Strategies for Effective Insider Risk Programs with Honeywell’s Mike Pierce and Kevin Renwick

0:00

Manish:
Hello, and welcome to the Ontic Connected Intelligence Podcast. I’m Manish Mehta, Ontic’s Chief Product Officer. Join us as we delve into valuable insights and practical advice that will empower you to navigate the complexities of modern corporate security and risk. We’re here to share knowledge from experienced leaders and innovators in the field. All right. Get settled, and let’s dive in. Mike Pierce has worked for Honeywell as a senior threat investigator for the last three years. Prior to working for Honeywell, he had a 33-year law enforcement career. His focus in law enforcement was on patrol, training, special events, and intelligence with his personal interest in technology and software. He has honed a talent for problem solving and finding failed or missing critical processes. Kevin Renwick has worked as the team manager for Honeywell’s investigation program for the last three years. Before Honeywell, Kevin worked for the Tempe Police Department for almost 28 years as sergeant over their threat mitigation unit. With extensive experience in both corporate security and crisis management, he plays a critical role in safeguarding Honeywell’s assets and workforce. Please welcome Mike and Kevin to our podcast. Gentlemen, good afternoon. How are you?

Kevin:
Doing very well. How are you? Thanks for having us.

1:33

Manish:
Let’s have a great conversation. So tell me, and Kevin, I’ll start with you. Tell me about the transition from law enforcement to corporate security. How was that and how did that come about?

Kevin:
Um, came as a, uh, a phone call in April of, uh, 21. So that was shortly after the, the illustrious year of 2020 where, you know, there was a lot of defund the police and then there was COVID and there was, there was all kinds of fun stuff going on. Um, so my, my now boss called me and basically said, Hey, we got a, we got an opening over here that we think you might do well in, you know, and, uh, you know, what do you think? And I was like, At that point, you know, I knew I was coming up on 28 years. It was I knew that I was probably getting close anyway. So it just seemed like, you know, this was the stars cooking and planets cooking into an alignment. And I was like, hey, absolutely. Where do I send my where do I send my application? You know, and the transition was actually. Not as bad as I thought. You know, there’s a lot of government folks working in Honeywell that were former government. So it was kind of, it’s kind of nice, you know, because there’s people that still kind of speak that language. So it was, it was, uh, it’s like a halfway house, you know, for people coming out of the government world, going in corporate.

Manish:
I love that halfway house. What’s, uh, before I turn it over to you, Mike, Kevin, what’s been the biggest surprise, either pleasant surprise or maybe a shock?

Kevin:
I guess one of the pleasant surprises is the fact that from a leadership perspective, all the lessons that I learned back in the police world translate really seamlessly to any situation. And a lot of the lessons that I learned before are all applicable to this career as well.

Manish:
Love it. Love it. Mike, again, thank you for joining that, joining us. I know there’s some inclement weather heading to Florida. Okay. Just a hurricane. It’s Florida. It’s Florida. But tell me about the transition.

Mike:
Uh, my transition was, yeah, it was similar to Kevin’s with an exception. So Kevin and I worked at the same department and we have been working together as sergeants, uh, as officers for over a quarter of a century. So when I came over, we didn’t miss a beat. Imagine if you came into an organization and you already knew exactly what your manager needed immediately. Like there was no question. You had like a secondary thing to his brain. So we came into the organization and we were, we were running already. I think, um, compared to others that I, I never have to figure out what he wants or what he needs to get his job done. I know. And he knows what he can push on me.

Kevin:
Yeah, we frequently finish each other’s sentences and we’re often mistaken for the other one. Yeah, absolutely.

4:36

Manish:
You guys are doppelgangers. I get it. I get it. So relationships are everything. I’ve heard that many, many times in my career. No truer words have been spoken, I think, given both of your careers and the relationship you have with each other. But how does that translate into corporate security? Look, I’ve been in corporate security for several decades as well, and or the analog to law enforcement, but I can tell you there’s a lot of hierarchy, a lot of bureaucracy, and a lot of politics similar to law enforcement or very different. And what did you guys have to do to adjust given how important relationships are?

Kevin:
One of my jobs when I was at the PD was as liaison officer. So I learned quick that the relationships that you establish, I would frequently say to people, the first time I meet you, it should not be in a command post. I was always a big fan of meeting people for coffee, still am. Just chatting, it doesn’t have to be about work, it just could be about how weekend went or trips coming up. It doesn’t matter what job it is, Honeywell is no different. People are people, and you establish those connections. Once you establish those connections, now when I call you and say, hey, I need some help, you’re way more likely to help me because we’ve already put that connection money in the bank, if that makes sense.

Manish:
Mike, the same for you?

Mike:
Absolutely. In a PD world, you knew who you could talk to at any given time to get the information you needed. I think what we brought to Honeywell, at least, was we had a very open mindset because we came from that place. We came from the place of establishing relationships. So from the instances where we didn’t counter silos in the organization, we very quickly tried to dispel them. That was one of Kevin’s first edicts, so to speak, was, hey, if you see a silo, get rid of it. Establish a relationship. This is going to bring dividends down the line. And we did that.

Manish:
I love that. One unique thing about law enforcement, and I imagine an investigative unit would be a little bit different, but law enforcement has a presence, they’re known, they’re visible. Investigative teams might be a little bit more invisible, I’d imagine. But in corporate security, oftentimes security is a bit more invisible in a corporate function. How have you guys been able to bridge relationships across the organization, given where security typically sits inside of a corporation? Either of you can take that one.

Mike:
Mike, you want to take this one? Yeah, I think one of the advantages we have, probably with some of the… Ontic works with a variety of people across the world, right? But one of the advantages we had is we’re based in cyber. So when we go out to establish a relationship with a group, a lot of times we had tools at our disposal that they might not have had. You know, we had alerts that we could do. We had different things that I think a lot of insider risk units are based in either physical security, um, and they may not have control over certain tools. And we definitely had that. And that was, that’s, that’s been a huge, a huge benefit for us to establish those relationships.

Manish:
I love that.

Mike:
And so we don’t stay hidden. We, in fact, we sell ourselves as much as we can on every investigation. So if I’m investigating you, right, or say one of your folks, let’s say you’re a manager and I’m investigating one of your people, at the end of the call, I’d be like, hey, if anything ever comes up, reach out to us. We’re here to provide information. So we definitely don’t try to stay secret because if people know we exist, they’re much more likely to call us if they see something or hear something.

Manish:
Kevin, you experienced the same and which departments and organizations are your closest allies?

Kevin:
Yes, similar experiences. We try not to hide. And we try to put ourselves out there. We’ve offered different training. There’s a lot of investigators that we work with directly or around that they don’t have the investigative experience that Mike and I have. And it doesn’t matter where we got it from or who we were interviewing. Having those interview sessions with another person takes practice. It doesn’t, you know, it’s, well, who knows, maybe it does come naturally to you, but it didn’t come naturally to me when I learned. So we try to pass some of those lessons learned on to, you know, some of the newer folks that, you know, maybe they’re in an investigative position and they just got out of college. And they’ve only been with Honeywell for a year or two. And that’s not a natural thing for them to basically, you know, interview somebody and throw out some, you know, accusatory type questions that could raise somebody’s blood pressure a little bit, and then the fine art of bringing that blood pressure back down and keeping that conversation going, because that’s what’s necessary.

10:33

Manish:
We have many of our listeners trying to build an insider threat or insider risk program. Was there one established when you got there at Honeywell or how did you build the business case for it? Or if it did exist how are you investing in the team and were you able to make that case internally?

Kevin:
Um, it did exist to answer that first, part of the question. It did exist. Um, it was still definitely in the building stages. It is still in the, in the building stages. And, you know, in my opinion, it should probably always be in the building stages. Um, you know, there were, there were some adjustments that. that had to be made relatively early. I saw down the road what was going to be needed, and I knew that it would take a while to get there. I suppose if somebody is listening to this and they’re in the middle of, or maybe they’re in the very beginning stages of building an insider group, The first thing I would say is be patient. You know, I’ve read numerous times. It takes about a decade to put one of these groups together and get it up and fully functioning. So be patient. This is it is a marathon. It is not a sprint. So, you know. just have that mindset going into it. I don’t know how much help I would be to you, but they can reach out to me. And if I can help them, I will. It’s one of the things I’ve learned before is, what is that proverb? If you want to go fast, go by yourself. If you want to go far, go with a group. And so my advice would be, be patient and find friends. Find friends that have experience in that area and let them help you. You’re not on an island. Don’t try to build it by yourself.

Manish:
That’s great advice, Kevin. Great advice. Mike, any challenges that you’ve experienced in terms of together as both of you have gone to senior leadership, cyber is a lean and a focus, but as you’re building up this program, securing investment, what’s been the best approach to get the resources that you guys need?

Mike:
I think, unfortunately, the best approach is often the hardest approach for insider risk units. You have a group of folks, of investigators, of analysts, they collect information and they find out holes in the organization. So our job, if you think about it, is to point out, I don’t want to say weaknesses, but where data is leaving. That’s literally our job. So imagine you’re in a position where you’ve always bringing up, here’s where we as an organization maybe had a misstep. That’s always challenging. I think to the point that Kevin was making, though, when you’re asking like, you know, what was one of the first things you did? I’d add to that if I could. One of the first things when he came on that he said it’s very important to do, and it took us a while to get there, and it was explaining to leadership why it was important, was the case management system. Imagine if you come in and you don’t have a case management system, and what you’re doing is you’re keeping people’s names in. Maybe there’s a database over here, and there’s a database over here, and there’s one here, and there’s one here. And without a collective bringing in that intelligence all in one place, you’re bound to repeat mistakes. And so I would just add to what he said is that was one of the first things that we really pushed hard and did have to bring to the leadership. We don’t want to make a mistake. Have somebody we’ve looked at before that we don’t know we’ve looked at them before, and we’re missing something. Don’t repeat those mistakes. So I don’t know if that answers the question.

14:39

Manish:
No, Mike, that’s a great segue to technology stacks. You don’t have to name companies, but what are the types of technologies that you would expect a robust insider risk program to have? Case management certainly being one.

Mike:
Yeah, case management, open source intelligence, right? And then it gets really harder because now you’re talking about assessment tools. Right and and and those are hard because assessment tools really focus on we don’t have direct contact with our folks to where we can like In a physical world You can see actions that people are taking we often don’t see the actions So we’re not having this is what their normal behavior is like. So we’re having to do our own assessments on people based on I would say less than what we would historically have done in the PD world. And Kevin, I don’t know if you want to expand upon that.

Kevin:
Yes, not like we can go and do a home visit and see, you know, what’s really going on in that person’s life. So it does represent some challenges doing things, you know, we’re spread out all over the world. I can’t go do a knock and talk in India. I don’t think anybody’s going to pay for that. So you’ve got to make those assessments the best you can with the tools that you have, those assessment tools. And those tools will vary company to company.

16:12

Manish:
Now, both of you are fascinating for our listeners for many reasons, your law enforcement backgrounds, transition to corporate, building or building upon the insider risk program that was here, the investments that you’ve made, the successes that you’ve had. And then both of you sit in a cyber organization. And if you think about cyber to physical convergence, a likely candidate would be an insider risk-based investigation. Have you guys seen successful integrations between or the fusion of cyber and physical, or is it mythology?

Mike:
I think it’s a little bit of both. Kevin’s trying to formulate his answer, but I think it’s a little bit of both. We’ve seen it and we’re always striving to make it better, right? It’s not always perfect. And so we’ll get things like things being stolen at a site. And we’ll get contacted by physical and say, hey, this is what happened. And then we dig into it and we’re able to get more of a data trail of that person and prove they were in this building at this time. And here’s what they accessed on their network. And here’s some of the communications they had, things like that. So we have seen that kind of synergy going into effect. But it’s it’s difficult because we Even though Kevin and I come from a physical world, we’ve transitioned to the cyber world with our physical background. And folks in physical generally don’t come from the cyber world. So I think that’s going to be a challenge always. But Kevin, I don’t know if you want to add more to that.

Kevin:
Well, and it’s, you know, we talked before about, you know, establishing those relationships. Now, if I have, you know, Mike was using the theft as an example before, if we have, and that might not be insider risk related, that might have just been a property theft, maybe an employee wasn’t involved in this case, but either way, Now, we’re going to form a relationship with one of the people that are actually at that site. It could be in Ohio or wherever it happens to be. Now, we’re going to make that friend there and establish that relationship. Now, I’m relying upon that person’s senses, what they’re seeing, what they’re hearing about that particular uh, building or, or whatever the asset is. And that person is now our boots on the ground. I’m relying upon that person. So that hopefully that’s a good partnership that we can establish quickly.

18:50

Manish:
That’s terrific. All right, two final questions for you guys. The first one is, and Kevin, you said it so well, and Mike, the notion of bridging silos, but the importance of being patient, the importance of going far together and collaborating and connecting and building those relationships, how would you, and Kevin, let’s start with you, how would you guide or advise anyone that’s listening to this podcast on the signals they should be looking for to give them confidence that this is a marathon while this is a marathon, they are making progress and things will steadily get better because it does take so long.

Kevin:
Yeah. Um, I would tell them to, to celebrate some of those little wins along the way. And while you’re, while you’re building this airplane and flying it at the same time, either you do it yourself or have somebody on your team be like your designated scribe. Because what we found in the beginning before we really got our documentation process dialed in, we were already having some wins. We were already having some positive things happening. And after a while, we started moving at a speed where you forget. You know, and that’s important to remember those things, not only for your team’s morale, but also for your boss and your boss’s bosses to be like, hey, you know what? You know, we did have some success. We did do X, Y, and Z. Even based on the limited operational capacity that we have, we’re already racking up some wins. Just think about what we can do when we’re at full capacity. So don’t forget to document and celebrate some of those little wins. And you’re going to get them even in the beginning days. You’re going to get them because if your unit has or group hasn’t existed prior to that, oh, there’s going to be a lot of things for you to find in the very beginning.

Manish:
Great. Thank you, Kevin. Mike, same question for you.

Mike:
I would mirror what Kevin said and add the word investment. So if you see that anybody above you in a leadership positions are starting to either talk about your group or invest even a little bit more money or training money or product or software, that’s the indicator of success. That’s, hey, we seem to be going slow, but don’t be afraid to look back. You’ve been at it for, say, a year and a half, two years. You’re like, oh, we’re in the same spot. Think about where you were a year and a half or two years ago, and maybe nobody even knew about your team. Nobody was talking about you. And now you’ve got trainings out there and people are talking. It takes a long time, to the point that Kevin made, to create a team and get the notoriety, if you will, of the team out in a workforce. You’ve got 140,000 employees here. I’m sure not all of them know about the insider risk unit, right? But hopefully we’ve got to the point where enough of the people in key positions know we exist to reach out to us for help.

22:04

Manish:
Excellent perspectives. All right, final question. Mike, first to you. Kevin, you’ll close it out. What does connected intelligence mean to you? This is a question that we ask at the end of every one of our podcasts, but especially in the context of an insider risk program. Mike, we’ll start with you.

Mike:
Yeah, I’d say connected intelligence means everything’s coming into that one point, you’re not missing anything, right? So in our case, our connected intelligence is we have alerts coming in. We have open source stuff that we’re running on certain people that we’re looking at. We have filters in place that, you know, maybe this person is a high value target that we’re concerned about. And all that information comes into that funnel. And that funnel feeds us. But it’s everything coming into that single reviewing, filtering portion. And it’s like doing an assessment. You have all these factors that come in, you put them together, and you see what pumps out the other side. That’s how I look at it.

Manish:
Very well said. Kevin?

Kevin:
Not bad. I think when I think of that term, I think in my mind, I immediately see either a large spiderweb or better yet, a wagon wheel. where, you know, yeah, you are in the center, you’re the aggregate point, you know, you’re where that information flows through, but you’re reaching out in all these different directions, you know, maybe some of it is like Mike said, open source, maybe some of it is through Ontic, maybe some of it is just through, you know, I know a guy. and he hears things. I might, you know, that human intelligence, that human part of it, you know, there’s all different directions that you could be reaching out and pulling all that information in. And then once you get it, great, I have all this information. What do I do with it now? How do I make this actionable? Anybody can go out and pull information in, but then how are you going to present it? How are you going to make it usable? How are you gonna disseminate it safely? There’s a lot of different things. So once you have that information, that’s half the battle. And the other half is how are you gonna use it? How are you gonna make it effective?

Manish:
Listen, Honeywell should be very proud to have both of you on their side and in the organization. You guys do some great work. My guests today are Mike Pierce and Kevin Renwick. Thank you guys for joining us today on the Ontic Connected Intelligence Podcast.

Kevin:
Thanks for having us. Appreciate it. Appreciate it.

Manish:
know someone who would be a great podcast guest or have questions you’d like us to answer, email us at podcast at ontic.co. This episode was produced by AJ McKeon. We’ll talk to you next time on the Ontic Connected Intelligence Podcast.