Tomorrow in Washington, D.C., Splunk will be hosting GovSummit, a one-day event where we will share strategies for successful IT modernization and enhancing security specific to the public sector industry. In the latest edition of our Partner Spotlight series, we highlight Matt Coose, Founder and CEO of Qmulos (@Qmulos), a Premier Splunk partner and cybersecurity company that focuses on cutting-edge compliance automation.
At Qmulos, Matt leads a team of experts that manage and prioritize enterprise risk. He previously worked for the National Cyber Security Division of the Department of Homeland Security (DHS) as the Director of Federal Network Security (FNS). In his own words, Matt talks about the partnership with Splunk and about his role at Qmulos.
Tell us about yourself. What does Qmulos do and what do you there?
Before Qmulos, I spent many years working in the federal government including the National Cyber Security Division of the Department of Homeland Security (DHS) as the Director of Federal Network Security (FNS). With FNS, I led the development of the government-wide federal cybersecurity architecture and risk quantification model that introduced continuous monitoring, enhanced enterprise risk management, and changed the way that organizational leaders think about improving cybersecurity posture.
Qmulos started with an idea and a passion to change how cyber compliance gets done and what it could mean to overall security if it was done right. CISOs I worked with in virtually every industry have essentially been forced, due to fear of audit findings, to spend untold millions on armies of people to generate paperwork, issue data calls, fill-in static spreadsheets, and upload “evidence” into extremely expensive legacy Governance, Risk and Compliance (GRC) tools, where they spend many more millions to show auditors how “secure” they are and how well they are managing risk. Sadly, this had been going on for 30 years and we felt it was finally time for a change.
Qmulos has realized the dream of Information Assurance professionals at all levels across the globe. We have disrupted the legacy compliance market and are enabling CISOs around the country to realize that doing “compliance” on top of big data is the best way to dramatically improve operational security with the world’s leading big data platform, Splunk. We are enabling CISOs to finally bring together their operational security budgets and resources with their compliance budgets and resources and align them toward one common goal—better security. At Qmulos, we holistically define what our customers need to monitor (breadth of security controls), enable them to do so accurately (automation) and in a timely manner (near-real time), and on a flexible platform (Splunk) that adapts to constantly changing environments in hours instead of months.
What do you like about partnering with Splunk?
Partnering with Splunk has given us an open platform with zero constraints, and allowed us to take the distant dream of revolutionizing how cyber compliance is done, and make it a reality. Splunk has given us a full ecosystem of capabilities to leverage in creating a world-class Integrated Risk Management (IRM) solution. Splunk was the missing link to take the once painful, static process of compliance, and turn it into a vital necessity, one that provides our customers with the best security program on the planet! We have the full breadth of capabilities to continually evolve, innovate, and create solutions to meet our customers' ever-expanding needs.
Working with Splunk’s dedicated and innovative team and customer base has provided an invaluable community of people who have come alongside us to aid in the mission of tackling the biggest problems and priorities in our world today. We have the privilege of partnering with Splunk team members who hold the same vision of helping the world operate better. We’re also able to partner with Splunk’s innovative market of forward thinking customers and explore their critical feedback to continue to push the boundaries while differentiating our product offerings from our competitors.
How has Splunk changed the way you and your customers work?
I started Qmulos with the idea of taking a stagnant process and doing it better. Splunk came in and revolutionized the way we worked by taking our idea in its infancy and paving the way for the creation of advanced apps to extend our capabilities beyond what we originally imagined. By making visual creation painless for our company and our customers, Splunk has also sped up our application development process by allowing us to focus on the business logic versus building the entire infrastructure from scratch.
Splunk platform’s flexibility allows for the ingestion of data across an ever-expanding variety of sources. Splunk gives us the arena to create advanced apps and extend the capability of the Splunk platform. These toolsets have allowed Qmulos to develop compliance related solutions that completely overhauled the way our customers work. Instead of having to manually collect evidence and generate reports, customers can utilize the real-time logging capability of Splunk and the Q-Compliance and Q-Audit apps created by Qmulos to help automate an abundance of compliance tasks. Data can be automatically mapped to systems and responsible users, compliance reports can be automatically generated, and users can be automatically notified of changes in their compliance status.
The ability to innovate faster than any other platform and customize any complex environment easily is Splunk’s gift that keeps on giving.
What are you looking forward to at Splunk GovSummit 2019?
As a veteran, I spent many years working for the federal government, both as an Army pilot and for the U.S. Department of the Treasury and DHS as a civilian. I am all too familiar with the challenges our government leaders face every single day. The need for cost effective solutions that better enable security is critical and really inspired the vision for Qmulos in the first place. We are focused on enabling CISOs to finally bring together their operational security budgets and resources with their compliance budgets and resources and align them toward one common goal—better security.
Splunk has the unique and critical ability to host events that energize and invigorate customers, partners, and attendees alike. Splunk’s GovSummit allows us to spend time with thought leaders and innovators on the front lines who are facing painful and complex challenges every day that we know we can help address. It’s also an opportunity to connect with some of our oldest customers as we continue to collaborate in answering the questions of tomorrow, before they are even asked. And ultimately, showcase the products we’ve dedicated our life’s work to create.
What technology challenges is the public sector currently facing? How is Qmulos helping customers work through those challenges?
Today, the public sector is faced with choosing between large, expensive, single-point solutions to solve their ever-expanding problems on an ever-shrinking budget. To say it’s a challenge is an understatement! We help our customers with this challenge in a couple of different ways.
Qmulos, working on top of Splunk, provides efficiencies for our customers by using data they already collect for various purposes for yet another use-case. There are huge savings if you can train your resources on a single platform and use it for IT operations, security operations, compliance, and other critical business/mission functions. We have seen customers that have chosen this common platform approach save millions on licensing and training costs over having siloed SIEMs, GRC tools, and IT Operations tools.
What are your top priorities for the next year?
Throughout the remainder of 2019 and into the future, our priority is to continually make the switch from a legacy GRC tool to the Q-Compliance and Q-Audit applications a no-brainer. Every year we work to update existing features to better meet our customers' needs and create new capabilities they don’t even know they need yet. We will continue to listen to our partners and customers as we challenge ourselves to open the world’s eyes to the value of compliance automation. We will continue to rely on Splunk’s robust and scalable infrastructure to provide the IT risk management solution that meets the needs of the world’s largest enterprises.
If you could ‘Splunk’ your own life, what would you [want to] find out?
I would Splunk my hockey performance. After nursing a bicep injury back to health last year, I’m back on the ice and feeling older than ever. I still haven’t been able to shake my overly competitive streak, so I’d like to Splunk my hockey game and figure out how I can play like I’m 20 years old again—although I wasn’t very good then either!