Public sector and higher education leaders are actively developing innovative data analytics and cybersecurity workforce models to combat escalating fraud and cyber threats. A key theme emerging from the recent Splunk conf.25 event in Boston was the critical role of observability practices – drawing insights from both public and private sectors – in ensuring the continuous availability and resilience of essential government and educational services.
Organizations in state government, higher education, and commercial enterprise provided compelling examples: The New Jersey Department of Labor successfully deployed of data analytics to identify fraudulent unemployment insurance claims during the pandemic; Louisiana State University (LSU) and the New Jersey Institute of Technology (NJIT) forged public-private security operations center (SOC) partnerships to cultivate a skilled cyber defense workforce; and Alaska Airlines adopted robust observability practices to prevent outages and ensure service.
From rapid relief to robust fraud prevention: New Jersey’s experience
Joe Beck, chief information officer (CIO) of the New Jersey Department of Labor, recounted the immense pressure faced by the agency’s benefits systems during the COVID-19 pandemic. “We had probably close to 10,000 unemployment insurance claims a day, which is way beyond anything we’ve ever had to support in the past,” Beck stated. Initially, state leadership prioritized expediting benefit disbursements to citizens, a decision that, while critical for immediate relief, inadvertently exposed the system to significant fraud risks.
Malicious actors then exploited this urgency. Chris Perkins, solutions architect at Splunk, revealed that on the dark web, fraudsters were openly sharing detailed instructions – often referred to as “sauce” – on how to submit fraudulent claims. “I found recipes for sauce on the dark net for multiple states … where they were actively sharing and even selling screenshots and documents that articulate exactly how to apply or submit a claim,” Perkins explained, underscoring the sophistication of these schemes.
New Jersey’s proactive response involved developing a dedicated cyber fraud dashboard within Splunk. This solution automated claim verification through integrations with existing mainframe systems and incorporated advanced identity verification tools. The implementation of risk-based alerting further streamlined the process, enabling efficient triage of suspicious claims.
The financial impact was immediate and substantial. Beck reported, “We were saving tens, probably hundreds of thousands a day by just at least getting [fraud flags] in place.” Ultimately, these efforts enabled the state to save nearly $8 billion in taxpayer funds, demonstrating the value of data analytics in safeguarding public resources.
Cultivating the next generation: Public-private cybersecurity workforce development
To address the critical shortage of cybersecurity professionals, Louisiana State University (LSU) and the New Jersey Institute of Technology (NJIT) are pioneering innovative models that embed students directly into SOC operations. LSU CIO Craig Woolley detailed a “franchise model” partnership with TekStream that established a 24/7 SOC where experienced professionals and students collaborate.
TekStream analysts provide continuous coverage, while students gain invaluable hands-on experience by taking shifts, typically Monday through Friday during business hours. Woolley noted the dual benefit: “We’re getting them the experience, and we’re saving money [because] … paying a student is cheaper than paying TekStream or anybody else.” This model not only provides practical training, but also offers a cost-effective solution for bolstering cybersecurity defenses within the educational ecosystem.
This successful approach has scaled significantly, with more than 30 Louisiana schools now participating, and institutions including LSU Shreveport and Louisiana Tech operating their own SOCs. The recent launch of a new “Tiger SOC’ at LSU aims to expand nationwide participation and extend services to private entities, further strengthening the national cyber defense posture.
NJIT successfully replicated this model, launching its “Highland Watch” SOC with seven students in July. Sharon Kelley, chief information security officer at NJIT, emphasized the necessity of this partnership: “If the model that they had wasn’t available … I would have said absolutely not. We just don’t have the time and energy,” highlighting the resource constraints faced by many public institutions.
Micah Champagne, an LSU graduate, is an example of the program’s success in bridging the cybersecurity skills gap. Champagne transitioned his LSU SOC experience directly into a role as a TekStream security analyst. He outlined the structured progression within the LSU SOC, which includes critical thinking and IT assessments, specialized Splunk training, and shadowing professional analysts before students are entrusted with live incident response.
“When you graduate, you don’t have to try to go get that entry-level experience – you already have it,” Champagne said.
Mission continuity: The observability imperative
Alaska Airlines illustrated the critical importance of service uptime, a principle equally vital for public sector operations. “AlaskaAir.com is one of the main places where you can go to buy a ticket. If that’s not working, you lose money,” said Hoppy Shaw, reliability engineering leader at the airline. For commercial entities, direct financial losses from downtime are quantifiable. For public sector agencies, the equivalent impact is measured in disrupted citizen services, compromised public safety, and eroded trust.
Shaw successfully advocated for investment in Splunk’s observability platform by demonstrating to senior leadership how outages directly translate into lost revenue and, critically, potential safety risks. He highlighted a ground stop incident where comprehensive telemetry data could have significantly accelerated recovery. “Had we had the right monitoring in place, we would have had a faster [time] figuring out what was broken … it took us maybe 40 minutes just to figure out where the actual issue was,” he explained, underscoring the tangible benefits of proactive monitoring.
For public sector agencies and educational institutions, this lesson is paramount, Splunk noted: Clearly articulating the financial implications (e.g., cost avoidance, operational efficiency) and, more importantly, the direct impact on mission accomplishment and citizen welfare, can secure essential leadership buy-in for advanced monitoring and observability tools. Alaska Airlines’ strategic approach to justifying investment closely parallels New Jersey’s successful arguments for fraud prevention, both grounded in demonstrating tangible value and risk mitigation.
A Unified Strategy for Public Sector Digital Resilience
Collectively, these examples underscore a strategic evolution in how state and higher education entities are building digital resilience. Modern fraud prevention within critical benefits programs now leverages sophisticated cross-system data aggregation and intelligent risk-based alerting. Cybersecurity workforce development is transforming, moving beyond theoretical classroom instruction to immersive, live SOC environments. Crucially, robust observability practices are being integrated into public sector missions where downtime is simply not an option, directly impacting public safety and service delivery.
For state, local, and education IT leaders, the overarching message is clear and consistent, Splunk noted: Comprehensive data visibility, proactive workforce readiness, and real-time operational monitoring are essential for safeguarding public trust, ensuring the uninterrupted delivery of vital benefits and services to citizens, and strategically preparing the next generation of cybersecurity professionals to defend the nation’s digital infrastructure.