3. We should be
running the
agency in real time!
Why am I making
decisions on
last month’s data?
4. Data from the past Realtime Data Statistical Forecast
T – a few days T + a few days
Security Operations Center
IT Operations Center
Business Operations Center
Descriptive
(BI Tools, Data Lakes) Grey space
Predictive
(Models)
6. Fast-feedback loop for actionable commercial insights
Responsibly Move at Market Speed
PROGRAM
MANAGERS
DEVELOPERS
IT BUSINESS
APPLICATION
PLATFORM
HOW IS OUR:
• Security?
• Quality?
• Stability?
• Performance?
HOW IS OUR:
• Market Launch?
• Feature Usage?
• Marketing
Changes?
• Prioritization?
7. IoT WORKLOADS
Blurring the Lines Between Digital & Physical
Security
Ops
Center
Business
Ops Center
IT Ops
Center
CLOUD WORKLOADS ENTERPRISE IT
WORKLOADS
ADVANCED CORRELATION
HYBRID DEPLOYMENT
SINGLE PANE OF GLASS
8. 2. Focus on the foundation
3. Divide, empower, and deliver
4. Ignore the “Eeyores”
1. Define your outcomes
• Development Velocity
• Failed Customer Interactions
• Compliance Response Time
App Teams
App Platform
Hybrid
Cloud
Continuous
Delivery
Continuous
Insights
But how do you get there?
5. Dreamers, Debaters, & Executers
6. Better to be infamous than unknown
9. Install App Servers
Install OS’
Install Physical Servers
Configure network
Configure security
Debug! Servers
Storage
Networking
Virtualization
Management
Security
Middleware
Patterns
Automated
Deployment
Applications
1. Hybrid Cloud
Fewer “moving parts” for speed & stability
Get out of the “IT integration business”
Challenge: People & processes, not tech
10. 2. Continuous Delivery
Sonar code quality Static Security Scans
Build cloud
Developer
checks in code
Automated
Acceptance Tests
Dynamic Security
Scans
Test Cloud
“Chaos Monkey”
tests
Automated
Deploy
=
=
X
X
Production Cloud
QA Prod Pattern
Automated
Deploy
Pattern Library
11. Dev/Test Cloud
Dev Pattern QA Prod Pattern
Production Cloud
QA Prod Pattern
Enterprise
Architecture
Pattern LibraryDeveloper Dev, QA, & Prod
provisioned in minutes
Speed, Consistency, & Repeatability with Patterns
12. Real-time Dashboards Ensure Transparency
• Best / worst developers
• Custom training programs
• Best / worst outsourced providers
14. How?
Web CoE Middleware CoE DB CoE
CoE Specific KPI’s & Dashboards
Business Transaction
KPI’s & Dashboards
“Canary”
Thumbs up / down
“Band-aids”
Document – Script – Trust – Auto-execute
“War Room”
Collaborative Troubleshooting
& Post-mortem
IT Operations Center
17. Operational Intelligence Platform
Web Logs
App Logs
Network Logs
Endpoint Logs
Identity Logs
Wearables
Vehicles
…
Industrial Control
SCADA
…
IT DATA
IOT DATA
OT DATA
Time
HOTWARM
Data Aging Policy
COOLCOLD
Historical Near Real-time Predictive
High-speed Data Ingest
T0
PREDICTALERTSEARCH VISUALIZE ANALYZEDEVELOPEnrich ACT
18. Investigate the data in real-time
• Define Static schema
• ETL into Schema
• Enrich at write
• New data = new columns
• New questions = new columns
Ideal for asking the same
question repeatedly
• Schema-on-the-fly
• Data in native format
• Enrich on read
• New data = no changes needed
• New questions = no changes needed
Ideal for investigation & exploration
150.128.102.148 - - [07/Aug/2014:00:59:52 +0000] "GET
/images/web/2009/banner.png HTTP/1.1" 200 52315
"http://www.semicomplete.com/blog/articles/week-of-unix-
tools/day-1-sed.html" "Mozilla/5.0 (Windows NT 6.1; WOW64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107
Safari/537.36
vs.
Schema-on-write Schema-on-read
20. Pivot & improve with
Continuous Insights
Program Managers
identify new
opportunities
Continuously delivered to market
… and Auditors are “happy”
Fast-feedback enables Market Speed
21. With a Strong IT foundation,
and the right culture…
Commercial Intensity
+ Market Speed =
Resources of an Enterprise,
Agility of a startup
With that, I’d like to introduce our first presenter, Snehal Antani, CTO Splunk
JASON – PASS THINGS OVER TO SNEHAL
IS THIS WHERE YOU DISCUSS YOUR PREVIOUS ROLE? WANT TO ENSURE WE DON’T LOSE AUDIENCE WITH COMMERCIAL AND MARKET – NEED TO TIE TO GOVERNMENT
CHANGED BUSINESS TO AGENCY – BUT WILL CHANGE BACK IF THIS IS ANECDOTAL
---------
Tera – it would be great if we can have two options for this slide
Option 1 ) – just have the two pieces of text in nice fonts
Option 2 ) have simple icons one representing a reactive vs real time (The narrative here being that – don’t run your business reactively on stale data when you can run the business in real time)
Real time – use clock
Icon for reactive
MAYBE MAKE COMMENT ABOUT BUSINESS AND GOV BEING DIFFERENT – BUT MAKE CONNECTION THAT THEY STILL HAVE BUSINESS PROCESSES THAT NEED TO BE EXECUTED TO KEEP THE AGENCY RUNNING
JUST TO ADDRESS THAT THIS IS NOT A COMMERCIAL AUDIENCE
Culture:
Bold Ideas
Lean Startup
Focused on customer outcomes
JUST BECAUSE YOU AREN’T RUNNING A BUSINESS DOESN’T MEAN THAT THE CONSTITUENTS YOU SERVICE DON’T EXPECT YOU TO MOVE AT MARKET SPEED. BUT IT’S EVEN MORE IMPORTANT TO DO SO RESPONSIBLY, GIVEN THE SENSITIVE INFORMATION YOU’RE ENTRUSTED WITH AS A GOVERNMENT AGENCY.
CHANGED PRODUCT MANAGERS TO PROGRAM MANAGERS
HOW IS OUR:
Market Launch?
Feature Usage?
Marketing Changes?
Prioritization?
CHANGED TO:
HOW IS OUR:
Program Launch?
Services Usage?
Engagement Changes?
Prioritization?
--------------
Tera – For the cloud workloads we can show the company logos (please add AWS) (We also had done a version of the slide – please see next slide)
For IOT workloads – we can use the IoT icons (can pull from slide 20)
For Enterprise workloads – we can use standard IT icons – don’t need a special one for mainframes.
As for the treatment of the three bullets – we could do something similar to what we did in Nate’s ES deck.
Challenge isn’t technology, we have best-in-class products from multiple vendors; it’s people + processes. Integrated Systems serve as a catalyst for breaking the existing processes, kingdoms, and culture; and creates an opportunity to rebuild for the future
Before:
Self-integrated, 10+ teams, manual
QA + Prod deployed in 3-6 months
Compliance reports in 3-6 months
After:
Pre-integrated, 1 team, fully-automated
QA + Prod deployed in < 60 minutes
Compliance reports in < 10 minutes
MENTION THIS CASE STUDY: The CISO of the City of LA built an Integrated Security Operations Center, analyzing 14 million+ events per day, using Splunk Cloud and the Splunk App for Enterprise Security. The City was able to accelerate its deployment by pursuing a cloud-based approach to SIEM and enhanced cybersecurity collaboration between internal and external stakeholders.
PROGRAM Manager goal: identify next opportunity/requirements
IT Ops goal: Reduce FCI’s
Pro-actively identify
Visualize
Collect & Analyze
Take pro-active actions
Engage
MTTR from hours to minutes
FCI’s reduced
TIE TO NEED FOR AGENCY EFFICIENCY
PROGRAM Manager goal: identify next opportunity/requirements
IT Ops goal: Reduce FCI’s
Pro-actively identify
Visualize
Collect & Analyze
Take pro-active actions
Engage
MTTR from hours to minutes
FCI’s reduced
Detect Potential Failed Customer Interactions…
CHANGED TO: Detect Potential Failed CONSTITUENT Interactions…
OR: TALK ABOUT INTERNAL CUSTOMERS?
Pro-actively identify service (INSTEAD OF BUSINESS) issues
Visualize the source of the issue
Collect & Analyze diagnostics data automatically
Take pro-active actions to mitigate the problem
Engage the right people immediately
Proactively Identify:
Stuck deals are identified before the call is made to support
Visualize: Business Activity Monitoring tracks deals; Yellow indicates where the deal is stuck. Red would indicate a catastrophic system failure.
Collect & Analyze: All relevant logs from application servers, network devices, Siebel, Oracle, etc are retrieved and analyzed via Splunk
CONSTITUENT Interactions
Insights into successful/failed/degraded CONSTITUENT interactions
Prevent regrettable attrition
Improving cost or impact of interactions
Business Process Analytics
Reduce CONSTITUENT friction
Hunt & eliminate tribal processes
Simplify existing processes
Commercialization
Product usage/adoption
Optimize SERVICES
Improve business performance ($)
Customer Interactions
Insights into successful/failed/degraded customer interactions
Prevent regrettable attrition
Improving cost or impact of interactions
Business Process Analytics
Reduce customer friction
Hunt & eliminate tribal processes
Simplify existing processes
Commercialization
Product usage/adoption
Optimize marketing
Improve business performance ($)
Customer Interactions
Insights into successful/failed/degraded customer interactions
Prevent regrettable attrition
Improving cost or impact of interactions
Business Process Analytics
Reduce customer friction
Hunt & eliminate tribal processes
Simplify existing processes
Commercialization
Product usage/adoption
Optimize marketing
Improve business performance ($)
Culture:
Bold Ideas
Lean Startup
Focused on customer outcomes