The Role of AI in Revolutionizing Corporate Security: A Conversation with Brian Tuskan

0:00

Manish:

Brian Tuskan is an experienced security professional with an extensive law enforcement and corporate security background. Currently serving as the vice president and chief security officer of ServiceNow’s global safety and security team, he brings a wealth of expertise to his role. Previously, as the chief security officer at Microsoft, Brian was responsible for overseeing the physical security of the company’s worldwide corporate locations. He was named as one of the most influential people in security in 2017 by Security Magazine and ranked as the number one security executive global influencer by IFSEC in 2021. Brian, welcome back to the Connected Intelligence Podcast.

Brian:

Well, thanks for having me. I appreciate you giving me some time to talk tech and physical security. My favorite subject.

1:20

Manish:

It’s going to be fun. We’re going to take a journey back in time. Again, you and I are seasoned grizzly veterans of many companies, many of them in tech, but you had an incredible background, obviously, in Honolulu with the police department, law enforcement. But take us back to those days, especially as it related to technology. You had a wonderful post on LinkedIn talking about Commodore 64 and I used Harvard Graphics and Lotus 1-2-3 and your Tandy laptop and all of it. But maybe start there and just give us a picture of what that world looked like and what you experienced.

Brian:

Yeah, this was the mid to late 80s, and this was before I got into the police department. And a lot of people think of Hawaii or Honolulu as just a vacation spot, right? Waikiki and just kicking back, having Mai Tais and whatnot. But for those of us living there and grinding with school and holding like three jobs, which I did at a time, three part-time jobs, I was looking for, you know, my future. I didn’t have a traditional path like most people. You graduate high school and then go to college. I did not have that path. And as I was working in a hotel, I was working in the banquet departments. I was the guy setting up meeting rooms and weddings and all the chairs and stuff. And I had a lot of time to think on my own. And I knew I wanted to do something better. And computers were very new, if you think about the late 80s. And I was just fascinated by it, you know, reading popular mechanics. So I went to the local community college, Honolulu Community College. I took a computer 101 class, and I was hooked. I was hook, line, and sinker. Because back in the day, for you older folks on the call, and for you younger ones, ask your parents. but we didn’t have the internet. We had to go to the library to learn stuff. We had to read books. We had to talk to people and it was, it was difficult. And the computer was like the great equalizer because I first learned how to do, you know, basic, not even programming was using the, the technology word processing spreadsheets. This is pre Excel, pre Microsoft PowerPoint, right? You had Harvard graphics and for whatever reason, I just gravitated and was hungry to learn more and more because it gave me a competitive advantage. I got into the Honolulu Police Department in 1989, and I was already far more advanced than any of the officers there because I had computer skills. And we had Wang mainframe computers with a green screen in the police department. coupled with manual typewriters. And if you wanted an electric typewriter, you had to get your own. And so I had my own electric typewriter. But I also bought a Tandy dual floppy drive, no hard drive, laptop computer with an LCD screen. And it was MS-DOS with the floppy disks. And it was like the most amazing thing because I was able to do macro form fillers, So I could spit out police report cases way faster than any of my counterparts. And so anytime I worked in Waikiki, that was my first after the academy, I was on foot patrol. And every time I got an arrest or a case, it was in and out. And they’re like, how are you so fast? I said, it’s the computer. And you talk about transformation now with AI and people trying to adopt to it. Even back then, I had some old salts going like, Tuskan, I don’t know what you’re doing. That’ll never work. And I’m like, this is the future, right? I was very altruistic. I was just, you know, 23. Computers are the future, right? And of course, there are a bunch of other officers that jumped on the computer bandwagon. There’s probably like 30 of us that all bought the same laptop. We chipped in, got a dot matrix Okie data printer, zip, zip, zip. I don’t know if you remember that. And we put it in the squad room. Of course, we had a lock on it because we didn’t want, you know, other cops messing with it. But with that, we were able to optimize and accelerate case reporting like never done before. And this is all pre-PCs being in the mainstream and policing. So that was my injection into learning technology, but using it to propel myself within the police department. It had opened so many doors because I had this skill. It got me visibility at the chief’s office. I got special assignments. I was on an all-terrain vehicle on Waikiki Beach because I knew how to run metrics, right? They only had like four slots open out of a hundred officers. I got one of them because I had this special skill set. And I also got pulled into the SWAT team because they needed this help. I came in and the Major Robert Thomas, I still remember, very imposing man, He’s like, get in shape. You’re going to take the next SWAT test. So for three months, I was really just working hard because it was, it was a tough test. And I got on the SWAT team and it wasn’t because I was a great shot or best in shape because I knew technology. Spent almost five years in Honolulu, lateral over to the Redmond police department in Washington state. and took that show on the road to Redmond Police was very progressive. They had a Windows 95 full Microsoft shop. And that’s where I cut my teeth on being innovative. Access was new. I used to really irritate the IT department because I’d just be putting all kinds of stuff on the network. And they’re like, Tuskan, you can’t do it. And I’m like, I can do whatever I want. You know, we got it. We’re solving crimes here, saving lives. And we come to a happy medium. But technology was so exciting, especially in the areas of intelligence. I started the first intelligence unit for the Redmond Police Department. They didn’t have one. And I asked, how come you don’t have an Intel? They said, well, why don’t you build one? So I project managed it. I used Access. I used other technologies that they had there. And most of it is just you’re downloading on a floppy drive, right? into the network. And so that was my kind of early history. And I’m sure you have fond memories of MS-DOS and Commodore 64.

8:15

Manish:

I do. I used every technology you just rattled off there. What an amazing time. Now Brian, you know, revisionist history, you make it sound so beautiful and seamless and easy, and you and I both know being a pioneer is hard, right? Pioneers typically get arrows in their backs, and the settlers get the land, right? That’s usually how the saying goes. How were you able to survive and thrive as a, I’ll just call it, technology pioneer in the physical security industry? And what did you have to do to overcome it?

Brian:

Well, I think it all depends on what do you deliver? At the end of the day, if you’re working for a company or corporation, it’s the output, the outcomes and the impacts. And it got to be positive impacts, not negative impacts. So the more positive outcomes and deliverables that you have, People are going to say, well, whatever you’re doing is working. I’ll give you a great example. I got recruited to Microsoft. I had eight years at Redmond Police. Six of them were as a detective. And Redmond, I was the technical detective. So anything that happened at Microsoft, it was like, hey, Tuskan, they got something going on over there. So there was a major burglary. I posted about this on LinkedIn, too. I cracked the case, make a long story short, did a bunch of search warrants, actually brought the FBI in and they took it on because it was organized staff. I got recruited to Microsoft as an investigator, and when I first got in late 2000s, the security team at Microsoft and the investigative team was using a point solution that was an off-the-shelf case management system. It was super archaic. It was complicated. It was a lot of overlap. And when I was, the new guy coming in, I was like, boy, you probably could just do like an access database and make your life much easier. And so I didn’t want to be that guy, but I ended up being that, that guy. Cause a lot of my partners who were former cops, FBI, federal agents, NYPD, they were like, this is horrible. And I just said, there is an answer. So I pitched, Hey, I can build this access database for case management. It’s very simple. And we probably save 80% of time and productivity. Here’s a crazy thing. Access was a Microsoft product. Microsoft team that I was on wasn’t using their own product. So. The impact in the outcome is what propelled me to success there, and that’s been my history. I’ve had failures too. Everybody has failures. That’s how you learn, right? But you don’t want to focus on the failures. And then if you got haters out there that that’ll never work. OK, great, but. people that want to be the pioneer. You are going to have to take some arrows.

11:19

Manish:

For sure. And look, history repeats itself. And this is the beauty of having wisdom and experience. You’ve seen so many transformations. We’re upon one right now with AI. But before we jump to AI explicitly, maybe to help our listeners understand this transformation, how would you pattern match AI to other transformations that you’ve seen in physical security? There have been many. And what’s different this time around with AI? So what are patterns that are similar, right? Because I imagine there’s some naysayers or resistance, etc., like there were in the past. And then something ended up being a breakthrough. And I’m even thinking pre-AI, what’s the pattern you’d apply now?

Brian:

Well, I think just history. If you look at history itself, you go from computers. cCmputers were around in I believe first invented in the 50s, or the first big giant gigantic computer was like in the mid 60s, and then you had mainframes in the 70s, and then you know 80s the PC came around 1990 of course Bill Gates and Paul Allen. Their vision was to have a PC in every home and this was in the 90s right? People were like I Don’t think that’ll happen, and so you have that fourth industrial revolution, where you take a technology. And then if you look at the 90s, the PC on the market, 2000s, it was the internet, the web. And then you throw in mobile transformation and the cloud, and then AI. So AI is not new. But when we speak about AI, it’s more about the agentic AI that you see with the bots, the agents, and the gen AI, which Chad GPT, two and a half years, came about and just changed the entire landscape. Now you have all these amazing companies that have large language models, and it’s so easy to get information. So to answer your original question, I think if you have to look back on transformation and change, when people come to me and just say, AI is not going to work. I don’t believe in it. And I said, I think I met your grandfather back in the day, because my grandfather met him too. And he was complaining about the calculator when it was introduced into businesses. And he just wanted to use pencil and paper. and they kind of take a step back. There’s always going to be transformation. Even back when I was a young police officer, or even before that, when the PC came into the market, there were many impacted jobs. I’m not going to sugarcoat it. There will be jobs that are no longer needed today. But you just re-skill and learn to adapt to this new frontier. It’s already here. People are going to have to get used to it.

14:58

Manish:

Now Brian, I imagine some of your peers in other sectors, other industries will say, ah, Tuskan, you got the golden ticket twice. You got to work at Microsoft, a very progressive software company. You’re at ServiceNow, a progressive software company completely bought into AI and leading. But I don’t work at a software company. I don’t work in technology. I work in oil and gas. I work at a manufacturing. company, etc., etc. What’s your answer to them as it relates to adopting technology, in particular, AI?

Brian:

You know, I’ve heard that before, where people work in like a retail environment, manufacturing, and they would say, wow, you were at Microsoft, obviously you’re going to have this, and now it’s ServiceNow. Well, heck, for me to leave Microsoft, I had to go to a company like ServiceNow that is a platforms company, AI company. that solves multiple enterprise level problems. Yes, I wanted to be a part of that. I feel blessed. But to answer how do I help these other peers for physical security is the framework that I put together. How do I stitch the technology that I use today to make it a seamless, highly optimized operation. I also know every security department or organization is different. It rolls up to different organizations. It’s a different vertical, different business lines. You can have finance, you can have oil and gas, you can have technology, you can have the medical field. But physical security is a domain that has remained super archaic. If you go to the GSX of the world, and by the way, I’m going to be in New Orleans out there. I’m actually have two speaking spots there. It’s the same old, same old, right? The same old people pitching the same old thing, and they’re all point solutions where you have to swivel chair. You got to go to this one or that one or that one. And what I’m looking at is to find companies or solutions or technologies that have like one single pane of glass. You really got one login that is federated. One login will get you to everything that you need from case management, to intelligence, to events, to crisis management, access control, and video. I’m spewing all of this out there, but I’m really close at piecing together a framework that anyone can use. You don’t even have to be trained in the physical security discipline because I’m also looking at standards. There are certain standards out there like ISO standards, ASIS standards for risk, but there are really no standards on physical security operations. And so how do we implement that? And I’m actually currently working with UL Systems. So you know the UL certification? We’re going to be customer zero doing a pilot for a global security operations standard. that has went through peer review. Multiple companies were part of it, including ASIS. They were involved in the conversation. And we’re going to create the standard so you can get the seal of approval. So you don’t even have to be a security expert. You could just note that, hey, I own Security Operations Center, my remit. Here’s the standard. It’s easy. You can get budget. Because there’s a standard right now with no standards. I hate to say this, physical security always falls into the discretionary spend, the line item on the spreadsheet that allows lack of budget and investment that really diminishes a program. And you just get bottom of the barrel labor that really doesn’t have an impact because it’s not like we’re having like cyber. If you take cyber, cyber is getting attacked, DDoS attacks. Everyone’s trying to take down these companies. Physical security, not as prevalent. We have civil unrest. There’s a need for physical security. But if you have a corporate campus in a very safe area, a lot of times people just put the bare minimum of, I call it the warm body guard. Basically, the requirement is breathing, and somewhat mobile, right? And they just plop them over there. Are they really adding value if there’s a crisis or an emergency?

Manish:

You mentioned UL, and just to show you how small this world is, Scott Weisskopf used to work for me in 2003 at Dell, way back in the day. Way back in the day. He’s amazing. He’s amazing.

Brian:

Scott’s leading it. He’s leading that initiative. Wow.

19:56

Manish:

No, he’s terrific. He’s terrific. Let’s talk about a model you came up with recently. And as much as you want to share, I know you want to properly introduce this to the world, but your Silicon Valley security model. Can you touch on what that model is just briefly and maybe unpack it a bit for our audience?

Brian:

Yeah, I just came up with a code name, Silicon Valley security model, because it’s what I implemented here. And a lot of people are doing bits and pieces of it. But I think the model or framework I put together stitches, you know, people, process and technology, and then the strategy behind putting together a robust security planning for a particular technology environment. Most companies here are technology driven, right? So you have a campus environment. It’s almost like a school where you have, you know, pretty safe areas that you operate. So I want a caveat. This is very specific to the tech industry, campus environment, fairly safe. Because I talked to other people and it’s always like, well, I don’t ever work. I run a data center and that’ll never work. I run, you know, like regulated, blah, blah, blah. Okay, great. As I said before, everyone has a different requirement for their security and you can scale up and down. What the Silicon Valley security model is, how do you take the current model where if you talk to any big security companies, they recommend one to two officers per building 24-7 365. And the way I look at it is I could have like a five building cluster like I have here with two elite officers, premium officers that are paid much higher that have physical fitness requirements, because you’re going to have to sprint and take care of a medical emergency or whatnot. And then highly competent, so you can deploy to emergencies. You also, depending on the situation, can have a higher level of security that can approach an active threat. And I’ll just leave it out there for those of you that are former law enforcement. There’s an active threat coming onto the campus. Anyone can call 911. or whatever emergency number that you have. The time it takes to respond, and I can talk as a subject matter expert because I was a patrol officer. My patrol was the ocean district of the Microsoft campus. One officer for the entire campus. You were doing everything from traffic to responding to emergencies, and then you had houses and residential that you have to take care of. You got one officer responding to an active shooter, right? Of course, you have mutual aid. So if something happened here at Santa Clara, you would have Santa Clara PD, San Jose, you know, everybody would be coming, all hands on deck. But the time for everyone to muster and the time for everyone to deploy to figure out what’s going on, where’s the threat, every second counts. So if you have an elite team on site to address the issue that are competently trained, that can address it, and then also immediately activation of whatever’s going on. So using AI-enabled cameras to identify the risk, AI-enabled OSINT tools, AI-enabled access control tools. So instead of having a bunch of guards sitting in a GSOC looking at a bunch of monitors, we’ve all seen that. And for those of you who watch any movie, especially like The Matrix, Who gets killed first? The guard sitting in the guard shack, right? Because they’re really not providing value. You need technology, and AI will just say, hey, this anomaly popped up. Address it. It can text the G Socket and text the officer on site or the regional manager, and it’s speed to action. And so that’s what the model is about. Refining, refining the operation, using technology, having elite level guarding, and I saved millions of dollars by not putting a guard in every building, repurposing that money for the technology investment, and then paying a higher wage for these elite level officers. And so in essence, that’s the Silicon Valley security model.

24:21

Manish:

Love it. We’ve got time for one more deeper question. Let’s talk about workforce development. You’ve supported DEI and career transitions initiatives like cop to Corporate. How do you see AI impacting workforce development and security, positively, negatively? What’s your point of view?

Brian:

I think it’s extremely positive. When you think of diversity, it’s pretty broad, but let’s just talk diversity of education or access to it. Because a lot of people out there can’t afford to go to a four-year college or even a community college because they’re just working three, four jobs like I was to make ends meet. I think AI is a great educational equalizer because now I can have access using ChatGPT, Claude, Grok, whatever your choice. I’ve been testing everything out there. at your fingertips for research that I had to go to the library. Or if you had money, which we didn’t as a kid, you had encyclopedias where younger folks looked it up. Ask your parents if they had it. But that was like a basically a flex back in the day if you had the encyclopedias. Now your encyclopedia is on your phone, right? You’re able to get all this information. So the great, great equalizer. You can literally build a business case for anything you want to do now with AI. Now for you consultants out there, security consultants, don’t worry because I think the pivot for consulting is not coming up with the ideas, it’s the implementation. And that’s where the consultant is going to have to change or reskill themselves to executing and implementing because it’s not easy. I mean, I’m the CSO here, but it took me two years to get my team where I needed to be as the CSO, because you’re dealing with people, budgets, processes, and that’s where a consultant can help. But as far as building the strategy, man, AI can do it in seconds. Just be really good at learning how to write a prompt and then read prompts and prompt, you know, engineering. And it’s the great equalizer. Love how at your fingertips, anyone without even formal education can be educated with AI.

26:49

Manish:

Brian, thank you again for joining us today on our podcast, for being a friend to Antik, to our business. Really appreciate your thoughts. This could have gone on for a couple of hours. There’s so much to talk about here. We’d love to have you on again. So once again, thank you. I do have one last question for you. That is tradition, which, and you can keep it relatively short, but what does Connected Intelligence mean to you?

Brian:

So I think it’s a broad use of the technology that’s out there. You got human intelligence, you have boots on the ground, you got OSINT, which to me is amazing because you have this open source intelligence. And as I said, Redmond Police, I started the first intelligence criminal intelligence units. I was formerly trained in criminal intel, and we all know it’s about how do you synthesize all of that data? Because that Connected Intelligence you’re talking about is just tons and tons of data, synthesizing it into actionable intelligence, right? I like to tell my team, because, you know, they’re talking about geopolitical risk and this, this and that. I’m just like, I want to know if there’s going to be a protest in front of one of my buildings. I want to know actionable. I want to know if there’s going to be a event somewhere, whether it’s weather-related or man-made, that’s going to affect the business and the continuity of the business of somebody getting there, right? And the Connected Intelligence is whatever mediums that you use to connect the data so you can have critical speed-to-action information that can allow you to make a decision very quickly.

Manish:

Our guest again today was Brian Tuskan, CSO of ServiceNow. Brian, thank you again for joining the Ontic Connected Intelligence Podcast.