US company Splunk specialises in making machine data accessible, usable and valuable. The company is growing at high double-digit rates every year and its platform is used by 5,200 customers, including more than 50 of the Fortune 100. DJ Skillman leads Splunk’s technology and growth strategies in EMEA. He has technical experience of scaling the platform to handle large sites generating multiple terabytes of machine data every day.
Tell me about your current role and how you ended up there.
I’m senior director for technology services for EMEA, which involves managing all the sales engineers, professional services, and education for Europe, the Middle East and Africa. I’ve been at Splunk five years and I started over in San Francisco at our headquarters. I started in business development and started the partnerships with people like Palo Alto Networks and BlueCoat. I came out of Juniper Networks before here.
Have you ever held any IT roles within companies?
I’ve historically been vendor-side but everyone I’ve typically sold to was in IT. My customers have always been CIOs and the folks in the data centre.
I spent a lot of time in HTTP and load balancing. I recently just got a patent – Juniper still has it – that came through. I was always doing technical things and focused on the IP [internet protocol] organisations and how different technologies could help organisations be better – for example, how to deliver web pages faster – and it segued very well into Splunk.
I was actually going to OEM Splunk into my product line at Juniper. We had a tremendous amount of data and nowhere to put it, so I saw the value early on.
You have a degree in economics and you’ve also been deeply involved in the technical side of things: how do you reconcile the two when they seem like very different disciplines?
I would always say that I would tend towards more of the business side of things than the technical, because technology in and of itself is cool and features are cool, but unless it drives value, then it’s just cool for cool’s sake, which is nice but it’s academic.
There are some very clear-cut use cases where we can reduce downtime and speed up things and make teams more efficient and you can drive easy value to and then different use cases that people haven’t quite got their head around.
We can look at taking information from web servers and using that to drive value for the marketing team. There’s usually some value involved.
There’s a lot said about technical people maybe lacking a sense of the bigger picture of the business goals – how do you address that, short of doing an economics degree?
Sometimes I think there’s a lot of personality involved. There’s a lot of folks that may not want to [be more business-focused].
We’ve helped customers who have been in that grind where they were a cog in the wheel but didn’t really shine. We gave them Splunk and they were able to become visible rock stars, they could go to a CIO or CTO and say, ‘I just spent 10 minutes on this and I found something amazing you might want to look at’.
It’s been said that IT people tend to think of themselves as ‘working in IT’ rather than working for a bank, and insurance company, or utility. What do you think can be done to change that?
There is sometimes a wall between the technical and business folks where there’s a translation problem and they don’t always see eye to eye.
What I would say is, there would be no security if there wasn’t an application, and there would be no application if there weren’t users. Take a step back, and ask ‘why does my bank pay me to do security every year and why am I here’ outside of, ‘I think security is fun?’
Increasingly, CIOs and heads of IT need to make their roles more strategic. By giving senior management timely information, will that make them – to use your phrase – rock stars?
It’s one of the ways, and so it does segue into what Splunk provides to the organisation. Most people spend their time putting out fires right now because that’s the way businesses have been built.
In reality, I’ve got tearful engineers that are essentially doing help-desk work because [their] apps are down and they’re the only ones who know how to find these problems. The company was founded on the concept of there being too much information in too many places and IT doesn’t have time to look for it.
The volume of data that machines are kicking out right now is terabytes a day. You might know the answer is in this data set today and manually looking, or using search, it could take hours to find something that you know exists. Sometimes you don’t know it exists or you have to pivot multiple times.
As a trained economist, do you have a better appreciation of what this kind of tool can do?
I think the exciting part, for me, is when customers find new use cases that we never thought of. Or the thought existed – there was a gut feel but they couldn’t quite put their finger on it. Now, if you have Splunk and you turn everything on, you can talk to a CIO or CTO and say, ‘imagine any question you wanted to ask of your infrastructure, is that interesting to you?’ The data is there. Whether you have Splunk or not, this data exists.
Do you think this area points to the future of IT, where it’s less about solving hardware and infrastructure problems and more about providing business with answers and information?
I think it definitely does … If you go on an online business, or online banking for example, there’s a really good chance some of this information is going to be machine data.
The people we’ve seen be very successful are the technical folks that get the business value. A lot of them didn’t even know they could do that. A lot of them think, ‘I’ve been trained to keep the lights on’.
What are the kinds of insights that big data promises, and what are the actual benefits it brings to business?
Maybe you can start measuring customer satisfaction in new ways – with different data sources you can start asking those questions.
The obvious big ones are around IT operations: keeping the lights on, better service level agreements, things like that. A big chunk of our use case is security: finding the unknowns.
That’s the big use case that people have right now: to truly go after things like advanced persistent threats that historical [facing] devices can’t look at. A very simple question is, ‘can you tell me the times this IP address has talked to my network?’
Specifically, in the security space, we see a lot about using big data to counter risks and understand threats – can you explain how that works in practice?
I would argue that a lot of that knowledge previously came from SIEMs [security information and event management systems]. What they historically did was look at known bad events – and you should look at that – but there’s historically been a lot of data thrown on the ground.
The data sets change and so they end up looking for these known threats. The problem is that attackers – who are better than script kiddies – are going to come in with an active attack …someone banging on the door and you’ll get beaten up if you don’t have patches and firewalls.
The largest thing I would worry about is somebody getting valid credentials – whether that’s an employee doing something malicious or someone hacked internally. No SIEM would see that as an attack because, for example, DJ Skillman logged in with his ID.
With something like Splunk, that question wouldn’t take as long, being able to mitigate those risks by learning how people came in, and build on those threats and keep teaching the engine based on patterns you’ve seen, I would say, always be aware there’s going to be some new way people came in that nobody thought of. The information does exist but there’s historically not been many ways to get an answer in a reasonable amount of time.
DJ Skillman will be in Dublin on Wednesday, 20 March, as a guest of Integrity Solutions. He will be speaking at an event in the Cliff Townhouse on St Stephens Green about big data and what it means for information security and IT operations.