Mason Morales
  • Splunk Blog
  • Contact
  • About
Picture
Splunk Architect, Developer, Trainer, and Administrator. Ansible Expert. Security Ninja.

Hi, I'm Mason. I'm one of the world's top Splunk experts and a founding member of the SplunkTrust.

I'm currently the Principal Engineer for Splunk, on the Splunk@Splunk team. My team is charged with providing Splunk as a service internally to the company that makes it. 

Prior to joining Splunk, I was the Principal Security Engineer at 
Blizzard Entertainment, where I built a high-performance multi-petabyte Splunk cluster supporting hundreds of users throughout the company.

I hold over 15 years of experience in IT, and am fiercely passionate about creating innovative technology solutions to complex business problems. My entire career has been spent in the service-provider space (including Telecom, Internet, Video, and VoIP), as well as large Enterprises.

If you're interested in my work background, be sure to check out my LinkedIn profile, or reach out to me using the Contact page if you'd like a copy of my resume. I'm currently interested in Principal/Director level (and higher) roles where I can apply the breadth and depth of my IT experience.

If you'd like to see some of my code and personal projects, be sure to check out my GitHub repositories.


Professional Affiliations

  • SplunkTrust 2017-2018, Member
  • ​SplunkTrust 2016-2017, Member
  • SplunkTrust 2015-2016, Member
  • Splunk .Conf 2016 Global User Conference, Speaker 
    • Video: Architecting Splunk for Epic Performance at Blizzard Entertainment
    • Slides: Architecting Splunk for Epic Performance at Blizzard Entertainment
  • ​SplunkBase, App Developer
  • Splunk Answers, Contributor and Moderator

Work Experience at a Glance

  • Blizzard Entertainment- a global leader in video game development and publishing
  • Level 3 Communications - an international telecommunications and Internet service provider
  • Skillsoft - a developer of learning management systems and technical course content
  • ​Time Warner Cable (Charter) -  a cable television company ranked the second largest in the US, with operations in 29 states
  • ViaSat - a satellite communications engineering company and provider of high-speed satellite broadband services covering military, commercial, and residential markets
  • iBasis - a wholesale carrier of international long distance telephone calls, with enhanced services for mobile operators, and a provider of retail prepaid calling services

Splunk Experience

Architecture & Design
  • Indexer and search head clustering technologies at multi-petabyte scale
  • High-availability multi-TB/day HTTP Event Collection (HEC)
  • Systems design, benchmarking, and load testing
Operations
  • Alert development and monitoring of Splunk health, forwarder health, license usage, etc. in distributed environments
  • Administration of H/A Splunk infrastructure with 600+ active users
  • Monitoring of rsyslog and HTTP event collection technologies
  • Integration of Splunk with a wide variety of technologies and services (Tenable Nessus, Nexpose, Juniper Netscreen, RADIUS, Cisco PIX, Bastion, Juniper SBR, Radware DefensePro, Apache, Bro IDS, Squid, Checkpoint, Citrix, VPN, Linux Secure, Auditd, OSQuery, LastPass, eSet, SentinelOne, JIRA, Falcon, FireEye, AWS, Cisco ASA, Cisco ISE, Cisco WSA, Fortinet, Infoblox, Microsoft AD, OpenLDAP, Oracle Exadata, OSSEC, SourceFire, Palo Alto, Domain Tools, eStreamer, Okta, Windows Event Logs, Cisco CallManager CDRs, Moog, S2, OpenStack, MySQL DBConnect, TeraData DB Connect, JIRA, and dozens of proprietary data sources)
  • Implementation of Network Management Systems (NMS) (ScienceLogic EM7, LogicMonitor)
Development
  • Splunk App and Technology Add-on (TA) development
  • REST-based scripted input development using Python
  • Contributor to development of DomainTools and SentinelOne Splunk Apps
  • Developer of Utilization Montior for Splunk (SUM) App
  • Automated detection of credit card numbers in Splunk
  • Implementation of complex Splunk search use cases
Security
  • Securing Splunk deployments
  • Deploying hardened Splunk forwarders
  • Hardening Splunk servers to CIS benchmarks
  • Preventing of splunkd crashes from certain types of searches
  • Implementing 2FA, SSO (SAML, OKTA), and LDAP authentication in Splunk
Documentation
  • Requirements analysis
  • Configuration version control
  • Incident resolution
  • Data Flow Diagrams (DFDs)
  • Access Control Lists (ACL) requests
  • Standard Operating Procedures (SOPs)
  • User guides for new Splunk users
  • Splunk training videos

Certifications

  • Splunk Certified Architect II
  • Splunk Certified Admin
  • Splunk Certified Knowledge Manager
  • Splunk Certified Power User
  • ITIL IT Service Management
  • Various others from Microsoft, Cisco, Juniper, and CompTIA

Looking for more?

Send me a message on LinkedIn or use the send me an e-mail.

Copyright © 2018 Mason Morales All rights reserved.

  • Splunk Blog
  • Contact
  • About