LPRC - CrimeScience – The Weekly Review: Episode 26 – The Virtualization of Microsoft’s Security Operation – with Dr. Read Hayes, Tony D’Onofrio,Tom Meehan and Featured Guest Brian Tuskan (Microsoft)

Episode Date: September 24, 2020

Brian Tuskan, Sr. Director, Chief Security Officer for Microsoft, joins us this week to discuss how the virtualization of Microsoft’s Security Operations has benefited his team and Microsoft during ...this pandemic, and the inspiration behind Cop to Corporate.  Our co-hosts also delve into civil unrest preparations, changes in payment trends, Amazon’s micro-fulfillment centers, Walmart’s trial drone delivery, and more. Brian Tuskan has over 30 years of experience in law enforcement and the private security sector.  He is the Sr. Director, Chief Security Officer for Microsoft’s Global Security Operations in the Real Estate & Security Organization.  Brian’s team is responsible for the physical security of all of Microsoft’s global corporate footprint: Security Operations, Investigations, Threat Management, High-Value Assets, Intelligence, Virtual Security Operations Centers, Executive Protection, Risk & Enterprise Resiliency, Event Risk Management, & Background Screening. As a public servant, Brian spent over 12 years in law enforcement with the City of Redmond Police (Washington) and the Honolulu Police Department. The post CrimeScience – The Weekly Review: Episode 26 – The Virtualization of Microsoft’s Security Operation – with Dr. Read Hayes, Tony D’Onofrio,Tom Meehan and Featured Guest Brian Tuskan (Microsoft) appeared first on Loss Prevention Research Council.

Transcript
Discussion (0)
Starting point is 00:00:00 Hi everyone, welcome to Crime Science. In this podcast, we aim to explore the science of crime and the practical application of this science for loss prevention and asset protection practitioners, as well as other professionals. We would like to thank Bosch for making this episode possible. We use Bosch Camera's onboard intelligent video analytics to quickly locate important recorded incidents or events. Bosch's forensic search saves you time and money by searching through hours or days of video within minutes to find and collect video evidence. Learn more about intelligent video analytics from Bosch in zones one through four of LPRC's zones of influence by visiting Bosch online at BoschSecurity.com. Welcome, everybody, to another episode of Crime Science Podcast, the latest in our series of weekly updates. weekly updates. Today, I'm excited not only to be joined by our usual cast of characters, Tom Meehan and Tony D'Onofrio and our producer, Kevin Tran, but also Brian Tuscan of Microsoft. So we're going to all spend a few minutes about what we see going on, what we're trying to do about it now, and to
Starting point is 00:01:04 be even more prepared in the future. I'll start off again with a little bit of an update on just perusing what's going on with COVID-19. Again, we know that the virus seems unusual in a lot of ways in the way it presents or doesn't present in everybody that thinks they've had it or there's some tests that that thinks they've had it, or there's some tests that looks like they have had it. There's new research out to comparing sort of the idea of long haulers, those of us that have had the disease or are still experiencing sort of long term effects, negative effects. But then comparing those to influenza or different seasonal flu, that there are similarly long haulers as well.
Starting point is 00:01:48 And so the medical professionals trying to sort out, is this more prevalent, the long haul concept? What are the differences? And what seemed to be the causal cascade here that's resulting in that? And then, of course, even more critically, are there things that can be done early as well as later to reduce the likelihood and reduce the severity? Testing, we see now at least two major research universities that are getting ready to come out or in early phases any way of testing of breathalyzer-based testing. laser-based testing. This has, of course, been going on for a while in the last recent years for other respiratory viruses or illnesses and diabetes detection and even certain cancer detection. So the idea of completely non-evasive, very rapid tests is a possibility as far as being on the horizon. And we see now with saliva testing and even here
Starting point is 00:02:45 at the University of Florida where the nasal throat swab is still going on, not really the blood testing so much with students and faculty and others, but moving more toward a saliva. And even now there's the possibility or maybe even the probability that there'll be an app based to help uh recognize and diagnose so stay tuned on as apps and other concepts play a role in testing prevention again more and more research coming to the fore around masking what how many layers what material um how snug and things like that as far as reducing the output from viremic, those of us that are viremic or in other words shedding the SARS-CoV-2 virus. And then of course reducing on the other end the amount that we onboard, the load that
Starting point is 00:03:41 we take on, which seems to still more research indicating the more the dose, the higher the dose of virus we take onboard, the more likely we're to get disease. And then of course, even more likely the disease to be serious. So with both parties wearing snugly fit, adequate screening type masks, then that seems to be critical. And again, adequate screening type mass, then that seems to be critical. And again, we know that the fomines on the surface transference seems to be part of the equation, but not as critical as droplet-borne and then even now possibly aerialized transmission. So the mass seems to be in play and may well be, according to a lot of experts, through this time next year, and may well be, according to a lot of experts, through this time next year,
Starting point is 00:04:31 with or without one or more very efficacious and safe vaccines that are available. We know also on the vaccine front, still more research, and I don't know if it's debate, but certainly discussion around the strategy to deploy one or more of the vaccines once they are found, or at least all the data show that they're safe and efficacious, are those that are most exposed. Again, healthcare workers and front-facing, if you will, essential workers, then possibly now do we go to the most vulnerable? Do we go to those that are the highest spreaders, that are the most transmissible? And this discussion is coming up, too, with, again, more and more discussion around challenge studies, this One Day Sooner group. There are over 35,000, maybe even a lot more people now signed up to participate in the informed consent challenge trials. And that's where people are exposed to the virus and then see what the response is to those that have been vaccinated versus those that have
Starting point is 00:05:32 got a placebo. And you can imagine, are there ethical and equitable questions around that? Well, sure there are. There's no rescue treatment available that's known right this minute. And so do we do something where there's not a rescue treatment? Others saying, well, we would use the very, the most healthy, those that have gone through screening that are the least likely to have disease or at least serious disease, COVID-19. And then, but the, well, wait, don't want, we want to vaccinate the vulnerable first. And then others know, again, it wait, we want to vaccinate the vulnerable first and then others. No, again, it's we want to vaccinate those are the most mobile and most likely to transmit the disease. That's how you can generate some level of immunity. So we'll leave that to the experts there.
Starting point is 00:06:16 You know, sort of the on the therapy front. and two, I think it's up to four different sources that were separate and distinct that they're looking at going upstream from this cytokine storm that's creating some of the more serious disease out there and looking at the Bradykinin pathways that are out there. And this is where they generate inflammation. They can be useful and are useful. That's why we've got them. But also maybe that's what's creating the widespread systemic negative response to the disease as well as some of the long hauler situations. And so
Starting point is 00:06:53 the second most powerful computer in the world was used to model as one of the sources here. So stay tuned on some therapies because there are evidently several existing therapies that have been found safe and effective in multiple trials and have been in use. So that looks interesting. The TB vaccine that first came on in the early 1900s, there are different research groups looking at that. That's been used before for beyond tuberculosis and to other respiratory diseases. There's some evidently some results that some of the researchers are pretty excited about. Blood thinners here at the University of Florida, they're working on that angle as well as this combination or polytreatment therapy where
Starting point is 00:07:37 they're looking at three different types of medications together. Right now, we're looking at just about 190 antivirals that are in all types of levels of testing, 350 plus other treatments that are in effect. 450 of these are preclinical compounds. They've not yet been used in humans, but almost 300 are now in clinical evaluation. So we're looking at just about 30 in phase one human trials, closing in on 20 in phase two human trials, and now nine, possibly soon to be 10 in phase three trials. And these are all separate vaccines in this case, in addition to the over 400 therapy type drugs and medications. So I think that's kind of where we are there. We see up and down all throughout the United States and the world. It is a virus. It's highly transmissible. And when humans get together and their air is moving, their breath is moving or other spread. So what are ways we can reduce that without destroying people's livelihoods and creating real social distancing instead of just physical distancing? Moving on to the LPRC, this has been brought up by Tom and myself and others and even Tony, who's helping us facilitate some of the SOC Lab Fusion Center concept.
Starting point is 00:09:13 And we're going to hear from Brian, who's an absolute expert on the topic. topic but our team in fact today we had another call and we've been working away on pulling together the fusion center using some initial channels right now until we can do something toward the end of the year but particularly with some of the court rulings that are likely to come down possible trigger events the supreme court situation is that a possible trigger event the election itself pre during and post of course I mentioned before, we're putting together a working call on that for the LPRC members to go through that. fix the Florida, really our cybersecurity team here. So he and I actually had a call to start to plan that. We got a call tomorrow as well for the whole group to go through possible election scenarios, what that might look like to trigger who, what, when, where, why, and how, and then implications for digital as well as physical infrastructure. But most importantly, people
Starting point is 00:10:25 protection, just to be prepared. And again, we don't want to sound overly dramatic, but this is 2020. So strategy ad coming up next week. We've got a dry run today. Strategy ad again is around 40 plus of the vice presidents of asset protection and loss prevention for major retail chains coming together for two hours next week on September 29th from 1 to 3 p.m. It's an amazing group of the most senior APLP leaders in the United States and elsewhere. A nice curated situation or a session here put together by John Voitela, the longtime vice president for Office Depot, Office Max, and the rest of the team. Impact 2020 coming up on October 6th through 7th. Record, I think 750, maybe 800 people already enrolled. We typically have 400, just a little over 400.
Starting point is 00:11:30 So we're excited. They have been recording right and left. I'm going to be leaving here in a little bit to go to the labs to record a little bit more safely and so on. So the working groups are all still in full force. Multiple research projects underway. The Dell Technologies NVIDIA Edge server should be here this week so that we'll start to get that in action for doing some really interesting
Starting point is 00:11:54 AI computer vision training and inferencing testing here, working with three different engineering student teams from ISE and UXD engineers here at UF, as well as others on real world. The Safer Places Lab is coming together where we're putting together this entire ecosystem. Our labs simulate different environments, including a SOC. the parking lot, the surrounding area, the interface again with the cityscape, residential, commercial, multi and single family dwellings with the city of Gainesville, how to reincorporate all the sensors and smart lighting and everything to provide a better, safer experience for everybody. So all of these projects underway on top of a lot of product protection, ORC research, supply chain protection.
Starting point is 00:12:45 So, with no further ado, let me go over to my friend and colleague, Tom Meehan. Tom, if you could kind of enlighten us a little bit on what's going on in the world of fraud and violence. Yeah, so I'll be rather brief today because I want to make sure that our guest has ample time to speak, but I wanted to just kind of, you mentioned the SOC, and not to be repetitive, but we are working on that project. And one of the kind of current events in today's world is that there's an expected grand jury ruling coming for Breonna Taylor. So there has been notifications through most major police departments to be prepared for some level of civil disruption. So one of those things that we're working on at the LPRC to identify how could we disseminate
Starting point is 00:13:30 that information, how do we come through? There are some cities who actually declared state of emergency. Louisville has outwardly said that because they're expecting disruption regardless of what the outcome is. This reporting, from my experience, you don't want to really draw a conclusion because the notification is coming out, but pretty much everybody that's involved in the SOCLEP concept has text called and said, hey, what are we hearing? So just another one of those current events. Unfortunately, in today's day and age, there's a lot of them right now in 2020, but something to keep on the back burner and really think about. Real briefly, just to kind of continue trying to talk about payments and some of the risks with that, there was a
Starting point is 00:14:09 really interesting Forrester study that was released specific around the EU and COVID-19 and digital payments. And one of the things that was covered is that one in five folks used a digital payment method in the early stages. And what was interesting is Forrester really talked about the changing the way people use payments in the EU. Okay. And so what's really interesting about the Forrester article is that the permanent change in payment trends is what they're predicting in the EU. As we all know that the EU and the US trends sometimes run in parallel. We're seeing similar spikes in usage.
Starting point is 00:14:50 But it was interesting to note, this particular article didn't talk so much about the risk, but we continue to talk about the risk of, and I know Tony talks about this all the time, really the acceleration of digital transformation and the challenge with retailers having to move virtually at the speed of light, sometimes overnight, and implement changes and still be able to manage risk. So more to come on that. I think it's a pertinent thing to keep in mind
Starting point is 00:15:14 as our customers' behaviors continue to change throughout dealing with COVID-19. How do we stay relevant as retailers and how do we protect ourselves and our customers at the same time without disrupting the customer experience. And then I'll kind of leave with Security InfoWatch had a really interesting article on the five trends than retail risk. And we talk about them all the time on the podcast in different ways. But I think it's important that they started off with organized retail theft and fraud and the concern of that growing. I recently spoke with a couple of folks on this at a conference. And the perception is that because of COVID, it'll increase. But the reality is here, it has been increasing. They also talked about the need for response from law
Starting point is 00:16:02 enforcement for retailers and how in some markets there just isn't any response, both from policy change, bail reform, COVID-19, and it becomes somewhat of a recipe for disaster for law enforcement and retail conjunction. And it isn't a one-sided thing here. It's half of its resource scheme, half of its government piece. So this continues to be a challenge. Also, the article highlighted the physical security capital needs and the human resources needs. moving to a zero-trust environment, heavy infrastructure side, that unfortunately, some of the physical security things fall to the waste side just out of sheer need to keep running through. And actually, this article actually quotes the Loss Prevention Research Council, which I thought was interesting to talk about that and cites kind of some of the things that we talk about often. And then, you know, talking about
Starting point is 00:17:05 the overarching impact on COVID-19, I know we always talk about that on this call, and this isn't really about COVID-19, but really the impact and how challenging it is because the target's moving, right, where the guidance is changing. Each market has different implications and the continued risk for there. And it rounds the article out with the tension and the anger and the desperation of the criminal element of how this changes, talks about mask enforcement and all those things. So continuing kind of the path that we've been taking all along is that these challenges don't, you know, there is a light at the end of the tunnel, of course, but they really seem like they'll be here for some time.
Starting point is 00:17:46 So we'll continue to keep people updated. We'll continue to run, you know, through it. I know today, as we're taping live, the NRF has their NF Protect virtual conference, and there's a lot of conversation about the things we're talking about. And I'm sure on next week's call, we'll cover some of those things. But without further ado, I'm going to turn it over to Tony. Thank you very much, Tom. And it's really my great pleasure to introduce our special guest, Brian Tuscan, who is the Senior Director and Chief Security Officer from Microsoft. Brian has 30 plus years in law enforcement and private sector communities. Brian's team is responsible for
Starting point is 00:18:27 physical security for all of Microsoft's global corporate footprint. As a public servant, Brian spent over 12 years in law enforcement with the City of Redmond Police and the Honolulu Police Department. Brian was named one of the most influential people in security in 2017. He founded Cop2Corporate, which helps law enforcement professionals plan their transition to the private sector. Brian has a criminal justice degree from Whaling University and is a graduate of the University of Washington and received an executive leadership certificate from Georgetown University. So it's my great pleasure to welcome Brian. Well, thank you, Tony, and thank you for having me on your podcast.
Starting point is 00:19:18 Well, welcome. I'm going to jump in right to the first question that I have for you. I would like to, for our audience, to understand how the virtualization of your security operations has benefited your team and Microsoft during the pandemic. Well, that's a great question. And I heard a lot about in the loss prevention, physical security world, asset protection, it's important to have a SOC, you know, Security Operations Center, and a strategy behind it. So specific to our environment, because we did have a small retail footprint, but it's a campus environment. It's very open, and the public has access to a lot of our property. So I would say there's a lot of similarities to what you would find in a retail environment. So I think it's relevant of what I'm going to talk about.
Starting point is 00:20:13 So when I first came over to the Microsoft Corporation, we had about 15 different SOCs, where we were calling them life safety control centers. They were not integrated. They were standalone, good intention, leadership and management from technology. But it was just a hodgepodge of tech, no matter where it sat. And this was around the globe. And from my discussions with people in your industry, I hear there are a lot of similarities to that challenge where you will have these standalone socks where the lack of integration really makes it a challenge. And so as I heard Tom talking about budget restraints, especially where it hits the physical security side, we had the same challenges. So the first thing we came up with was a master plan. You're going to have to have a master plan to determine what's the future going to look like. So we put together a zero-based
Starting point is 00:21:11 study on our 15 SOCs, came back with a master plan where we would reduce the SOCs to three global centers, but the requirement was interoperability. So if one went offline, the other could take over. And it was really for operational load sharing. Now, to get there, it took quite a long time and the resourcing to get it, but we were able to build three operation centers to manage our portfolio throughout the globe. Now, the virtualization piece, as the cloud became more prevalent, we determined that with a cloud strategy, we could reduce our three SOCs to actually two. So we closed about five years ago our London-based operations center and just kept our core fusion, VSOC, Virtual Security Operations Center, in Redmond, Washington, at our main campus.
Starting point is 00:22:12 That's just outside of Seattle. And then our secondary operations center, which is in Hyderabad, India. And the core to running that operations was the technology. And the core to running that operations was the technology. And I want to reiterate the power of technology, but also to keep it simple. There are times where you have good intention people that will go to a conference and buy the latest and greatest thing. The problem with that is if it's not aligned or integrated, it may be a problem. If it's not aligned or integrated, it may be a problem. And so our integration usually relies on one platform, technology platform. And obviously, being at Microsoft, you know what platform that is.
Starting point is 00:22:54 The cloud and the technologies, the third-party software solutions that fit on top of that platform so it's seamless. And I'm not going to go through the myriad of technologies that we use, but just fast forward to COVID-19 where we did not lose any continuity of our business because we had years and years of planning and training for something just like this happened. And a great example for that continuity, business continuity planning, was our Hyderabad, India VSOC was shut down because the government just shut down the entire country. But in Hyderabad, our employees could not even get to work. But we had go bags when they were basically sent home or evacuated to stay at home because of the COVID restrictions. The go bags had laptops. It had the particular radios that have radio over IP. And as long as they had a good internet connection, which they did, they were able to maintain operational continuity for the VSOC 100% virtualized. And the VSOC in Redmond, Washington, we had a skeleton crew, about two people, and the rest were working remotely.
Starting point is 00:24:22 And we maintained all of the GDPR requirements and UL certifications for the lack of staff physically on the location because we had the planning and training in place. What that allowed us to do was to seamlessly operate a huge portfolio. Microsoft, we operate in over 190 countries. Physically, we have about 125 physical locations where we operate around the globe. And we were able to maintain security at all sites with a very limited presence of security, with the exception of physical security. Obviously, you need physical security on site. But the technology behind was the magic that allowed us to seamlessly communicate, to talk to each other, to engage, to respond, even to having technology to work with law enforcement for deployment. As you well know, in COVID, as many people are just working from home, you have higher instances of trespassing
Starting point is 00:25:33 and burglaries and so on and so forth. So we still needed to maintain that presence. And so what I think the future is, as cloud and and technology expands is having SOC as a service through third parties. So we're currently looking at outsourcing a lot of the work that we do in-house to third parties that just do this as a business. akin to years ago when people would have internal IT departments, where now they just have a utility-type service where they're farming off all of the IT infrastructure to cloud providers. And we're looking at the same model for SOCs. That's excellent, Brian, and actually very, very relevant to all this COVID-19 and what we're hearing about it right now in terms of being prepared.
Starting point is 00:26:29 And it's interesting in the journey that you took. But I do want to jump to a second question, which I think is also relevant to this audience. It really inspired me in reading your biography. And actually, what inspired you to create Cup to Corporate? And what are the key lessons learned from the transition that you observed well i started blogging for cop to corporate because i was being inundated with requests through email or through linkedin from current law enforcement professionals federal federal, state, local, municipal, all over the country and the world asking for advice.
Starting point is 00:27:11 And it got to the point where I just did not have the time to respond to everyone. with certain themes that kept on popping up on questions, such as, should I retire at mid-career? Or, you know, I had this particular issue and how to write a resume, so on and so forth. So on my blog, cop2corporate.com, I have all these vignettes and examples of stories that I've had over the years. What that allowed me to do is reach a very large audience because I don't have to interact and tell the same story over and over. It's just out there for free for anyone that can opine on it and help other law enforcement professionals plan the transition. and help other law enforcement professionals plan the transition. As you well know, with the current climate, I've been receiving many requests for guidance on leaving law enforcement and coming into the private sector.
Starting point is 00:28:19 And I would say the key for me, when give any guidance to anyone is to be very thoughtful on why they want to leave and the reasons behind it. And it can't just be an emotional decision, although it's very emotional, but really be thoughtful on why they want to leave and transition. Because just jumping ship from the public sector to the private sector, it's not as easy as some people think it is. So they have to be very thoughtful on it. And so I really did it as a service for law enforcement professionals that have worked, either retired or just decided it's time for them to leave. So they can have a thoughtful process and not just jump into a knee-jerk reaction
Starting point is 00:29:10 because they're emotional or just quit the force and then jump into a job that they're unhappy with. And that's really the main reason I did it. Well, thank you, Brian. I really, really appreciated both your insights on the virtualizations of operation centers and also the cut to corporate. That is indeed an inspiring story. Let me move on and just close with some data from the retail industry that's pertinent to what's happening around us. So Amazon announced that they're going to open 1,000 small warehouses across the U.S.
Starting point is 00:29:46 The move reflects the trend of retailers turning to micro-fulfillment centers because they now want to get it to you faster, to get you those products faster and much more efficiently. Walmart announced a pilot program with drone startup Zipline. The trial is due to begin next year and could see products being delivered in under an hour within a 50-mile radius of a Walmart store. So that was interesting in terms of how we're trying to speed up and get the interesting products to consumers much, much quicker. And I'm going to end with a story from Retail Brew in terms of Inditex. Inditex is one of the world's largest apparel retailers. They had a tough time during the heat of the pandemic and actually had their first loss over.
Starting point is 00:30:36 But in their latest quarterly results, they actually returned back to profitability already. So Inditex owns a Zara brand, and they have over 7,000 stores in over 190 countries. They returned the profitability. It was driven by a 74% jump in online sales, and the reopening of 98% of the stores. By the end of July, Inditex reduced their stock and trade by 19% with the help of the flexible suppliers. But what was really interesting to me was at the beginning of the pandemic, Inditex used advanced technology to funnel clothing from closed stores to e-com with room to adjust orders and demand shifted. And they shifted the demand in real time. And they also reduced uh unsold skus the tech that was not mentioned in the article that actually was driving it is actually rfid for this audience in the tax was actually one of the first to deploy
Starting point is 00:31:39 a reusable eas rfid hard tag and and now that And now they're working on their next generation of what that inventory management looks like. So it's really interesting to me how technology was used in terms of, and specifically RFID, to optimize inventory management during the pandemic and return the profitability very, very quickly. So with that, I'm going to turn it over to Reid. All right. Thank you so much, Tony, for that update. Brian, for all that you're doing for those that are contemplating or are moving from law enforcement to the private sector. And like you, I've been in both. And so the grass is not always greener on one side or the other. And so I really like the idea of, you know, let's be thoughtful about it. Certainly there's emotion and there
Starting point is 00:32:32 are reasons. But the idea of providing vignette scenarios, things that they can use to contemplate and think about and ask about is just fantastic. And then the insight that you have on the SOC is pretty amazing and going from all that to what you really need but still contemplating what are ways we can improve, get better, and it doesn't just have to live here or be us and so forth. So great insights. And so I want to thank you, Tom, as well. And Kevin Tran, and for everybody, stay safe. Let us know any questions, comments, suggestions, ideas that
Starting point is 00:33:13 you might have for Crime Science, a podcast. Write us at operations at lpresearch.org. Visit us at lpresearch.org as well. If you have, again, interest in LPRC Impact, go to the website, lpresearch.org. I think it's backslash impact and get registered and so forth. I do want to do a call and nod out. I appreciate Tom doing that. I had my notes to the NRF Protect. That event's going on as we're recording right now, so I'll jump back over and start monitoring that in a few minutes. But a great group.
Starting point is 00:33:47 We love working with NRF. We love working with RILA, FMI, and other industry organizations and all the great people that work there and all the retailers that are involved. So, again, on behalf of the LPRC and our team, everybody stay safe. Thanks for listening to the Crime Science Podcast presented by the Loss Prevention Research Council and sponsored by Bosch Security. If you enjoyed today's episode, you can find more Crime Science episodes and valuable information at lpresearch.org.
Starting point is 00:34:14 The content provided in the Crime Science Podcast is for informational purposes only and is not a substitute for legal, financial, or other advice. Views expressed by guests of the Crime Science Podcast are those of the authors and do not reflect the opinions or positions of the Loss Prevention Research Council.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.