At Splunk .conf 2018, I was fortunate enough to have the opportunity to compete in the Boss of the NOC event with my peers.
This was our first time competing in one of these events, and quite frankly, we had no intention of winning when we decided to compete. However, with the prize of 2019 .conf passes on the line… the rest was history.
Why Boss of the NOC?
This was actually a source of debate between our team members. We were initially leaning towards competing in the Boss of the SOC event, since many of the Splunk use cases we leverage for our clients are security focused.
However, we ended up going with the NOC event for a few reasons, including:
- New Tools: We wanted to increase our experience with some of Splunk’s newer offerings, such as VictorOps, which was part of the event this year.
- Team Experience: Both Tim and myself are recovering network administrators, and figured some of this knowledge might come in handy.
- Splunk Experience: We support clients in numerous verticals, who use Splunk for both security and operations use cases. For us, the product is a tool to solve any number of problems we might face – problems that we may not know the answer to until we dig into the data.
We found the event to be a realistic representation of the work that we do on a daily basis. For instance, many of the questions were quite vague. Customers don’t always know exactly what they want, or what data they have to support a given use case. We’re often tasked with solving a problem by figuring out a solution based on what the client has available.
As a Managed Security Services Provider, we are constantly required to adapt to different client environments, switching between data sources and Splunk deployments multiple times every day. So, handling a new and unknown Splunk environment was not a foreign concept to us.
One of our biggest strengths during the competition was our ability to work as a team. Both Mark and Tim are part of our Splunk implementation team, which also backs up our support engineers as a senior escalation level.
Steve and I are part of our management team, but we’re never far from having our hands on the technology, solving problems, or helping design new service offerings and process improvements.
Similar to our normal day-to-day operations, we were able to work on problems during the event both independently as well as involving other team members as needed, and playing to each other’s strengths. If anyone got stuck on a question, we’d pass it to another team member and move on. Additionally, to avoid losing points, we’d seek a second opinion on possible answers when practical to ensure that we were on the right track.
Within the first hour of the event, we were told that we had a commanding lead in the competition, with nearly twice as many points as the next closest team. When we first heard this news, we thought members of the event staff were trolling us and continued working on the questions.
Eventually, we did check the scoreboard and realized they weren’t trolling. A few hours in, we realized there was a very real possibility that we could win the event, provided we didn’t follow in the footsteps of all too many Cleveland sports teams (insert your own video of the drive, the fumble, the shot, etc. here).
Lucky for us, Hurricane Labs’ Sales Engineer Matt Yonchak stopped by to give us the positive reinforcement we needed…