architectural complexity of NGFW increases the requirements for diversity and level of competencies. The formed architecture allows for the enhancement of the product's functionality, and at this stage, analysts are involved to record the requirements for its capabilities. Analysts must combine the qualifications of an information security and IT specialist, have experience and knowledge of the principles of NGFW operation, and at the same time understand how to formulate requirements for developers. In other words, they need to translate from business language to development language, having previously studied the tasks and issues, analyzed competitive solutions, and sometimes looked at the task from a different perspective and a new angle. At the same time, the tasks are very diverse — from describing low-level packet filtering to changing the display of certain functionality in the interface or improving the convenience of managing NGFW on different devices and with different behavior scenarios to facilitate the administrator's work.

For NGFW, as for any high-load system, testing is a separate item — these are functional and load tests. The test scenarios will be real scenarios of product operation by the administrator in the customer's network. QA engineers must understand the key metrics for checking the quality of NGFW, deeply understand network technologies and cybersecurity. The use of automated tests helps to increase both the speed and quality of testing, but from the point of view of team formation, a new competence is added — the skill of developing automated tests.

The realities of the market and the cybersecurity industry raise the bar even higher for the vendor and make additional competencies and professional qualities necessary. For example, the requirements of regulators in the field of information security periodically change, which means that a specialist must constantly learn and adapt to new technologies and methodologies. As we know from the experience of including Solar NGFW in the Unified Register of Domestic Software, certifying components, and obtaining the FSTEC Russia compliance certificate, a security specialist needs not only to understand what functional capabilities the solution should have but also the packet processing process itself.

Part of the requirements for the NGFW vendor is set directly by the customer. This includes technical support that operates according to SLA, a team of qualified presales engineers and implementation engineers. These specialists should have a broad outlook in all aspects of NGFW, as questions arise from customers regarding both IT and IS. The former are mainly interested in performance, fault tolerance, the availability of monitoring and management tools, as well as the implementation of basic network technologies. Security specialists, on the other hand, focus on what data can be collected from the device for further investigation, how threat prevention works, how feeds are updated, what protection modules are available, and much more. Not every specialist has such a wealth of knowledge, so the right approach should provide for different levels, from employees who can help clients with basic requests to presales experts who are involved in complex architectural requests.

So, for the successful development of NGFW, a cohesive team of professionals with good skills in their specialty and a deep understanding of network technology and information security is needed. Undoubtedly, this limits the possibilities for finding personnel, especially in an overheated market. And to be frank, there are simply no ready-made specialists with such qualifications. Therefore, at Solar, we focus on training our own talents and focusing on employee motivation and retention.

At the start of the project with our ambitious plans for the development of Solar NGFW, it was necessary to quickly assemble a team, but at the same time with foresight: the strategy of mass hiring of everyone who could be found and further screening is not suitable for our segment. We are focused on internal training, but we did not consider complete beginners, and focused on three aspects. In terms of hard skills, the bar is quite high: advanced knowledge in network technologies, in information security technologies, in particular common security problems in networks, basic protection products and specifically NGFW, regulation are needed. The second aspect is professional qualities, the willingness to constantly learn new things. Finally, no less important for us is interest in the field.

Since the beginning of the year, our team has tripled, and this is not the limit, because now we continue to develop new functions in accordance with the goals of import substitution, with the development of the network architecture of our clients, and with industry trends. Very busy releases are planned for 2025, including, for example, full-fledged remote access VPN and an increase in performance up to 100 gigabits per second in firewall mode with application control. Additional resources are required to release new functions on time, so the process of developing competencies in the team is on track. I will talk about our experience and approaches that allow us to effectively and on time solve the tasks of developing and supporting the product.

Adaptation and Mentoring

At the company level, we have developed a process for onboarding new employees during the first three months, mentorship and supervision programs. During this period, the employee must first understand how and with what tasks he will have to work, to whom he can turn on a particular issue. We have created a newcomer journey map that highlights key points - getting to know people, processes and tasks, learning through practice, with the help of distance courses and immersion in the knowledge base, calibration meetings in the middle and at the end of the probationary period. Employees see this journey map from the very beginning, and during the process they receive reminders about its various stages and pulse surveys.

The manager modifies the onboarding plan for a specific role or even an employee, and then monitors its implementation, guides the newcomer on tasks and goals, gives and receives feedback. There are checklists, guides and even courses to help the manager, for example, on conducting meetings and providing feedback. These are concise but detailed materials with sample questions and specific tips that help build trusting relationships and objectively assess how well the company and the employee are suited to each other.

If the manager helps to integrate directly into the work process, then the curator has an equally important role — he provides emotional support, motivates, and shares experience on an equal footing. Sometimes a newcomer is shy to ask questions that are of great importance to him — unwritten rules in the team and office procedures, actual working hours and workload, non-working activities and other informal communication with colleagues, such as lunch, chats, and tools. The curator should become someone who is not afraid to ask for help and advice, and also proactively inquire whether the mentee has all the necessary information, equipment, and access, ensuring that he is included in the processes.

In turn, curators also need support — not only with materials and checklists but also in time management, motivation, and balancing primary and additional activities. This approach to adaptation requires multifaceted and constant work, but it is worth it — new employees quickly understand whether the company suits them, smoothly immerse themselves in work, and start showing results earlier.

Training

Although the new employee is accompanied at all stages of adaptation, it is important that he himself understands his path well. Checklists help with this. It opens with organizational points, such as obtaining access to information resources and work tools. The next step is getting to know the company, its divisions and structure, all products, services, and technologies. At this point, the general checklist smoothly transitions into immersion in the specific product with which he will work.

For example, a new NGFW analyst starts by studying the concept of creating and developing this class of products, and then specifically Solar NGFW and Solar webProxy, on the basis of which the next-generation firewall was built: their architecture and functionality, the fundamental differences between the two classes. At the same time, the employee studies the basics of network security through a basic online course. The next step is to study the product roadmap. Then the newcomer studies the capabilities of Solar NGFW on the stand, for which he performs an exercise - independently deploys it on the stand on OpenStack.

Our task is not only to give the employee knowledge about the product, but also to teach him to independently find information, seek support at the address. Such sources include internal product chats, knowledge bases, regulations, and FAQs. In addition, we accumulate the experience of the "Solar" team and use articles and columns written by our colleagues - practicing specialists - as training materials.

By the way, we conduct training not only for our employees, but also for partners, as well as for end users - NGFW administrators. The training cycle includes both the basics of network security and the specific features of Solar NGFW. Training of customers and partners is carried out on the basis of an authorized training center, with testing and certification. We are now launching the first groups, building processes, and putting them on stream. From next year, the training track for both clients and partners will become an integral part of the onboarding program for our product.

Flexibility

The learning process in our team is not highly formalized — we try to provide a foundation depending on what the specialist already knows. This way we optimize the time and resources of mentors, as well as maintain the interest of the newcomer.

We also approach the processes of interaction within the team flexibly — adapting them as it grows. Of course, we adhere to the best agile practices, conduct short dailies, two-week sprints, retrospectives, and so on. However, we remember that these are just tools, and they are not the main thing in team interaction. At the forefront for us is the transfer of expertise.

A broad view on motivation

Today, IT and IB companies are competing for promising talent and even more so for qualified specialists, trying to offer the most interesting financial conditions. This is an integral part of motivation, but competition only on this parameter has its limit. Moreover, in our profession, this is far from the only factor in decision-making.

I believe and have repeatedly been convinced by experience that for a good specialist, it is important what tasks he solves, how interesting they are personally for him and relevant in general, whether he receives professional development in his place of work, and whether there is a clear track for growth.

NGFW, although not a new product, is bright and well-known. It can definitely be said that it is in focus in the Russian market today. Speaking of Solar NGFW, the product was released a year and a half ago, developing on schedule with its own production forecasts. We have decided to open the product development roadmap to customers and are in close contact with them — we study their needs and pains, collect feedback, functional requirements, adapt the solution to their existing architecture. Our team does interesting and rewarding work, and specialists see the results of their labor — they see the product develop before their eyes, which protects the largest companies in key industries, forming the basis of the country's cybersecurity infrastructure. By offering such an opportunity and even opening it up to not the most experienced, but willing to learn specialists, it will be possible to attract people who are truly passionate about their work to the team, and this team will be able to develop a quality product.