In the next installment of our Meet the Doers series, we highlight Nate Plamondon.
Nate Plamondon is helping protect Arizona State University from fraud, cyberattacks and other threats on a daily basis as a Splunk architect. The Arizona native was first introduced to Splunk about four years ago while working as a systems administrator at Arizona State University, and was intrigued by its potential. When ASU had an opening for a Splunk administrator, Nate decided to give it a shot. Now as ASU’s Splunk architect, he is on the front line of IT security, and is imparting his wisdom to a new generation of student Splunk admins.
I recently sat down with him to discuss how Splunk is protecting the university from fraud and cyberattacks.
What are the business challenges you face as a Splunk architect at ASU?
It runs the gamut from security to using our data in the big-picture sense, like looking for academic integrity violations. Things like someone badging in at the rec center, but they’re also taking a test from Mumbai. We have an eye on VPN connections and we can see when you connect from two different places. So those are big red flags for our security team.
Do you have any specific metrics that you could share with some of your achievements?
We were the victims of payroll fraud for a very long time — basically a targeted phishing attack. These people would get into our system, crack someone's password, and log in just enough to make sure they could get to the person's payroll account right before pay period. Then they’d get all of their money, so that the employee didn’t get paid. ASU is self-insured, so we would just have to cut them another check and eat that loss.
We were losing around $60,000 dollars a month in payroll fraud. So we developed this dashboard and a corresponding report that goes out to HR before payroll runs, and it basically breaks down all direct deposit changes by “out of country,” “out of state,” and “in-region,” based on whether you're an employee or a student worker. It got to the point where we were no longer being hit by this group because we kept stopping them and they just gave up. Now HR will actually not run payroll without it. So when people tell me that Splunk is expensive, I tell them that I'm saving $60,000 dollars a month with it, and it's not expensive.
Are there any stories you can think of where you literally saved the day using Splunk?
We're a frequent target of DDoS attacks. So my security network teams use it fairly often to figure out a way to block those. Without some sort of monitoring tool like Splunk, we would just have "your network is slow." So they use Splunk to discover the sources and block them at the border.
What advice would you give your students or others who are new to Splunk?
Read the docs. And get in touch with the community and just become a part of it. I've never seen a community like this — it’s one of the things that endeared me to this product and company. We have an enormous amount of knowledge built up, and someone will have an idea of how to help you, or know where to point to if they don't.
What makes this community so different?
It's people who are passionate about the product. It's people who care about helping others run it well, and wanting to just learn everything about it. What I've seen in a lot of closed source product communities is a lot of competition. The Splunk Community is, "Oh yeah, I totally know how to do that. Here's how." The lack of competitiveness and the desire to help everyone do the best they can with the product is what really makes it.
Looking ahead, Nate said he’d bet his career on Splunk. In five years, he sees himself continuing to do what he’s doing now but on a grander scale, expanding Splunk’s use outside of IT into numerous other academic departments, where he will continue to explore its countless uses in different parts of the university. “This is not a small product, it's not something that I see dying on the vine anytime soon,” he says. “And there is definitely still going to be a role for a Splunk architect here.”