Telecommunications operators face an unprecedented technological transformation. The transition from traditional network infrastructures to cloud native architectures, 5G network deployment, network function virtualization, and edge computing — these are just the beginning of changes redefining the industry. For IT and L&D departments in telecommunications companies, this means one thing: the urgent need to recalibrate the competencies of technical teams. The competency gap in cloud native, Kubernetes, or 5G security can cost not only operational efficiency but also competitiveness in a market transitioning to new technological standards.
Quick navigation
- Telco transformation: Operators are transitioning from hardware-based to software-defined networks (NFV→CNF, 5G core cloud native, Open RAN, edge computing)
- Key competencies: Kubernetes and containers, SDN/NFV, DevOps/NetOps, 5G security, network automation, data analytics
- Roles to train: Network engineers (cloud native networking), IT ops (Kubernetes, CI/CD), security teams (5G threat landscape), management (5G strategy)
- Cloud native in telco: 5G core deployed as Cloud Native Network Functions (CNF) — different model than traditional VNF, requires deep knowledge of Kubernetes and microservices
- 5G Security: New attack vectors — network slicing isolation, edge computing attack surface, API security in cloud native
- Training plan: From fundamentals (containers 101) through advanced (Kubernetes for telco, CNF lifecycle) to specializations (5G security, Open RAN)
- ROI: Trained team = faster 5G deployments, lower OPEX (automation), fewer downtimes, better time-to-market for new services
Digital transformation in telecommunications — what’s changing
The telecommunications sector is transitioning from a model based on dedicated hardware (appliances) to Software-Defined Networks and virtualization. Just a few years ago, a typical operator relied on physical devices supplied by vendors (Ericsson, Nokia, Huawei) — each network function required separate hardware. Today, this model is undergoing radical change.
Network Functions Virtualization (NFV) began this transformation, moving network functions (firewall, load balancer, NAT, routing) to virtual machines running on commodity hardware. However, NFV, based on virtual machines, proved to be only a transitional step. Currently, the industry is moving to Cloud Native Network Functions (CNF) — network functions built as microservices running in containers and orchestrated by Kubernetes.
In parallel, 5G network deployment is changing core network architecture. 5G Core was designed from the ground up as cloud native — it consists of microservices (AMF, SMF, UPF, AUSF, etc.) that communicate through service-based interfaces (HTTP/2). This is a fundamental change compared to 4G LTE, where functions were monolithic. For technical teams, this means the need to understand not only telecommunications protocols but also the cloud native ecosystem: Kubernetes, service mesh (Istio, Linkerd), CI/CD pipelines, observability.
Open RAN (Open Radio Access Network) is another trend changing the landscape. Traditionally, RAN was the domain of closed, proprietary vendor solutions. Open RAN introduces open interfaces and disaggregation: Radio Unit (RU), Distributed Unit (DU), and Centralized Unit (CU) can come from different suppliers. This gives operators flexibility but also requires competencies in integrating heterogeneous systems and multi-vendor orchestration.
Edge computing is becoming a natural extension of 5G networks. The low latency promised by 5G requires data processing close to end users — hence the deployment of applications and network functions at the network edge (edge locations). For IT, this means managing hundreds or thousands of distributed Kubernetes clusters, which requires new approaches to orchestration, security, and monitoring.
In summary: telecommunications operators are essentially becoming cloud providers and software companies. Infrastructure-as-Code, GitOps, continuous deployment — practices known from the software industry are becoming standard in telco.
Key IT competencies for telecommunications operators
Technological transformation in telco requires new competencies. Here is a map of key areas that should be included in L&D training strategy:
Cloud native and containerization
Kubernetes has become the de facto orchestration standard in telco. 5G Core, CNF, edge applications — everything deployed on Kubernetes. Teams must understand:
- Kubernetes basics: Pods, Deployments, Services, ConfigMaps, Secrets
- Kubernetes networking: CNI plugins (Multus for multiple network interfaces in telco), Network Policies
- Storage: Persistent Volumes, CSI drivers
- Observability: Prometheus, Grafana, distributed tracing
- Security: RBAC, Pod Security Standards, network segmentation
Containers and Docker are the foundation, but in the telco context, these are also important:
- Real-time performance tuning (SR-IOV, DPDK for high-performance networking)
- Container resource management (CPU pinning, NUMA awareness)
- Image security and vulnerability scanning
Software-Defined Networking (SDN) and NFV
Although the industry is moving to CNF, a large part of the infrastructure is still based on NFV. Required competencies:
- NFV MANO: Management and Orchestration (ETSI NFV framework) — VIM, VNFM, NFVO
- SDN controllers: OpenDaylight, ONOS — programmable traffic flow management
- Virtual switches: Open vSwitch (OVS), Vector Packet Processing (VPP)
- Service chaining: creating network service chains (firewall → load balancer → DPI)
DevOps and NetOps (DevNetOps)
Traditionally, network operations were the domain of manual configuration and change management board approvals. Cloud native networking changes this to:
- Infrastructure as Code: Terraform, Ansible, Crossplane for declarative infrastructure management
- GitOps: Flux, ArgoCD — Git as single source of truth for network configuration
- CI/CD for CNF: Jenkins, GitLab CI, Tekton — automated testing and deployment of network functions
- Network automation: Python + Netconf/RESTCONF, Ansible network modules, NAPALM
5G and cloud native security
5G introduces new attack vectors:
- Network slicing security: Isolation between slices (enterprise vs consumer vs IoT)
- Edge computing security: Attack surface distributed across hundreds of edge locations
- API security: 5G Core communicates through HTTP-based APIs — threat modeling, OAuth2, rate limiting
- Zero Trust architecture: Micro-segmentation, service mesh security (mTLS between services)
- Supply chain security: Multi-vendor Open RAN — how to ensure component integrity
Data analytics and AI/ML
5G generates huge amounts of data. Network monetization and optimization require:
- Network analytics: Real-time monitoring KPI (throughput, latency, packet loss)
- Predictive maintenance: Machine learning for predicting equipment failures
- Anomaly detection: Detecting unusual traffic patterns (potential DDoS attacks, fraud)
- Big data platforms: Kafka, Spark, Flink for stream processing
Automation and orchestration
The scale of operations in a 5G network requires automation:
- Closed-loop automation: Event detection → decision → action (without human intervention)
- Intent-based networking: Declaring “what” (desired state), not “how” (imperative commands)
- Multi-domain orchestration: Managing end-to-end services spanning core, RAN, transport, edge
IT training map for a telecommunications company
Different roles require different competencies. Here is an example training map grouped by positions:
| Role | Foundational Skills | Advanced Skills | Specializations |
|---|---|---|---|
| Network Engineers | - Containers & Docker basics - Kubernetes fundamentals - Linux networking | - Kubernetes networking (CNI, Multus) - CNF deployment & lifecycle - Service mesh (Istio) | - 5G Core architecture - Open RAN - High-performance networking (SR-IOV, DPDK) |
| IT Operations | - Infrastructure as Code (Terraform) - CI/CD fundamentals - Kubernetes for operators | - GitOps (Flux, ArgoCD) - Kubernetes operators - Helm charts | - Multi-cluster management - Observability (Prometheus, Grafana, Jaeger) - Disaster recovery & backup |
| Security Team | - Cloud native security basics - Kubernetes security - Zero Trust principles | - 5G security architecture - API security & threat modeling - Network segmentation & micro-segmentation | - Penetration testing 5G/CNF - Security automation (policy as code) - Threat intelligence & incident response |
| DevOps Engineers | - Python automation - Ansible - Jenkins/GitLab CI | - Tekton/Argo Workflows - Crossplane - Network automation frameworks | - CNF CI/CD pipelines - Test automation for network functions - Chaos engineering |
| Data Engineers | - Big data fundamentals - SQL & Python - Data pipelines | - Kafka & stream processing - Spark, Flink - Time-series databases (InfluxDB, Prometheus) | - Network analytics use cases - ML for telco (predictive maintenance, anomaly detection) - Real-time dashboards |
| Management & Architects | - Cloud native overview - 5G business & technology intro - Digital transformation strategies | - 5G architecture deep dive - Open RAN ecosystem - TCO modeling cloud native vs legacy | - Strategic technology roadmapping - Vendor evaluation frameworks - Regulatory & compliance (GDPR, NIS2) |
The key is gradation: from fundamentals (containers 101) through practical workshops (deploy 5G Core testbed on Kubernetes) to specialized certifications (Certified Kubernetes Administrator, 5G specialist certifications).
Cloud native and Kubernetes in telco — why it’s critical
For someone with a traditional telco background, the transition to cloud native can be disorienting. How does CNF (Cloud Native Network Function) differ from VNF (Virtualized Network Function)?
VNF (old model)
- Based on virtual machines (hypervisor: KVM, VMware)
- Often monolithic (one VM = one network function)
- Lifecycle management through NFV MANO (VIM, VNFM)
- Scalability: vertical (larger VM) or horizontal (more VM instances)
- Long deployment times (minutes to boot VM)
CNF (new model)
- Based on containers (Docker, containerd)
- Microservices — network function consists of many small, independent services
- Lifecycle management through Kubernetes (Deployments, StatefulSets) + Operators
- Scalability: horizontal (scale-out Pods) with fast response (seconds)
- Faster time-to-market: CI/CD pipelines, rolling updates without downtime
5G Core cloud native is not just a buzzword. 3GPP specification 5G Core (Release 15+) assumes service-based architecture (SBA), which naturally maps to microservices. For example:
- AMF (Access and Mobility Management Function) — registration handling, mobility management
- SMF (Session Management Function) — PDU session management
- UPF (User Plane Function) — user data packet forwarding
- AUSF (Authentication Server Function) — user authentication
Each of these components is a separate microservice (or set of microservices). They communicate through HTTP/2 RESTful APIs. They are deployed as Helm charts on Kubernetes. This is a fundamental paradigm shift for network engineers accustomed to configuration through CLI or proprietary management systems.
Why Kubernetes is essential:
- Orchestration: Automatic deployment, scaling, healing (restart failed Pods)
- Service discovery: Microservices must find each other dynamically — Kubernetes Services + DNS
- Configuration management: ConfigMaps and Secrets for environment-specific config
- Rolling updates: Deploy new CNF version without downtime (strategies: RollingUpdate, Blue-Green, Canary)
- Multi-tenancy: Network slicing in 5G requires isolation — Kubernetes namespaces, Network Policies, Resource Quotas
Without deep knowledge of Kubernetes, telco teams will not be able to effectively operate modern network infrastructure. This is not an optional skill — it’s a core competency for the future of the industry.
5G cybersecurity — new threat vectors
5G doesn’t just speed up the internet. It also introduces new security challenges that didn’t exist (or were less critical) in 4G/LTE:
Network slicing isolation
5G allows creating logical networks (slices) on shared physical infrastructure. Enterprise slice, consumer slice, IoT slice — each with different SLA requirements and security posture. Problem: how to ensure complete isolation between slices? An attack on the IoT slice cannot affect the critical enterprise slice. This requires:
- Micro-segmentation at the network level (Network Policies in Kubernetes)
- Least privilege access rules (RBAC)
- Monitoring cross-slice traffic patterns (anomaly detection)
Edge computing attack surface
In 4G, most processing happens in centralized data centers. 5G with edge computing moves workloads close to users — to hundreds of distributed edge locations. Each edge location is a potential attack point:
- Physical security: Edge sites may be less physically secured than central DCs
- Lateral movement: Compromised edge node can be a stepping stone to core network
- Supply chain: Edge hardware/software from multiple vendors — how to ensure integrity?
Mitigations:
- Zero Trust architecture: Every connection authenticated and authorized (mTLS)
- Remote attestation: Verifying integrity of edge nodes before allowing into network
- Security automation: Central policy enforcement and monitoring of hundreds of edge sites
API security in cloud native 5G Core
5G Core communicates through HTTP/2 APIs (Service-Based Interfaces). This is convenient for integration but also introduces new risks:
- API abuse: Rate limiting, throttling to prevent DoS
- Authentication & authorization: OAuth2, mutual TLS between microservices
- API gateway security: WAF, input validation, threat detection
- API discovery & inventory: Awareness of all exposed APIs (many microservices = many APIs)
Roaming and interconnect security
5G increases international roaming and inter-operator connectivity. More interconnects = larger attack surface:
- IPX security: Inter-operator connections through IP eXchange providers — requires encryption and authentication
- Signaling security: Protection against SS7-style attacks (in 5G: diameter/SBI signaling)
- Data sovereignty: GDPR compliance during roaming between countries
Supply chain & multi-vendor risk
Open RAN brings benefits (vendor diversity, cost reduction) but also risks:
- Backdoors in components: How to verify integrity of RU/DU/CU from multiple vendors?
- Software updates: Managing patches from multiple suppliers without introducing vulnerabilities
- Compliance: Regulatory requirements (e.g., 5G Cybersecurity Act in EU)
Security teams must understand not only traditional network security but also:
- Cloud native security patterns (Pod Security Admission, Falco for runtime security)
- DevSecOps: Security embedded in CI/CD (SAST, DAST, SCA)
- Telco-specific threat modeling: STRIDE analysis for CNF, attack trees for 5G architecture
Case study — how a telecom operator reskilled their team
Context: A medium-sized telecommunications operator in Central Europe with ~5 million subscribers planned to deploy a 5G SA (Standalone) network. Problem: the team consisted of network engineers with experience in 2G/3G/4G (traditional hardware-based networks) but had zero exposure to Kubernetes, microservices, or CI/CD.
Challenge: Deploy 5G Core (cloud native) within 18 months. Requirement: 80% of the team (25 people) must be able to operate cloud native infrastructure by go-live.
Training plan (implemented by EITT and partners):
Phase 1: Foundations (months 1-3)
- Kubernetes fundamentals (3-day workshop) for all network engineers
- Docker & containers basics (2-day online course)
- Linux administration refresh (1-day bootcamp — part of the team had gaps in Linux skills)
- Python scripting for network automation (2-day workshop)
Phase 2: Telco-specific skills (months 4-8)
- 5G architecture overview (2-day workshop, vendor-agnostic)
- CNF deployment hands-on (3-day, deploy test 5G Core on Kubernetes testbed)
- Kubernetes networking for telco (2-day: Multus, SR-IOV, secondary networks)
- Service mesh basics (Istio) — 1-day intro
- CI/CD for CNF (2-day: GitLab CI pipelines, automated testing)
Phase 3: Advanced & specialization (months 9-15)
- Kubernetes for operators: advanced (CKA preparation, 5-day workshop)
- 5G security deep dive (2-day workshop with threat modeling exercises)
- Observability & troubleshooting (Prometheus, Grafana, Jaeger) — 3-day hands-on
- GitOps (Flux) — 1-day workshop
- Real-world project: team divided into 3 groups, each deploys part of 5G Core (AMF, SMF, UPF) on shared Kubernetes cluster — mentoring by senior architects
Phase 4: Go-live preparation (months 16-18)
- Runbook development: creating operational procedures for common scenarios (scaling, updates, incident response)
- Chaos engineering exercises: deliberately introducing failures in testbed (kill Pods, network partitions) and practicing team response
- Vendor-specific training: 2-day workshops with vendors of 5G Core and RAN equipment
- Shadow operations: Team observes and collaborates with vendors during pilot deployment
Results:
- 95% of the team completed the training program (24/25 people)
- 12 people obtained CKA (Certified Kubernetes Administrator)
- 5G SA network launched according to plan (month 18)
- Time-to-resolution of incidents 40% faster than in legacy 4G network (thanks to better observability and automation)
- Zero critical outages in the first 6 months of production (partly thanks to team training in chaos engineering and proactive monitoring)
Lessons learned:
- Hands-on practice beats theory: The team most appreciated workshops with practical exercises (deploy, troubleshoot, break & fix)
- Gradation: Starting with foundations (Kubernetes 101) before moving to advanced topics was crucial — trying to jump into the deep end resulted in frustration
- Real-world projects: Working on deployment of part of 5G Core (even in testbed) gave much more than theoretical courses
- Continuous learning: After go-live, established “learning hours” — 4h/week for self-study, participation in webinars, experiments with new technologies
How EITT supports the telecommunications sector
EITT has been working with telecommunications operators and technology companies in the telco industry for years, providing training tailored to the specific challenges of the sector. Our offer includes:
Cloud native training for telco
- Kubernetes for Telecom: Workshops dedicated to telco use cases — networking (Multus, SR-IOV), high-performance computing, stateful applications
- CNF Development & Operations: From creating containerized network functions through deployment on Kubernetes to lifecycle management
- Service mesh in telco environment: Istio, Linkerd — traffic management, security, observability for microservices-based 5G Core
5G technology training
- 5G Architecture & Protocols: Deep dive into 5G Core (SBA), RAN architecture, protocols (NAS, NGAP, GTP-U)
- 5G Security: Threat landscape, security architecture (SEPP, network slicing isolation), best practices
- Open RAN: Architecture, interfaces (O-RAN Alliance specs), multi-vendor integration
DevOps & automation
- Infrastructure as Code: Terraform, Ansible, Crossplane — managing telco infrastructure declaratively
- CI/CD for network functions: Building pipelines (Jenkins, GitLab CI, Tekton) with automated testing (unit, integration, performance)
- GitOps: Flux, ArgoCD — Git as single source of truth, continuous reconciliation
- Network automation with Python: Scripting, Netconf/RESTCONF, integration with SDN controllers
Security
- Cloud Native Security: Kubernetes security (RBAC, Network Policies, Pod Security), container security, supply chain security
- Zero Trust Architecture: Implementing Zero Trust in telco environment, micro-segmentation, mTLS
- Penetration testing 5G/CNF: Hands-on workshops with threat modeling and security testing of 5G deployments
Certifications
Preparation for industry certifications:
- Certified Kubernetes Administrator (CKA) / Certified Kubernetes Application Developer (CKAD)
- Certified Kubernetes Security Specialist (CKS)
- AWS Certified Solutions Architect / Azure Solutions Architect (for telco workloads in public cloud)
- Vendor-specific: Nokia, Ericsson, Cisco certifications
Company-tailored training program
EITT doesn’t just offer “off-the-shelf” courses. We understand that each operator has a unique tech stack, legacy systems, and specific business priorities. That’s why we work with L&D and CTO teams to create:
- Competency assessment: Audit of current team competencies (gap analysis)
- Learning paths: Development paths for different roles (network engineers, IT ops, security, management)
- Custom workshops: Hands-on training on your infrastructure (lab environment mirroring production)
- Mentoring & coaching: Long-term support during transformation journey (not just training, but also advisory during deployment)
Why EITT?
- 500+ experts with experience in telco industry, cloud native, and cybersecurity
- 2,500+ trainings conducted for IT and telco companies in Poland and Europe
- 4.8/5 average rating from participants — focus on practical, hands-on learning
- Industry partnerships: Collaboration with vendors (Kubernetes, CNCF ecosystem) and telecommunications operators — we know real-world challenges
Interested in building cloud native and 5G competencies in your team? Contact us — we’ll discuss your needs and create a dedicated training program.
FAQ
Can a team of network engineers without IT/cloud experience learn Kubernetes?
Yes, but it requires a structural approach. We recommend starting with fundamentals: Linux administration, container basics (Docker), only then Kubernetes. In our experience, network engineers have a natural advantage in understanding Kubernetes networking (concepts like routing, firewalling are familiar), but they need time to get comfortable with the declarative model (YAML manifests, desired state) vs imperative (CLI commands). Typically, 3-6 months of gradual learning (foundations → intermediate → advanced) provides a solid foundation.
What are the most important trainings for a team starting cloud native telco transformation?
Top 3 priorities:
- Kubernetes fundamentals — absolute must-have, foundation for everything else
- 5G architecture overview — even if you’re not deploying 5G yet, understanding where the industry is headed helps with planning
- Infrastructure as Code (Terraform/Ansible) — ability to manage infrastructure declaratively (not manual config) is a game-changer for operations
After these three: CI/CD, observability, security — depending on immediate needs.
How long does it take to reskill a team from legacy telco to cloud native?
Depends on team size, baseline competencies, and program intensity. From our case studies: 12-18 months is a realistic timeline for comprehensive reskilling (from zero cloud experience to operational readiness in cloud native 5G). Can be accelerated to 9-12 months if the team already has some exposure to cloud/Linux. Key: this is not “send to training and done” — requires continuous learning, hands-on practice, real-world projects.
Are certifications (CKA, CKAD) necessary, or are internal trainings sufficient?
Certifications are not necessary, but they are very valuable:
- Competency validation: External verification that a person has mastered the material (not just internal assessment)
- Motivation: A goal to achieve mobilizes learning
- Recruitment: When expanding the team, certifications help in evaluating candidates
- Industry recognition: CKA is an industry-recognized standard
On the other hand: certification without practical experience is just paper. Combination of training + hands-on practice + certification = optimal outcome.
How to measure ROI from investment in IT training for a telco team?
Metrics to track:
- Time-to-deployment: How quickly the team deploys new features/services (before vs after trainings)
- Incident resolution time: Average time to resolve incidents (better competency = faster diagnosis and fix)
- Automation rate: % of automated operations (trained team can write automation scripts)
- Downtime reduction: Fewer downtimes thanks to better proactive monitoring and incident response
- Employee retention: Teams that develop rarely leave (cost of recruitment > cost of training)
- Vendor dependency: Reduction of external consultant/vendor costs (team operates infrastructure themselves)
For example: one of our clients (telco operator) measured 30% reduction in OPEX within 2 years after implementing automation & cloud native training (less manual work, faster deployments, less vendor lock-in).
Prepare your team for the future of telecommunications
Telco transformation from hardware-centric to software-defined, from monoliths to microservices, from manual operations to full automation — this is not a trend, it’s reality. Operators who invest in their team’s competencies today will be leaders in 5G and beyond tomorrow. Those who delay risk vendor lock-in, high OPEX, and slower time-to-market.
Building cloud native and 5G competency is not a simple task — it requires strategy, time, and the right educational partner. EITT has experience, experts, and a track record in the telecommunications sector. If you are responsible for competency development in a telco company and are looking for a partner to guide your team’s skill transformation — let’s talk.
See full IT training offer or contact us to discuss a dedicated program for your organization.
Read Also
- FinOps in the Cloud - How Training Can Save Millions
- FinOps in the Cloud - How Training Can Save Millions
- ‘Cloud Native: designing and deploying applications in the cloud’
Develop Your Skills
This article is related to the training Kubernetes & Cloud Native Associate (KCNA) - Certification Preparation. Check the program and sign up to develop your skills with EITT experts.