Splunker Stories: Brian Pham

In our latest edition of our "Splunker Stories" series, we meet with Brian Pham, Splunk’s Manager of Vulnerability Management.

We sat down with Brian to learn more about the path which led him to Splunk, how his career has grown here, and the fun he enjoys with his global team.

Brian also recently sat down with our Global Content Marketing Manager, Aimée Barrie for a recorded podcast you can view here!

What did you do prior to joining Splunk and how did you end up at Splunk?
Prior to joining Splunk, I was doing vulnerability management as a contractor for the US Government.

I was an auditor performing technical assessments of federal information systems for one client and then performed Independent Verification and Validation (IV&V) for another.

After three years at the last federal client; I was able to assist them in resolving a task that existed before my arrival. I felt that was a nice time to close that chapter of my life and the company I was working for. Coincidentally, they were up for a recompete so it was as good a time as any to look for new opportunities. 

This is when I saw Splunk was looking for a Threat and Vulnerability Analyst! 

I had never worked for industry before and Splunk was a well-known company that seemed so much fun, so I figured I'd throw my hat in and see what would happen.

Now I'm here and loving it!

I joined Splunk in the role of Threat and Vulnerability Analyst in the summer of 2020, and it only took me ten months before I earned my promotion to Senior Threat and Vulnerability Analyst. 

This past June, my consistency and hard work again paid off, and I am currently in the leadership role of Manager of our Vulnerability Management team.   

What was your perception of Splunk before joining? Is it what you expected?
Splunk seemed like a fun company! 

Seeing Splunk was used everywhere I looked; I was excited at the prospect of joining a workplace that embraced technology and innovation. Especially since the previous organizations I worked for were... not.

For the most part, Splunk is what I expected! 

Everyone here is passionate about one thing or another. Whether it's technology, or being “Splunky” (with cross department and international chats about cooking, cars, etc.) there's never a shortage of excitement from people around me.

What do you do at Splunk?  What are some of the exciting projects you are currently working on? 
I currently lead a team of Vulnerability Management Analysts in (you guessed it!) analyzing vulnerabilities, determining risk, providing remediation guidance, and ensuring compliance to security standards. 

As part of Vulnerability Management we identify, assess, report, and manage vulnerabilities for the company. This involves us performing detecting software / configuration flaws in devices / applications, determining the risk to Splunk and our customers in the Cloud in the context of our environment, along with providing remediation guidance and support to teams, supporting partner teams to identify exposure, and working with teams to drive remediation activities. 

All of which will help protect Splunk from threats.

We work with fellow Splunk Global Security (SGS) teams like SplunkCIRT, Threat Detection, and Monitoring Operations to investigate our vulnerability exposure and begin coordinating with remediation teams when the latest new vulnerability comes out. Sometimes this even involves using external data sources and custom developed tooling!

We are always working on improving capability whether it’s reporting, dashboarding, or detection. Our team is always innovating to get better detection of the latest vulnerabilities and give us capabilities to better visualize vulnerabilities so we can enable companies to take action faster and more effectively.

It's exciting for us since it feels like an extension of my consulting days where we get to work with a lot of people and work to drive change!

Tell us about your story.  What experiences made you who you are today?
After a false start with college, I got a job with a contracting company and started doing some IT work around the office. 

I was presented with an opportunity to help on a federal contract by building and securing laptops for the Nuclear Regulatory Commission (NRC). It was during this time that I learned things like CIS Benchmarks and DISA STIGS (hardening standards) and how they could help improve security of devices. My experience snowballed from there as the company started sending me to different customer sites to assess their environments by identifying vulnerabilities and their compliance to these hardening standards. I learned about different types of vulnerabilities, exploits, technology platforms, and how to work with different people / personalities. I even got to teach others and write my own agency security standards!

I ended up leaving that company and working for another, providing IV&V services for the Federal Deposit Insurance Corporation (FDIC). It was here that I was leading a team of Vulnerability Management Engineers to ensure security of the entire enterprise instead of my previous view of individual organizations and systems.

As mentioned before, after three years at the FDIC I was able to close out a multi-year project that I inherited. I wasn’t really looking forward to yet another recompete and was intrigued when I stumbled upon a Splunk LinkedIn post for a Threat and Vulnerability Analyst. So here I am!

I am very fortunate that I had many opportunities to learn about cyber security! 

My exposure to different environments, platforms, people, and business cases was helpful in teaching me about how to balance security with operations while also being a security generalist.

How have your unique experiences and insights made you successful in your career, and at Splunk?
Since I had exposure to so many different people, organizations, and implementations this knowledge helped me adapt relatively easily working at Splunk. 

I was able to jump into helping out with Splunk’s Vulnerability Management program because it was a subject I was intimately familiar with. 

My many years of being a consultant and auditor was helpful when working with multiple stakeholders who all had different business cases and environments.

My desire to learn about the business and where Splunk can help organizations continue to grow securely has motivated me throughout my career.

What do you enjoy about working at Splunk?
I really enjoy the people! There is a real wealth of knowledge Splunk employees have, and the way Splunkers openly share this knowledge with one another is amazing! 

Even though we work remotely and with employees all around the world; you can really feel the passion Splunkers have for their work, connections outside work and of course the company!

I enjoy being able to express my opinions and have the support of my team and management. Compared to working with the government, working for Splunk feels so free and liberating! To be able to openly exchange ideas, be able to test / take action, and be encouraged to do so is amazing!

Which Splunk Value (Innovative, Fun, Disruptive, Open, Passionate) resonates most with you?

Fun for sure! It can be challenging to stay positive when dealing with vulnerabilities, threats, exploits, and bad actors all the time. 

Working for other companies, I’ve also felt how difficult it can be to stay positive when working with stakeholders who may be intimidated to work with security.

This is not a problem at Splunk. 

It is amazing to work with people who, (despite late nights, holiday 0-days, and other ever evolving security concerns) continue to uplift each other, joke around, and maintain a fun environment while dealing with the next vulnerability right around the corner.  

Splunk's vision is "A world where data provides clarity, elevates discussion and accelerates progress." How does your work contribute to this?
Like many teams at Splunk, Vulnerability Management relies on accurate up to date data that we collect in Splunk to do our jobs. 

Using this information, we work to give back to the community by defending Splunk and ensuring that vulnerabilities detected affecting assets are remediated quickly and effectively.

Our team doesn't just focus on the latest vulnerabilities; we use the data we collect to identify systemic issues that we can report to teams and find solutions. We help teams make informed decisions about prioritizing remediation, and also give credit to teams for the progress they're making at bringing down vulnerabilities!

Splunk's mission is to "remove the barriers between data and action, so that everyone thrives in the Data Age." What does this mean to you?
To me, this means finding ways to make data available to people so we can make better decisions. 

Part of this means using automation, developing dashboards that paint pictures to management and technical staff, or teaching machines how to interpret the data and take action so that users aren’t overwhelmed with choices or not adding value.

For example: In the Splunk’s Vulnerability Management program we provide a valuable service by identifying vulnerabilities affecting containers and operating systems. 

Through the use of automation; we’re able to identify the vulnerability, provide analysis and triage whether a risk is significant in the context of Splunk’s environment, and inform remediation teams to take action before they are potentially compromised!

Using our dashboards we’re able to provide big picture metrics and information to leadership while also providing important technical information to engineering and remediation teams. 

We’re able to easily communicate and review individual vulnerabilities affecting individual hosts or even classes of vulnerabilities across multiple environments. 

Whether we’re talking to leadership or technical teams, we’ve developed reporting empowering teams to self-serve and take immediate action.

With automation, our Vulnerability Management team can analyze and triage potentially thousands of vulnerabilities across multiple environments, platforms, regions, organizational teams and provide actionable reporting.

One of our goals as we become more mature is to have machines automatically provide analysis and triage (with human review and approval) while providing reporting to stakeholders as vulnerabilities are detected.

I can see a future where remediation teams can use this data to take corrective actions automatically! Thus, preventing security and remediation teams from burning out and business and security can safely thrive.

What can we find you doing outside of work? Hobbies or interests?
Outside of Splunk my wife and I love to go camping, hiking, backpacking, cooking, brew beer, race cars, and participate in roller derby (I am a referee and she plays, which gives me a prime opportunity to give her penalties!)

We have two track cars that we’ve built, maintained, and done performance driving with. We’re currently in the process of replacing the motor in my wife’s Miata (for the second time). We’ve done driving events at Virginia International Raceway, Watkins Glen International, Pittsburgh International Race Complex, and Summit Point Motorsports Park.

Unfortunately since our keezer (beer fridge) stopped working, we haven’t been able to brew in a while mainly because we don't want to bottle five gallons of beer each time we brew. That being said, I do miss brewing, but there’s also plenty of delicious beers out there!

Anything else that you'd like to share that you haven't already?  
I'm extremely happy to be part of Splunk and SGS. I'm proud of my team and how far we've come. We have created positive relationships with all the organizations that we’ve worked with. 

I'm confident in Splunk’s mission, the direction of our Vulnerability Management team, and I'm excited to see all we set out to do come to fruition!

If you would like to learn more about life at Splunk or about our global career opportunities, please visit splunk.com/careers.