SPLUNK/CONTENT

Amplify your Splunk impact with a Content Engagement.

Gets new value and insight from your Splunk investment. We will work together to identify, validate, and implement new use cases that are impactful to your organization.

Schedule a free 15-minute Audition to learn more about my services, and also get a feel for my style and chops. Quick question? Feel free to email.

BOOK INTRO SESSION
FAQ

LAUNCH PROMOTION: Retainers booked in May are discounted 50%.

My Splunk orbit: customer, Splunker, ISV, consultant, & customer (reprise).

My Splunk Orbit

I was first introduced to Splunk in 2010 when I worked for US Customs & Border Protection. After a few years of championing the Splunk cause, I traded my cubicle for a position with Splunk, where I helped Federal agencies leverage the platform to solve complex problems.

I founded RedFactor in 2018. We brought three apps to market that are now free and open source: dvvy, rqst, and kvkit. I also led the development of a patient privacy solution for NewYork-Presbyterian (NYP) hospital. This innovative solution was featured in Blueprints for Success and has been prominently featured on the .conf main stage. Check out my .conf18 talk for more info.

I joined True Zero Technologies in 2019, where I started a healthcare practice and implemented patient privacy solutions for multiple healthcare organizations. I also did some Splunk professional services work, including an engagement at US Courts where I developed a solution to streamline Splunk user adoption.

In 2021, I accepted a position with NYP. I lead teams of cybersecurity practitioners, developers, and data analytics engineers that defend the enterprise and create bespoke solutions to solve unique operational challenges. I continue to advance patient privacy, drug diversion detection, and other Splunk capabilities.

FAQ

What is a Content Engagement?

A Content Engagement consists of collaborative and outcome-based sprints related to the discovery, design, and development of Splunk presentation layer assets. At a high level, this includes:

  • Use case ideation, curation, and strategy
  • Requirements definition
  • Use case validation and prototypes
  • Dashboard and report development

How is the Content Engagement delivered?

A Content Engagement is a retainer-based service. Retainers are available for purchase in (5) hour blocks of time. As help is sought, time is deducted in fifteen (15) minute increments from your retainer balance. When all hours are used, additional blocks may be purchased without interruption of service. Blocks are valid for one (1) calendar year from invoice date.

Are there limits to the number of retainer hours I can buy?

Yes. Ten (10) blocks or 50 hours is the maximum balance that can be maintained at any time.

Are there any discounts available if buying more retainer hours?

Not during the 50% launch promotion. However, once this promotion is concluded, the more blocks that are purchased will result in a lower hourly rate.

Is an intro session required before a Content Engagement?

Unless we have a prior relationship, the free intro session (“Audition”) is required before we kick off a Content Engagement. It’s an opportunity to answer any questions you may have and ensure that my services will address your needs.

Who will I work with and who delivers the work?

You will work directly with me (Jay) the vast majority of the time. However, it is possible that you will interact with my wife and business partner, Christene. Although she typically works behind the scenes with various administrative tasks, at times she may handle initial request triage or may contribute to some of the service delivery. Professionally, she is an incredible project manager, so I may enlist her help in longer term or larger engagements.

What kind of turnaround time can I expect on my requests?

Every engagement is unique and my schedule varies day-by-day. The amount of time needed will be determined on a case-by-case basis, based on request scope, complexity, and urgency of your needs. You will receive an estimated delivery time following the request.

What about urgent or time-sensitive requests?

If your request is urgent and/or has a very short turnaround time, I will do my very best to accommodate. If moving your request to the front of the queue will adversely affect the delivery of another customer’s request, I will reach out to that customer to obtain their consent for a change to their request’s delivery date. If they approve the change, I will continue with your request at the emergency rate (2x). If they are not ok with the move, I will slot your request in as aggressively as possible.

For example:
You have a very important presentation on Wednesday morning and you need updates to a Splunk dashboard or report. You send a request at the end of the day on Tuesday. I had previously committed to Acme Inc. that I would have their request done by Wednesday morning.

In this scenario, I reach out to Acme and ask if they are ok with me pushing back the delivery. If they are ok with the reschedule, we proceed with the request at a 2x rate (1 hour work = 2 hours deducted).  If they are not ok with pushing back delivery, I do my best to get you something, even if not the full solution you’re seeking.

Do you provide any reports or visibility into my retainer balance?

Yes. You can expect complete transparency and a detailed accounting of work performed. All retainer activities are captured in our online billing system. You can login at anytime and view the time and activity logged on your retainer to date. This interface also provides account summary and invoice information.

Will you sign a non-disclosure agreement?

Yes. If you are working on a project that requires formal legal protection due to intellectual property concerns or other sensitivity, I am happy to execute a mutual NDA. That said, I maintain strict confidentiality by default.

What about security clearance?

I do not currently hold a clearance and as shorter term transactional work, it isn’t practical to obtain one to work with government clientele. That said, if your organization allows it, I can deliver a Content Engagement on sanitized static datasets. I’ve done this in the past and while it’s not ideal, it can still be effective.

Are there any limitations I should know about?

Due to the terms of my current employment, I am not able to work with any healthcare organizations.

Further, while it should go without saying, I’ll err on the side of over-communication: I will not render services to any individual or entity that is engaged in criminal, questionable, or otherwise shady activity.

Crank it to 11.

BOOK INTRO SESSION

Copyright © 2025 Benfield Creative, LLC. All rights reserved.

Photo Credits | Content Disclaimer | Privacy | Comments