From Operator to Agent Manager: What Network Engineers Become Next

The Old On-Ramp Was Never Going to Work

I’ve been saying for the last 10 years that within the next three years, network automation will be the only way to do things. And every year I move the goalposts forward, because the data hasn’t caught up to the rhetoric. Despite a decade of scripts, YAML, Ansible, Terraform, Net DevOps, and every framework we threw at the problem, roughly 70 percent of enterprise networks are still manual.

The story we’ve been telling ourselves is that those teams just haven’t gotten with the program. I don’t think that’s right. I think the on-ramp was always the problem.

To automate the network the old way, we asked a 25-year network engineer to also become a proficient Python developer. To learn Git, learn Postman, learn VS Code, learn YAML, learn JSON, learn how to write Ansible playbooks that would survive production. We asked them to get good at all of that on top of the job they already had. Which was, roughly, keeping the network up so that nobody noticed it was there.

The best day a network engineer can have is the day nobody calls them. We built the entire role around stability, fidelity, and predictability. And then we asked the same people to ship production-grade software on the side. The math was never going to work.

Configs by Hand Are a Solved Problem

What changed is the interface. Not the model. Not the tooling. The interface.

When I work with NetClaw or with a FlowAgent, I don’t write a Python script. I don’t write YAML. I describe what I want in plain language and the agent figures out the rest. The expertise I built over 15 years as a network engineer is still doing the work. It just isn’t getting filtered through a programming language I never went to school for.

This is the part that I think a lot of people are missing. Writing configs by hand is a solved problem. Not because configs don’t matter, but because no human should be the one typing them in. Every time a human writes a config by hand, we introduce a human problem into it. Fat fingers. Missed steps. Two notepad files instead of one. Half an HSRP pair configured. We’ve all lived through it. I’ve caused my share.

The point of network automation was always to take that out of the human’s hands. We just couldn’t make the on-ramp easy enough for most teams to get there. Now we can.

The Role Is Changing. The Job Isn’t Going Away.

Here’s where I think the next decade of network engineering actually heads. Network engineers don’t disappear. They become the people who build, manage, and direct agents.

Each engineer is going to run a fleet. Five agents. Ten agents. Each one with a job. One does documentation. One does compliance. One runs your testing. One triages tickets. One is read-only, gathering the data the others need. The engineer’s job is to define those agents, give them the right guardrails, watch their work, and grow their scope over time.

Jensen Huang said something prophetic about a year ago, that the future of IT is an HR department for agents. I think he’s right. And I think network engineers are particularly well-positioned for it, because we already think this way. We already troubleshoot in layers. We already build with redundancy. We already work in environments where one mistake can take down a business. Managing agents is going to feel more familiar to a senior network engineer than it will to almost anyone else in IT.

Graduated Trust, Not Big-Bang Autonomy

If you’re worried about handing the keys to an agent on day one, don’t. That’s not how this should go.

Start read-only. Documentation. Compliance. Source-of-truth reconciliation. Testing. Triage. None of those activities touch production. All of them deliver value the moment you turn the agent on. If you’ve ever asked a junior engineer to spend their first two weeks updating the Visio against the live network, you already know how to do this. Hire the agent, give it read-only access, let it do the work nobody on your team has had time to do.

Then let it earn trust. After a quarter of clean documentation runs and compliance checks, maybe it gets to propose changes that a human approves. After two quarters of that, maybe it gets to make the change and then prove it worked. After a year, maybe it closes simple tickets on its own. The maturity model is graduated. The same way you’d onboard a new engineer.

What makes this work isn’t the agent. It’s the platform around it. Audit trails, role-based access, fine-grained tool permissions, OAuth-bound agent-to-agent calls, rollback. That’s what turns an agent from a science project into something you can actually run in an enterprise. Itential is in this business specifically because that platform layer is the hard part, and it’s the part that has to be built in from the start, not bolted on later.

This Is Not Job Loss. It Is Leverage.

I get this question a lot. Are the agents going to take my job?

I think about Excel. When Excel showed up, we didn’t lose accountants. We elevated them. The tedious work, the manual reconciliations, the line-by-line calculations, went to the spreadsheet. The accountants went up. They became strategic. They started running the financial direction of their companies instead of footing columns.

I think the same thing is going to happen to network engineering, and I think it’s going to happen faster than most of us expect. That’s the work the on-ramp was always supposed to free us up for. Now we have one that actually works.

Where to Start

If you’re a network engineer who has been waiting to get into this, here is what I’d tell you. Don’t wait. The train is still really close to the station. Spec-driven development is six months old. Model Context Protocol is just over a year old. ChatGPT 3.5 hit in November 2022. We are barely into this.

Pick one read-only use case. Documentation, testing, compliance, whatever the thing is your team has been meaning to get to for three years. Build an agent that does that one thing. Watch it work. Then build the next one. That’s how the role changes. Not all at once, but one agent at a time.

And come hang out in the VibeOps Forum. It’s where the people doing this work are sharing what they’re building. No judgment, no gatekeeping. Just engineers figuring out the next era of the role together.

I’ll see you there.

Listen to the Full Conversation

This post distills the argument from my recent appearance on IT Visionaries with Chris Brandt. Watch the full episode on YouTube or read the episode summary.