 Live from Orlando, Florida, it's theCUBE, covering .conf18, brought to you by Splunk. Welcome back to Orlando, everybody. This is Dave Vellante with Stu Miniman. You're watching theCUBE, the leader in live tech coverage. We go out to events, we extract the signal from the noise. This is day two of Splunk's big user conference, hashtag SplunkConf18, winding down Stu. Quite an amazing two days. Just had Doug Maradon, had tons of customers, a lot of security talk today. Luke Bampton is here, another security expert. He's the application security specialist with SecurePay out of Australia. How you doing, mate? Good, not bad. Can you tell that I'm from Australia or not so much from the accent? That rack of beer you got down there is what gives you away. Australians like beer, as they say. But they don't drink fosters out here. No, no, no, no, no such thing, actually. Yeah, it's a bit- That's great marketing to dumb Americans. Yeah, a very common misconception, though. So, could I see you for picking it up? Well, we were talking about the Melbourne Cup, but we'll get back to that later. Let's talk about SecurePay. Sure. What do you guys do and what's your role there? Yeah, so we're an online payment gateway, so we help businesses trade online, facilitating e-commerce. So we're actually owned by Australia Post, so Australia's premier mail network. So that gives us kind of a unique competitive advantage being able to sell both parcel delivery and payments facilitation all in one service to our customers. Makes it a really compelling offering to customers to have an all-in-one, kind of one-stop shop for all their e-commerce needs. But what's your role, and what are the big drivers from the business or the operations that are affecting that role? So my role is an application security specialist. So I look after a lot of the PCI DSS constraints. So payment card industry, data security standard. Do a lot of stuff around vulnerability management, code reviews, penetration testing, web application firewall administration. I work very heavily with our SOC guys, work very heavily with our network security team, platform, application, you name it, we do it pretty much. Yeah, I mean, security obviously for a payment company is pretty important. Maybe you can talk about, you know, what's changing in the industry? How does that impact your job? Yeah, so financial tech or fintech has kind of boomed in Australia, if not the world in the last like five, 10 years. So there are a lot of new companies and so therefore it's driving a lot of innovation. So big players, even like SecurePay, are kind of feeling that desire to work faster, more agile, and be more competitive in market. And that means a lot of change, a lot of fast-paced change, especially when you're dealing with industry regulation, such as calculating surcharges on the fly, making sure that people aren't skimming off the top of just what is supposed to be a cost-covering exercise for our merchants. So competing with legislative changes, competing with industry changes, best practice, and if payments stop, then your entire ecosystem stops and the economy stops. Yeah, so I see here application security and I'm a networking guy by background, so I start thinking level four through, layer four through seven, bring us inside a little bit, what your team does and what kind of solutions you're using. I would expect Splunk's a piece of it, but what's the stack of security layer? Yeah, sure, so from a security viewpoint, SecurePay being a subsidiary and being a payment card provider kind of has to be standalone so we can't leverage, we have to manage a lot of stuff in-house, I should say. So what that means is basically you have to think of it as condensing your entire organization into a team of like five, six, seven, and really making the most of your products that you've got available to you. So that means really making the most of technologies out of the firewall space, out of the application security space, code scanning, basically everything that you'd expect a full-blown enterprise to do, only with a much smaller team, much smaller budget, which means you've got a lot of competing priorities all the time. So when you say in-house, I'm inferring that means a lot on-prem as well or not necessarily? Yeah, so at the moment we are predominantly on-prem in terms of our infrastructure. We are moving to a more of a hybrid cloud, particularly with our non-production environments, but with that said, everything's got to be in line with all of the network controls, all of the application controls, segmentation, all the rest of it that is required under PCI. As far as individual tooling is concerned, we work very heavily with Splunk in terms of event correlation, event management, alerting. Our risk guys use it to fraud profile and risk profile both our merchants and our customers. And really like just keep an eye on what's going on in the overall payments ecosystem, not only for our customers, but also for customers in the overall payment scene. Because we hold relationships with other significant players, we can give them a heads up of what's going on. So any market trends, intelligence, like sharing, makes it a really good place to be. How long have you been a Splunk customer? So we've been a Splunk customer about 18 months now. Great, so relatively recent. Yeah. Tell us about life, what was the catalyst to bring Splunk in, what was life like before and the after? Yeah, so the catalyst for bringing Splunk in was really a contract negotiation with our parent company, Australia Post. So we moved away from our previous tooling and moved to Splunk. I'll be honest, there wasn't a huge adoption because there was so much going on at that point in time. But about 12 months ago, we started really investing heavily in optimizing our instance of Splunk Cloud to the point where we're now able to leverage its functionality in terms of application monitoring, making logs available and searchable and just make things a lot more visible for even our senior leadership team to come up and see a dashboard on a TV screen on a wall and be like, hey, we're doing really well today. Or, hey, what's with that number? Is there something I need to know? The power of visibility when you're talking to leadership teams is just amazing. And you couldn't do this before or you could do it. It would take a lot more resources. Yeah, exactly. You could do it. It was just a lot less visual and a lot more time intensive to actually pull that out. So, West Splunk has really assisted us is in the ease of reporting and the visibility and speed with which we can deliver the information required. So with our previous tools, there was an issue with the timeliness of the data. So by the time that we'd actually pulled it out, taken the core insights that we needed, it was probably not as accurate or not as up to date as what we'd like. And being in high-paced financial industry, time is money. So what have you done with that extra time? Is it just sort of perfecting the dashboards and the reporting and that process? Or have you shifted resources to other activities? Yeah, so I mean, when you're dealing with such a small team, time is key. And really, that reporting time got shifted away and back into the hands of more technical on-hands, technical uplift. You have more time making sure that your firewall rules are correct. You've got more time making sure that your applications and your code reviews are going well and you're clearing pipelines and you're looking at training and you're looking for indicators of compromise instead of just kind of sitting there hoping that your current config is okay but knowing that you could probably give it some more love if you had more time. All right, Luke, one of the things we've talked to a lot of customers about is that they start with a specific use case for Splunk but then the business starts asking questions, other groups get involved. What's your experience been? Yeah, ours is, our experience in that field is exactly the same. So we bought Splunk on board purely as a seam for the security team to use and it got to the point where you had, say the sales team approach us and we're like, hey, so we know that you guys are pulling out a lot of metrics about our customers and what activity is going on in system. Is there any way that we can leverage this to, say, calculate profitability for various accounts? Or can we offer bulk discounts or whatever? So it kind of starts getting extended to the sales team and then the customer service guys came on board and they're like, hey, if we had access to this information sooner, we could better service our customers and that offering itself was really powerful because it has a direct impact on our ability to deliver as a service provider. And it just keeps growing and growing and growing to the point where pretty much every single team uses Splunk in some way, shape or form and are getting real value out of it. And we say every single team. Yeah. You mean across the company or? Yeah, across our company, so across secure pay. So from the infrastructure guys, to the network guys, the dev team, to the QAs, to the BAs, just. What about, we heard a lot of announcements today that are sort of positioning Splunk for the lines of business, the business users, the less technical folks. Do you see that happening in the near to midterm? Yeah, so that's going to have a big impact on where we sit. So on our current, our current experience has been with internal customers using Splunk who aren't as technical because we are using Splunk Cloud and we've got that shared service pool from Splunk can unfortunately impact the ability of users who do need access to certain things in a faster manner, can be limited sometimes. So the ability to actually give those guys the ability to self serve a little bit better, up skill and actually kind of teach them to fish as opposed to delivering fish is really going to be very powerful. And it's just going to be, yeah, it's going to be something that's going to play to Splunk's credit. How large of an installation are you? How do you measure that? Is that like, I guess it's gigabytes or terabytes, right? Yeah, so in terms of our data ingest, I'm not 100% sure. I think where the majority of our logging comes out of our firewalls and perimeter stuff as you'd expect, being a public facing organization. So you've always got scans and whatever going on. But in terms of the rest of our ingest. So small, medium or large? Yeah, I'd say we're probably small or medium, depending on our ingest. So secure pay for reference is only about 120 people strong. So we try to keep things as agile as possible and as lightweight as possible. And Splunk's kind of there to support that because we know when we're hitting our overhead and what we can do to actually kind of peg that back or ramp it up and where we've got the headroom. Things you'd like to see Splunk do, what's on their to-do list? That's a fantastic question. I'd like to, so I'm personally not a Splunk ninja by any means, I'm still very new. So given the fact that we've only had Splunk for about 18 months, like there are people here who would Splunk me into the ground. But. But personally what I'd like to see is a lot of that natural language translation stuff coming through that they announced can be really, really powerful. Just to empower those guys who haven't quite got like, trying to reduce that barrier to entry rather than anything, rather than anything else. Luke, thanks so much for coming on theCUBE and good luck with your future. And that's it for us too, that's a wrap. I mean, final thoughts, you want to bring it home? Yeah, at the Crossroads of Data, Dave, it's really amazing to see this. They're going to have Woz tomorrow, they've got a huge party at Universal, so it's been a great experience for me, really appreciate you coming and sharing the ride. My pleasure, it's all about the data. We're seeing the, we've watched the ascendancy of Splunk. Splunk went public with a very little, for the cash, $40 million in cash, got to the public markets, we've been growing like crazy. We're seeing a massive TAM expansion now into lines of business and new areas like IIOT, so we're actually very excited about Splunk, really appreciate them having us here. Busy month for theCUBE, the theCUBE team's packing up. I'll be going to Miami, still be going to Miami, you guys will be going to Miami. You guys are going back to California, we'll see you next week. Check out theCUBE.net, it'll show you where theCUBE is for all the shows. Check out siliconangle.com for all the news, some big news today, so look for that in the big data space. Hortonworks and Cloudera, merging evidently, just came across the wire, well, Hatfields in the McCoys, and check out wikibon.com for all the research. Thanks for watching everybody, this is theCUBE, we're out from Splunk.conf 2018, we'll see you next time.