LPRC - CrimeScience – The Weekly Review: Episode 26 – The Virtualization of Microsoft’s Security Operation – with Dr. Read Hayes, Tony D’Onofrio,Tom Meehan and Featured Guest Brian Tuskan (Microsoft)
Episode Date: September 24, 2020Brian Tuskan, Sr. Director, Chief Security Officer for Microsoft, joins us this week to discuss how the virtualization of Microsoft’s Security Operations has benefited his team and Microsoft during ...this pandemic, and the inspiration behind Cop to Corporate. Our co-hosts also delve into civil unrest preparations, changes in payment trends, Amazon’s micro-fulfillment centers, Walmart’s trial drone delivery, and more. Brian Tuskan has over 30 years of experience in law enforcement and the private security sector. He is the Sr. Director, Chief Security Officer for Microsoft’s Global Security Operations in the Real Estate & Security Organization. Brian’s team is responsible for the physical security of all of Microsoft’s global corporate footprint: Security Operations, Investigations, Threat Management, High-Value Assets, Intelligence, Virtual Security Operations Centers, Executive Protection, Risk & Enterprise Resiliency, Event Risk Management, & Background Screening. As a public servant, Brian spent over 12 years in law enforcement with the City of Redmond Police (Washington) and the Honolulu Police Department. The post CrimeScience – The Weekly Review: Episode 26 – The Virtualization of Microsoft’s Security Operation – with Dr. Read Hayes, Tony D’Onofrio,Tom Meehan and Featured Guest Brian Tuskan (Microsoft) appeared first on Loss Prevention Research Council.
Transcript
Discussion (0)
Hi everyone, welcome to Crime Science. In this podcast, we aim to explore the science of crime and the practical application of this science for loss prevention and asset protection practitioners, as well as other professionals.
We would like to thank Bosch for making this episode possible.
We use Bosch Camera's onboard intelligent video analytics to quickly locate important recorded incidents or events.
Bosch's forensic search saves you time and money by searching through hours or days of video within minutes to find and collect video evidence.
Learn more about intelligent video analytics from Bosch in zones one through four of LPRC's zones of influence by visiting Bosch online at BoschSecurity.com.
Welcome, everybody, to another episode of Crime Science Podcast, the latest in our series of weekly updates.
weekly updates. Today, I'm excited not only to be joined by our usual cast of characters, Tom Meehan and Tony D'Onofrio and our producer, Kevin Tran, but also Brian Tuscan of Microsoft. So we're going
to all spend a few minutes about what we see going on, what we're trying to do about it now, and to
be even more prepared in the future.
I'll start off again with a little bit of an update on just perusing what's going on with COVID-19.
Again, we know that the virus seems unusual in a lot of ways in the way it presents
or doesn't present in everybody that thinks they've had it
or there's some tests that that thinks they've had it, or there's some tests that looks
like they have had it. There's new research out to comparing sort of the idea of long haulers,
those of us that have had the disease or are still experiencing sort of long term effects,
negative effects. But then comparing those to influenza or different seasonal flu, that there are similarly long haulers as well.
And so the medical professionals trying to sort out, is this more prevalent, the long haul concept?
What are the differences?
And what seemed to be the causal cascade here that's resulting in that?
And then, of course, even more critically, are there things that can be done early as well as later to reduce the likelihood and reduce the severity?
Testing, we see now at least two major research universities that are getting ready to come out or in early phases any way of testing of breathalyzer-based testing.
laser-based testing. This has, of course, been going on for a while in the last recent years for other respiratory viruses or illnesses and diabetes detection and even certain cancer
detection. So the idea of completely non-evasive, very rapid tests is a possibility as far as being
on the horizon. And we see now with saliva testing and even here
at the University of Florida where the nasal throat swab is still going on, not really the
blood testing so much with students and faculty and others, but moving more toward a saliva. And
even now there's the possibility or maybe even the probability that
there'll be an app based to help uh recognize and diagnose so stay tuned on as apps and other
concepts play a role in testing prevention again more and more research coming to the fore around
masking what how many layers what material um how snug and things like that as far as reducing the output from
viremic, those of us that are viremic or in other words shedding the SARS-CoV-2 virus.
And then of course reducing on the other end the amount that we onboard, the load that
we take on, which seems to still more research indicating
the more the dose, the higher the dose of virus we take onboard, the more likely we're to get
disease. And then of course, even more likely the disease to be serious. So with both parties
wearing snugly fit, adequate screening type masks, then that seems to be critical. And again,
adequate screening type mass, then that seems to be critical. And again, we know that the fomines on the surface transference seems to be part of the equation, but not as critical as
droplet-borne and then even now possibly aerialized transmission. So the mass seems to be
in play and may well be, according to a lot of experts, through this time next year,
and may well be, according to a lot of experts, through this time next year,
with or without one or more very efficacious and safe vaccines that are available.
We know also on the vaccine front, still more research, and I don't know if it's debate, but certainly discussion around the strategy to deploy one or more of the vaccines once they are found, or at least all the data show that they're safe and efficacious, are those that are most exposed.
Again, healthcare workers and front-facing, if you will, essential workers, then possibly now do we go to the most vulnerable?
Do we go to those that are the highest spreaders, that are the most transmissible?
And this discussion is coming up, too, with, again, more and more discussion around challenge studies, this One Day Sooner group.
There are over 35,000, maybe even a lot more people now signed up to participate in the informed consent challenge trials.
And that's where people are exposed to the virus
and then see what the response is to those that have been vaccinated versus those that have
got a placebo. And you can imagine, are there ethical and equitable questions around that?
Well, sure there are. There's no rescue treatment available that's known right this minute.
And so do we do something where there's not a rescue treatment? Others saying, well, we would use the very,
the most healthy, those that have gone through screening that are the least likely to have
disease or at least serious disease, COVID-19. And then, but the, well, wait, don't want,
we want to vaccinate the vulnerable first. And then others know, again, it wait, we want to vaccinate the vulnerable first and then others.
No, again, it's we want to vaccinate those are the most mobile and most likely to transmit the disease.
That's how you can generate some level of immunity. So we'll leave that to the experts there.
You know, sort of the on the therapy front. and two, I think it's up to four different sources that were separate and distinct that
they're looking at going upstream from this cytokine storm that's creating some of the
more serious disease out there and looking at the Bradykinin pathways that are out there.
And this is where they generate inflammation.
They can be useful and are useful.
That's why we've got them.
But also maybe that's what's creating the widespread
systemic negative response to the disease as well as some of the long hauler situations. And so
the second most powerful computer in the world was used to model as one of the sources here.
So stay tuned on some therapies because there are evidently several existing therapies that have
been found safe and effective in multiple trials and have been in use. So that looks interesting.
The TB vaccine that first came on in the early 1900s, there are different research groups looking
at that. That's been used before for beyond tuberculosis and to other respiratory diseases.
There's some evidently some results that some of
the researchers are pretty excited about. Blood thinners here at the University of Florida,
they're working on that angle as well as this combination or polytreatment therapy where
they're looking at three different types of medications together. Right now, we're looking at just about 190
antivirals that are in all types of levels of testing, 350 plus other treatments that are in
effect. 450 of these are preclinical compounds. They've not yet been used in humans, but almost 300 are now in clinical evaluation.
So we're looking at just about 30 in phase one human trials, closing in on 20 in phase two human trials, and now nine, possibly soon to be 10 in phase three trials.
And these are all separate vaccines in this case, in addition to the over 400 therapy type drugs and medications.
So I think that's kind of where we are there. We see up and down all throughout the United States
and the world. It is a virus. It's highly transmissible. And when humans get together and their air is moving, their breath is moving or other spread.
So what are ways we can reduce that without destroying people's livelihoods and creating real social distancing instead of just physical distancing? Moving on to the LPRC, this has been brought up by Tom and myself and others and even Tony, who's helping us facilitate some of the SOC Lab Fusion Center concept.
And we're going to hear from Brian, who's an absolute expert on the topic.
topic but our team in fact today we had another call and we've been working away on pulling together the fusion center using some initial channels right now until we can do something
toward the end of the year but particularly with some of the court rulings that are likely to come
down possible trigger events the supreme court situation is that a possible trigger event the
election itself pre during and post of course I mentioned before, we're putting together a working call on that for the LPRC members to go through that.
fix the Florida, really our cybersecurity team here. So he and I actually had a call to start to plan that. We got a call tomorrow as well for the whole group to go through possible election
scenarios, what that might look like to trigger who, what, when, where, why, and how, and then
implications for digital as well as physical infrastructure. But most importantly, people
protection, just to be prepared. And again, we don't want to sound overly dramatic, but this is
2020. So strategy ad coming up next week. We've got a dry run today. Strategy ad again is around
40 plus of the vice presidents of asset protection and loss prevention for major retail chains
coming together for two hours next week on September 29th from 1 to 3 p.m. It's an amazing
group of the most senior APLP leaders in the United States and elsewhere. A nice curated situation or a session here put together by John
Voitela, the longtime vice president for Office Depot, Office Max, and the rest of the team.
Impact 2020 coming up on October 6th through 7th. Record, I think 750, maybe 800 people already enrolled.
We typically have 400, just a little over 400.
So we're excited.
They have been recording right and left.
I'm going to be leaving here in a little bit
to go to the labs to record a little bit more safely and so on.
So the working groups are all still in full force.
Multiple research projects underway.
The Dell Technologies NVIDIA Edge server
should be here this week so that we'll start to get that in action for doing some really interesting
AI computer vision training and inferencing testing here, working with three different
engineering student teams from ISE and UXD engineers here at UF, as well as others on real world.
The Safer Places Lab is coming together where we're putting together this entire ecosystem.
Our labs simulate different environments, including a SOC.
the parking lot, the surrounding area, the interface again with the cityscape,
residential, commercial, multi and single family dwellings with the city of Gainesville, how to reincorporate all the sensors and smart lighting and everything to provide a better,
safer experience for everybody. So all of these projects underway on top of a lot of product
protection, ORC research, supply chain protection.
So, with no further ado, let me go over to my friend and colleague, Tom Meehan. Tom,
if you could kind of enlighten us a little bit on what's going on in the world of fraud and violence.
Yeah, so I'll be rather brief today because I want to make sure that our guest has ample time
to speak, but I wanted to just kind of, you mentioned the SOC, and not to be repetitive, but we are working on that project. And one of the kind of
current events in today's world is that there's an expected grand jury ruling coming for Breonna
Taylor. So there has been notifications through most major police departments to be prepared for
some level of civil disruption.
So one of those things that we're working on at the LPRC to identify how could we disseminate
that information, how do we come through? There are some cities who actually declared state of
emergency. Louisville has outwardly said that because they're expecting disruption regardless
of what the outcome is. This reporting, from my experience, you don't want to really draw a
conclusion because the notification is coming out, but pretty much everybody that's involved in the
SOCLEP concept has text called and said, hey, what are we hearing? So just another one of those
current events. Unfortunately, in today's day and age, there's a lot of them right now in 2020, but
something to keep on the back burner and really think about. Real briefly, just to
kind of continue trying to talk about payments and some of the risks with that, there was a
really interesting Forrester study that was released specific around the EU and COVID-19
and digital payments. And one of the things that was covered is that one in five folks used a
digital payment method in the early stages. And what was interesting is
Forrester really talked about the changing the way people use payments in the EU.
Okay. And so what's really interesting about the Forrester article is that the permanent change
in payment trends is what they're predicting in the EU. As we all know that the EU and the US trends
sometimes run in parallel.
We're seeing similar spikes in usage.
But it was interesting to note,
this particular article didn't talk so much about the risk,
but we continue to talk about the risk of,
and I know Tony talks about this all the time,
really the acceleration of digital transformation
and the challenge with retailers having to move
virtually at the speed of light, sometimes overnight, and implement changes and still
be able to manage risk. So more to come on that. I think it's a pertinent thing to keep in mind
as our customers' behaviors continue to change throughout dealing with COVID-19. How do we stay
relevant as retailers and how do we protect ourselves and our customers at the same
time without disrupting the customer experience. And then I'll kind of leave with Security
InfoWatch had a really interesting article on the five trends than retail risk. And we talk about
them all the time on the podcast in different ways. But I think it's important that they started
off with organized retail theft and fraud and the concern of that growing. I recently spoke with a couple of folks
on this at a conference. And the perception is that because of COVID, it'll increase. But the
reality is here, it has been increasing. They also talked about the need for response from law
enforcement for retailers and how in some markets there just
isn't any response, both from policy change, bail reform, COVID-19, and it becomes somewhat
of a recipe for disaster for law enforcement and retail conjunction. And it isn't a one-sided thing
here. It's half of its resource scheme, half of its government piece. So this continues to be a challenge.
Also, the article highlighted the physical security capital needs and the human resources needs. moving to a zero-trust environment, heavy infrastructure side, that unfortunately,
some of the physical security things fall to the waste side just out of sheer need to keep running through. And actually, this article actually quotes the Loss Prevention Research
Council, which I thought was interesting to talk about that and cites kind of some of the things
that we talk about often. And then, you know, talking about
the overarching impact on COVID-19, I know we always talk about that on this call, and this
isn't really about COVID-19, but really the impact and how challenging it is because the target's
moving, right, where the guidance is changing. Each market has different implications and the
continued risk for there. And it rounds the article out with
the tension and the anger and the desperation of the criminal element of how this changes,
talks about mask enforcement and all those things. So continuing kind of the path that we've been
taking all along is that these challenges don't, you know, there is a light at the end of the
tunnel, of course, but they really seem like they'll be here for some time.
So we'll continue to keep people updated.
We'll continue to run, you know, through it.
I know today, as we're taping live, the NRF has their NF Protect virtual conference, and there's a lot of conversation about the things we're talking about.
And I'm sure on next week's call, we'll cover some of those things.
But without further ado, I'm going to turn it over to Tony.
Thank you very much, Tom. And it's really my great pleasure to introduce our special guest,
Brian Tuscan, who is the Senior Director and Chief Security Officer from Microsoft.
Brian has 30 plus years in law enforcement and private sector communities. Brian's team is responsible for
physical security for all of Microsoft's global corporate footprint. As a public servant, Brian
spent over 12 years in law enforcement with the City of Redmond Police and the Honolulu Police
Department. Brian was named one of the most influential people in security in 2017.
He founded Cop2Corporate, which helps law enforcement professionals plan their transition
to the private sector. Brian has a criminal justice degree from Whaling University and is a
graduate of the University of Washington and received an executive leadership certificate from Georgetown University.
So it's my great pleasure to welcome Brian.
Well, thank you, Tony, and thank you for having me on your podcast.
Well, welcome. I'm going to jump in right to the first question that I have for you. I would like to, for our audience,
to understand how the virtualization of your security operations has benefited your team
and Microsoft during the pandemic. Well, that's a great question. And I heard a lot about in the
loss prevention, physical security world, asset protection, it's important to have a SOC,
you know, Security Operations Center, and a strategy behind it. So specific to our environment,
because we did have a small retail footprint, but it's a campus environment. It's very open,
and the public has access to a lot of our property. So I would say there's a lot of similarities to what
you would find in a retail environment. So I think it's relevant of what I'm going to talk about.
So when I first came over to the Microsoft Corporation, we had about 15 different SOCs,
where we were calling them life safety control centers. They were not integrated.
They were standalone, good intention, leadership and management from technology. But it was just
a hodgepodge of tech, no matter where it sat. And this was around the globe. And from my discussions
with people in your industry, I hear there are a lot of similarities to that challenge where you will have these standalone socks where the lack of integration really makes it a challenge.
And so as I heard Tom talking about budget restraints, especially where it hits the
physical security side, we had the same challenges. So the first thing we came up with was a master
plan. You're going to have to have a master plan to determine what's the future going to look like. So we put together a zero-based
study on our 15 SOCs, came back with a master plan where we would reduce the SOCs to three
global centers, but the requirement was interoperability. So if one went offline,
the other could take over. And it was really for operational load sharing. Now, to get there,
it took quite a long time and the resourcing to get it, but we were able to build three
operation centers to manage our portfolio throughout the globe. Now, the virtualization
piece, as the cloud became more prevalent, we determined that with a cloud strategy,
we could reduce our three SOCs to actually two. So we closed about five years ago our London-based operations center and just kept our core fusion,
VSOC, Virtual Security Operations Center, in Redmond, Washington, at our main campus.
That's just outside of Seattle.
And then our secondary operations center, which is in Hyderabad, India.
And the core to running that operations was the technology.
And the core to running that operations was the technology.
And I want to reiterate the power of technology, but also to keep it simple.
There are times where you have good intention people that will go to a conference and buy the latest and greatest thing. The problem with that is if it's not aligned or integrated, it may be a problem.
If it's not aligned or integrated, it may be a problem. And so our integration usually relies on one platform, technology platform.
And obviously, being at Microsoft, you know what platform that is.
The cloud and the technologies, the third-party software solutions that fit on top of that platform so it's seamless.
And I'm not going to go through the myriad of technologies that we use, but just fast forward to COVID-19 where we did not lose any continuity of our business because we had years and years of planning and training for something just like this happened. And a great example for that continuity,
business continuity planning, was our Hyderabad, India VSOC was shut down because the government just shut down the entire country. But in Hyderabad, our employees could not even get to work. But we had go bags when they were basically sent home or evacuated
to stay at home because of the COVID restrictions. The go bags had laptops. It had
the particular radios that have radio over IP. And as long as they had a good internet connection, which they did,
they were able to maintain operational continuity for the VSOC 100% virtualized.
And the VSOC in Redmond, Washington, we had a skeleton crew, about two people,
and the rest were working remotely.
And we maintained all of the GDPR requirements and UL certifications for the lack of staff physically on the location because we had the planning and training in place.
What that allowed us to do was to seamlessly operate a huge portfolio. Microsoft, we operate in over 190
countries. Physically, we have about 125 physical locations where we operate around the globe.
And we were able to maintain security at all sites with a very limited presence of security,
with the exception of physical security. Obviously, you need physical
security on site. But the technology behind was the magic that allowed us to seamlessly
communicate, to talk to each other, to engage, to respond, even to having technology to work with law enforcement for deployment. As you well know,
in COVID, as many people are just working from home, you have higher instances of trespassing
and burglaries and so on and so forth. So we still needed to maintain that presence.
And so what I think the future is, as cloud and and technology expands is having SOC as a service through third parties.
So we're currently looking at outsourcing a lot of the work that we do in-house to third parties that just do this as a business.
akin to years ago when people would have internal IT departments,
where now they just have a utility-type service where they're farming off all of the IT infrastructure to cloud providers.
And we're looking at the same model for SOCs.
That's excellent, Brian, and actually very, very relevant to all this COVID-19
and what we're hearing about it right now in terms of being prepared.
And it's interesting in the journey that you took.
But I do want to jump to a second question, which I think is also relevant to this audience.
It really inspired me in reading your biography.
And actually, what inspired you to create Cup to Corporate?
And what are the key
lessons learned from the transition that you observed well i started blogging for cop to
corporate because i was being inundated with requests through email or through linkedin
from current law enforcement professionals federal federal, state, local, municipal, all over the country and the world asking for advice.
And it got to the point where I just did not have the time to respond to everyone. with certain themes that kept on popping up on questions, such as, should I retire at mid-career?
Or, you know, I had this particular issue and how to write a resume, so on and so forth. So on my
blog, cop2corporate.com, I have all these vignettes and examples of stories that I've had over the years. What that allowed me to do is reach a very large audience
because I don't have to interact and tell the same story over and over.
It's just out there for free for anyone that can opine on it
and help other law enforcement professionals plan the transition.
and help other law enforcement professionals plan the transition.
As you well know, with the current climate, I've been receiving many requests for guidance on leaving law enforcement and coming into the private sector.
And I would say the key for me, when give any guidance to anyone is to be very thoughtful
on why they want to leave and the reasons behind it.
And it can't just be an emotional decision, although it's very emotional, but really be
thoughtful on why they want to leave and transition.
Because just jumping ship from the public sector to the private sector, it's not as easy as some people
think it is. So they have to be very thoughtful on it. And so I really did it as a service for
law enforcement professionals that have worked, either retired or just decided it's time for them to leave. So they can have a thoughtful process
and not just jump into a knee-jerk reaction
because they're emotional or just quit the force
and then jump into a job that they're unhappy with.
And that's really the main reason I did it.
Well, thank you, Brian.
I really, really appreciated both your insights on the virtualizations of operation centers and also the cut to corporate.
That is indeed an inspiring story.
Let me move on and just close with some data from the retail industry that's pertinent to what's happening around us.
So Amazon announced that they're going to open 1,000 small warehouses across the U.S.
The move reflects the trend of retailers turning to micro-fulfillment centers because they now want to get it to you faster, to get you those products faster and much more efficiently.
Walmart announced a pilot program with drone startup Zipline. The trial is due to begin next year and could see
products being delivered in under an hour within a 50-mile radius of a Walmart store. So that was
interesting in terms of how we're trying to speed up and get the interesting products to consumers
much, much quicker. And I'm going to end with a story from Retail Brew in terms of Inditex.
Inditex is one of the world's largest apparel retailers.
They had a tough time during the heat of the pandemic and actually had their first loss
over.
But in their latest quarterly results, they actually returned back to profitability already. So Inditex owns a Zara brand, and they have over 7,000 stores in over 190 countries.
They returned the profitability.
It was driven by a 74% jump in online sales, and the reopening of 98% of the stores.
By the end of July, Inditex reduced their stock and trade by 19% with the help of the flexible suppliers.
But what was really interesting to me was at the beginning of the pandemic, Inditex used advanced technology to funnel clothing from closed stores to e-com with room to adjust orders and demand shifted.
And they shifted the demand in real time.
And they also reduced uh unsold skus the tech that was not mentioned in the article that actually was
driving it is actually rfid for this audience in the tax was actually one of the first to deploy
a reusable eas rfid hard tag and and now that And now they're working on their next generation of what that
inventory management looks like. So it's really interesting to me how technology was used in
terms of, and specifically RFID, to optimize inventory management during the pandemic
and return the profitability very, very quickly. So with that, I'm going to
turn it over to Reid. All right. Thank you so much, Tony, for that update. Brian, for all that
you're doing for those that are contemplating or are moving from law enforcement to the private
sector. And like you, I've been in both. And so the grass is not always greener on one side or the other. And so I really
like the idea of, you know, let's be thoughtful about it. Certainly there's emotion and there
are reasons. But the idea of providing vignette scenarios, things that they can use to contemplate
and think about and ask about is just fantastic. And then the insight that you have on the SOC is pretty amazing
and going from all that to what you really need
but still contemplating what are ways we can improve,
get better, and it doesn't just have to live here or be
us and so forth. So great insights.
And so I want to thank you, Tom, as well. And Kevin Tran,
and for everybody, stay safe. Let us know any questions, comments, suggestions, ideas that
you might have for Crime Science, a podcast. Write us at operations at lpresearch.org. Visit
us at lpresearch.org as well. If you have, again, interest in LPRC Impact, go to the website, lpresearch.org.
I think it's backslash impact and get registered and so forth.
I do want to do a call and nod out.
I appreciate Tom doing that.
I had my notes to the NRF Protect.
That event's going on as we're recording right now, so I'll jump back over and start monitoring that in a few minutes.
But a great group.
We love working with NRF.
We love working with RILA, FMI, and other industry organizations and all the great people that work there and all the retailers that are involved.
So, again, on behalf of the LPRC and our team, everybody stay safe.
Thanks for listening to the Crime Science Podcast presented by the Loss Prevention Research Council
and sponsored by Bosch Security.
If you enjoyed today's episode,
you can find more Crime Science episodes
and valuable information at lpresearch.org.
The content provided in the Crime Science Podcast
is for informational purposes only
and is not a substitute for legal,
financial, or other advice.
Views expressed by guests of the Crime Science Podcast
are those of the authors
and do not reflect the opinions or positions
of the Loss Prevention Research Council.