“We were lucky enough that early on we built a team that included facilities management, physical security, sustainability, and IT.
And we said, 'What are our common goals? Where can we reinforce each other? What are all stakeholders' needs and how can we solve them together?'"
—Bayron Lopez Pineda
Welcome to Nexus, a newsletter and podcast for smart people applying smart building technology—hosted by James Dice. If you’re new to Nexus, you might want to start here.
The Nexus podcast (Apple | Spotify | YouTube | Other apps) is our chance to explore and learn with the brightest in our industry—together. The project is directly funded by listeners like you who have joined the Nexus Pro membership community.
You can join Nexus Pro to get a weekly-ish deep dive, access to the Nexus Vendor Landscape, and invites to exclusive events with a community of smart buildings nerds.
Episode 72 is a conversation with Andy Schonberger of Intelligent Buildings and Bayron Lopez Pineda of Kilroy Realty Corporation.
We talked about Kilroy's journey towards smarter buildings, including how they started down the path to reduce cybersecurity risk and how their work converging networks has led to all kinds of benefits for the portfolio as a whole.
Throughout the conversation, Andy sprinkled in how the consultants at Intelligent Buildings have helped Kilroy and many other clients with setting the initial strategy for this journey and helping them get there along the way.
So without further ado, please enjoy the Nexus Podcast with Kilroy Realty and Intelligent Buildings.
You can find Andy and Bayron on LinkedIn.
Enjoy!
Music credit: Dream Big by Audiobinger—licensed under an Attribution-NonCommercial-ShareAlike License.
Note: transcript was created using an imperfect machine learning tool and lightly edited by a human (so you can get the gist). Please forgive errors!
James Dice: hello friends, welcome to the nexus podcast. I'm your host James dice each week. I fire questions that the leaders of the smart buildings industry to try to figure out where we're headed and how we can get there faster without all the marketing fluff. I'm pushing my learning to the limit. And I'm so glad to have you here following along.
James Dice: This episode is a conversation with Andy Schonberger of Intelligent Buildings and Bayron Lopez Pineda of Kilroy Realty corporation.
We talked about Kilroy's journey towards smarter buildings, including how they started down the path to reduce cybersecurity risk and how their work converging networks has led to all kinds of benefits for the portfolio as a whole.
Throughout the conversation, Andy sprinkled in how the consultants at Intelligent Buildings have helped Kilroy and many other clients with setting the initial strategy for this journey [00:01:00] and helping them get there along the way.
So without further ado, please enjoy the Nexus Podcast with Kilroy Realty and Intelligent Buildings. All right, Byron and Andy, welcome to the show. Can we start with you, Byron? Can you introduce yourself?
Bayron Lopez Pineda: Sure. My name is Byron Lopez Vinetta. I'm the operational technology manager for killer Realty. Under my supervision, we work on our building components and systems, everything from water detection to access controls, BMS is elevator and everything that helps operate the cure portfolio.
James Dice: Cool. And can you, can you talk a little bit more about the killer portfolio for those
Bayron Lopez Pineda: who don't? Nope. Sure. Kilroy is a developer asset manager, a REIT implementer. We have assets primary and west coast, everything from San Diego, Los Angeles, San Francisco, Seattle. We recently had an acquisition in Austin, so we're 40.
We're going into that market. Uh, But commercial classic real estate high-tech individuals and high tech tenants within our portfolio about 15 million square feet currently. And there's [00:02:00] a couple million more under development. Cool. So
James Dice: developer and
Bayron Lopez Pineda: occupier, developer, occupier, you know, landlord so a little bit of everything.
Most of our stuff, you know, we'd like to do ground up construction and then we'd do acquisitions here and there, but we maintain all of our sites directly. Okay. And how many sites? It's about a hundred buildings. So depending on who you ask, you know, a complex can be a building of eight individual locations, or I have measures, but individual sites about a hundred, 120.
James Dice: And I saw it when I was stalking you on LinkedIn. I saw you're a founding member of CCA.
What's the say?
Bayron Lopez Pineda: So it's a Cybersecurity Control Systems Association International. So the primary focus is to look at cybersecurity as it focuses on cyber security controls and control systems in general.
Right? So how do we look at threats and vectors of attacks and how do we make sure that the environment that we're putting into our buildings are better addressed? You know, how do we look at our BMS controllers? How do we look at elevators? Anything that operates and [00:03:00] controls the building layers and security around that, right?
Most of the time people forgot that these components added internet connection or were able to be logged onto and control your buildings. So you have to make sure that you have some securities around that. So we try to push forward the idea of cyber security control.
James Dice: Cool. Yeah, we're going to talk a little bit more about cyber security in a minute, and we'll put the link to that organization in the show notes for anyone that wants to dive deeper.
All right, Andy. Welcome to you. Can you introduce yourself?
Andy Schonberger: Yeah, thanks James. First time caller, long time listener. Thanks for having me. I'm Andy Shaundra. I'm a VP of client services at Intelligent Buildings. My job is really chief storyteller. I really take lessons learned from our clients share them, I'd say anonymously with other clients and really help them try and figure out how to advance their smart building program and with one of our lines of service.
So we do advisory services site assessments and managed services, [00:04:00] and really intelligent buildings is really the only company focused on those services at scale and nothing else. So we're not an it company. That's Johnny come lately into the real estate space. You know, we're, we're not an engineering firm that has, you know, expanded into the analytics space if you will.
So this is the only thing we've been doing for 17 years and commercial corporate institutional real estate for clients like Kilroy as an example, My day-to-day job involves trying to map out our client's needs and map it to some really smart folks on the backside of our operations to enable all these services.
So I get to have a lot of fun, a lot of other smart people do all the real work I'd say. All
James Dice: right. Well, very cool. Well, we'll get to give a shout out to Eric Larson. Who's on your team that kind of set this up. He's a member of the nexus community. So shout out to Eric. Thanks for getting us started here.
And Andy, while I was stalking you, I saw you or a board member of, of a green building council chapter, which is something we share in common. So you were in Toronto around the same time I was doing that same thing [00:05:00] in St. Louis. So that's a, that's fun work is like engaging the local community around, you know, the idea of, of greener buildings.
How, how has that experience for you?
Andy Schonberger: It's great. Still really engaged with, with the community of. Stakeholders and that whole ecosystem here in the Toronto market, I'm a green building dork by trade, I would say so energy manager, I'm really used to the idea of getting into clean tech and hurried buildings to get me out of my former life, which was in steel production, which was dirty or let's say.
And yeah, I really loved the passion of that community and, and it led me into the smart building space because so many of the technologies that I was having fun deploying required networks required more security. And you know, I wound up learning the hard way, how to break or sorry, how to fix building systems based on wanting to write new code myself or not wanting to call my peers in it for help to connect a new meter and then taking down a sub-net and [00:06:00] doing things absolutely the wrong way.
So there was an organic journey coming from the green building road, I would say, into the smart building world, but you can see there's quite a few times. The two of them.
James Dice: Yeah. And that matches my experiences as well, breaking stuff. And then hitting roadblocks and wondering why are those roadblocks there?
And then going down the rabbit hole to where we are today. Cool. That's fun. I think there are a lot of people that kind of share that, that background wanting to enable something and realizing why it's not working. And then. Figuring out, you need the infrastructure to support that, which is a great segue into our conversation today.
Um, Oh, cool. I want to hear from both of you on sort of your work together in the Kilroy portfolio who wants to start on kind of the origin story of you guys working together?
Bayron Lopez Pineda: Um, I guess I'll take that Andy. Cause I mean, we were the, the customer at that point, right? So it, back then, you know, there was a bunch of hoopla about target hack and people getting tagged and [00:07:00] infrastructure and information.
So we really saw it as a brand. You know, what do we need to do in order not to be targeted or not to be hacked? Right. So we looked at, you know, IB intelligent buildings as the leader in the market to figure out where are we lacking? You know, we know our infrastructure is great. We have a great corporate it team who has had this infrastructure in place for 20 years on the corporate side.
But the building was really lacking, right? Most of the time engineering facilities management ran the sites, they leverage our vendors and they were doing a great job, but you know, security wasn't at the front end, right. They always thought about, you know, efficiency, how do we make sure that people are getting what they need, that the buildings operating 24 7 and being able to access the site whenever they need it.
So that meant. Building a DSL line from at, and T whoever connecting it to the BMS system or the lighting controls or the elevators and just saying, okay, cool. That's what we needed to do. And we really weren't quite sure what we had. So we went out and we found intelligent buildings to help do an assessment.
What was our state, right? Where [00:08:00] were we compared to the rest of the industry? And we found out that we were probably at the same level as most of our peers which was very early stages at that point. Most people hadn't thought about buildings and the cybersecurity threats that they had. They knew that they had something, but they weren't quite sure what that was.
And intelligent buildings helped us kind of identify those points so that we can go back in there. Establish a policy of a converged network, establish a policy of how do we work with our vendors and then build that foundation from there. So it was the initial steps of, you know, what we call now, our operational technology team, part of the it department, it was a role that was created.
My role was created as part of that assessment. And then we've let that internally to grow, make that part of our kilowatt standard part of our new developments or sustained portfolio, and then making sure that goes forward. So the seeds were initially, while those people got hacked, let's make sure we don't get hacked.
And then how do we make sure that we stop that from happening and what our risk appetite was?
James Dice: So, so it sounds like the initial impetus [00:09:00] was cybersecurity and then the IB team kind of zoomed out and looked at things kind of holistically. Is that how it worked, Andy?
Andy Schonberger: Yeah, that Byron's right. It really was.
Hey, let's, let's look at a building and see how bad. Um, and And that's a pretty common starting point for our clients is I don't think nowadays they may have actually had a breach that that's a lot more common and that becomes a driver to, okay, how bad is this really? And what can we do about it? But almost always with our clients starts with, let's do a deep dive assessment.
Let's get someone who really knows the building systems and the vendor ecosystem, and can go through and connect to these systems and see what they're connected to. What are they talking to? How are they configured? How are they being used and scare some people in the organization a little bit with what could happen, you know, because some people still to this day think, oh, it's if they could change the thermostat.
So what, you know, there's still a bit of that ostrich head in the sand, if you will. So you know, that first assessment is really a catalyst to building out a pro. For, [00:10:00] for many of our clients that becomes, okay, let's look at a sample of the portfolio now, because maybe we differ by region or by investment partner or by asset class or by, or keep going.
And then usually what happens is, is where we went with . With Byron and team is to bring some planning and policy, like, how is this going to work as a program? What are we going to tell vendors that they must do? They shall do? What are we going to build for a playbook for us internally? So, you know, what is barn's job set compared to what is the, an outsource it provider or an OT vendor provider?
And what are we going to build into contract language on services for risk reduction? What are we going to require from an insurance perspective from our vendors? You know, all of these things change as a result of having your eyes open from a couple of these assessments typically. And so that's where we went with, with, with Byron and team and with a lot of our clients do is building out that, how do we now manage this now that we're aware of these risks?
The, so what is, is those next steps.
Bayron Lopez Pineda: And the procedures, if I may add, to think as technologists as it, individuals, we [00:11:00] have an idea of how a network should be ran, right? We know that we should be doing scanning and policies, but that may not work for a facility, right? You, you run a scan of all the end points.
You might break something or you might lock up a network and Nope, it devices and IOT devices are different. They might both have it, but that little Ole in the middle makes things sometimes very difficult. So you have to figure out that, you know, the policies from the it side might not apply to the building.
And how do we then go ahead with that? How do we tweak our policies? How do we make sure that they are adjusted to meet the goals and ends of the.
James Dice: So it's a dedicated operational technology specific team that sits inside of the it team.
Bayron Lopez Pineda: Exactly correct. So what we do is we work with all of our, our teams, right?
Everything from facilities management, to property management, to cybersecurity, physical security construction. So we basically provide the it OT services for all the different teams within the organization. So if they, [00:12:00] you know, if construction is looking to put up a new site together, we help with the design, the cabling, the allocation of resources, what vendors should we looking at?
What should we deploy? If it's physical security, they might want a camera that does this, that and the other. Right. But we might know that, you know, there's certain vendors who meet the standards, need the policies, have that infrastructure in place. So we'll be able to work with all of them, review their proposals.
If let's say an BMS vendor comes back and says, you need a, a server. Okay. The facility guys are their wrenches. They're very smart guys, right? They can execute and operate a building a hundred percent, 24 hours, but they're not it guys. They can't tell you if that's a correct operating system for a server, what the IP address is should be.
They need a resources. And that's where we come in and say, look, we will be that resource for you internally. If you need anything, let us know. And we will help you navigate the crazy world of IOT and OT and it converging together.
James Dice: Cool. So. Let's zoom in on a piece of the [00:13:00] sort of roadmap that you guys put together back then, which is the network convergence, right? About what, what that entailed and what the goal was there.
Bayron Lopez Pineda: Sure. And for us, it was people who had convergence and sometimes there's two approaches to it, right?
There's a convergence with your corporate network, right? Your file shares your servers, your day-to-day operations, and converting our two facilities. We did not want to do that. We wanted to make sure that we kept those air gapped, right? Our, our it team has put together an infrastructure over 20 years.
That's amazing. Right? So we didn't want to affect them. What we did is we converged to the building, right? BMS, lighting, controls, access controls, water detection, all those dispersed networks within the building and converts them into one. Right. And the past you would see that there was. Or DSL. And since you had four different systems, why is that needed?
Right? Why don't we just consolidate to one network, make sure that that's managed accurately through, you know, a firewall to manage switches in converts those devices into one. So, what we did [00:14:00] is we essentially created a secondary corporate network for the building itself that was converted. So now we have multiple villains, multiple subnets, right?
You have different firewalls, controlling axes. You have the removal of those third party, you know, team viewer and logging in solutions and converse that so that we manage the connection. We have a active directory, we have a domain controller specifically just for that outwork we're in the past, it was just Willy nilly, whoever came in.
So we converged to build the network itself into one. And then we can scale that up with an SD wan and pieces. Okay.
James Dice: This might sound like a stupid question, but it just came up to today on LinkedIn. Well, I brought it up on LinkedIn because it was something related to an article that someone wrote.
Why did you decide to do it that way? And the reason I asked that is because there's a subset of the industry that says, oh, just leave it up to a contractor. They're going to put this in for you. Why did you decide to take ownership and responsibility and [00:15:00] have one, one network that might sound like a stupid question, but I think it needs to be explained.
Bayron Lopez Pineda: Well, if you historically think about it, it's been managed by third parties, right? And when you are not the one responsible for that on a day-to-day basis, right. Contractors can go from one job to another. Right. But we want to be employees of killers. Okay. Our team wants to make sure that we were proud of our buildings, right.
We're part of what we've worked on. So we feel like there's more control and we want to be able to manage it better. So for us, that was the only way we would really want to do it. We did use vendors in the past, right? Each BMS vendor was managing their own network. We told them, look, we can take over that because we have the expertise to help you.
We also wanted to be more proactive in the buildings, right? Because when something goes down, it connects Ethan, your Jack it's it, it doesn't matter if we manage it or not call it, it's it get Byron or get whoever on the phone. It's their system. Even though we might not even know that it was there. So this way we can have some control, not be blindsided by issues, and then be able to dictate where we're going, as [00:16:00] opposed to following what the vendor says and saying, oh yeah, okay.
They said this was the best practice, but now this way we have more control and we're able to be more proud about the work that we do. Right? Totally. And
James Dice: Andy, from a PR perspective of all your clients, I'm sure that you guys are having this conversation all the time with whatever subset of vendors that serving your clients.
How does that conversation normally?
Andy Schonberger: It really does come down to risk and control because inevitably, you know, lieutenants, or if you're an owner occupier, you know, the users of the building, you know, they still are going to point fingers at whoever's got their fingers on the technology. And it doesn't matter if the vendor was controlling it or not.
You know, it's somebody inside the company who owns the, the system end of the day is going to have to fix it. So that there's certainly an appetite for that risk reduction of, of some investment in time and effort of folks like Byron to, to get further down that road. Now where the arguments come in, I think is on, on what convergence means and how far do you go?
And, and, you know, because our industry has done a great job of selling [00:17:00] the benefits of, you know, a fiber backbone and, and, and, you know, copper across the floor plate or, or various, you know, fiber strategies or what have you, in some people in our industry, think that just means massive dollar signs all over the place.
And so, you know, there can be investment criteria to go over to justify, you know, that type of investment or. Convergence can just mean control of the entry into siloed building networks. So, as an example, we, you know, we have plenty of clients, existing portfolios who still just like, just like Byron and Kilroy, want to get that risk reduction down for people accessing the building, but they also don't want to have to throw six or plus figures at, you know, a building network convergence program, if you will.
So, okay. We just need to control egress. Now we need to make sure that remote access is managed for example, and we need to have an enforcement mechanism in place for. For vendors around their cybersecurity, best practices and maybe a bit of a hammer, you know, in case they don't comply. And maybe there's some things that we want to take off the vendor's plate, like [00:18:00] backup with building systems of, of managing antivirus on servers, because that's not their core expertise.
So we're going to act as it for OT, for operations technology. So that is certainly a trend that we've seen to the point where we've built a practice to support clients, because, you know, they, they have aspirations of doing what the Kilroy OT team here is doing, but they don't have the resources yet. So they want someone who can act as that single throat to choke, to, you know, keep the vendors from running a muck, if you will, or just keeping them focused on what they're really good at and providing this as a service for them.
So we've actually, as this has evolved over the last five years, have built this up as a practice to offer that as a service. Because of the need in the market for it. So long way around answering your question, never about just network convergence, but you know, the idea here is to help each client to find exactly what it means to them, without it requiring a blank check.
But to get at the, the same nut that Byron and team have cracked, which is risk reduction and ownership of these systems.
James Dice: Yeah. W [00:19:00] where, what I was trying to convey by posting this on LinkedIn was that every organization is going to have a different playbook, a different answer here, depending on the staff, depending on the funding they have, depending on the existing situation.
So yeah, I love hearing this. It sounds like you guys have figured out what, what your unique approach to it is going to be and your unique roadmap, because like you guys said, It doesn't sound like everything was exactly how you wanted it to be when you, when you created the strategy. So now it's about a roadmap to get there over time,
Bayron Lopez Pineda: correct?
Yeah. We wanted to lay that, lay the foundation, right? We can't rip out access controls. We can rip out BMS replacement equipment. You can't rip that out. Right? If you buy a building, you're not going to retrofit for exactly hundreds of thousands of dollars, but you can do is you can lay the foundation that controls those pieces.
Right? You can say, how do these devices connect to the internet? How do we control people coming into the systems? How do we [00:20:00] control connectivity? You can standardize the pieces above that, right? Cause there's multiple layers to our BMS, right? There's different layers where you can place yourself in there and add controls to the systems without.
I mean, and without causing too much of a financial impact. And then you also reduce your attack vectors, right? If you had four different systems that were all open, now you might reduce that to one attack vector, right? Cause you're, everything is behind one network. So when people say, well, look, it's probably not smart for you to do that.
Well, you know, do you want to have four ways to take an attack to you or one way that you can manage that you can reinforce and you can bunker down on, and that gives you a much, much better solution than you don't before. So that was our idea. How do we hunker down? How do we, or the core, right. And then how do we then grow from there?
How do we make sure we establish the policies and make sure everybody's playing together and on the same infrastructure and then leveraged from there.
James Dice: And then obviously new developments are being created. Exactly.
Bayron Lopez Pineda: Exactly. So, yeah. So that's part of the development project. We [00:21:00] now work with our construction team and say, look, this is a matrix of approved security devices, right?
These are the vendors that we know will provide good resources, good equipment, things that meet our standards. We can leverage in costs, right? Because many times when you look at construction, there's always a cost evaluation, right? Many times as a subcontractor, they get selected might not be the best might not be the cheapest, but there's somewhere in that cost bracket that might be towards the end.
Right? If you can say, look, we can get your solution that is near the top of the charts for a much lower price, because we are now using it across a portfolio that makes it easier for them. And they don't have to go out there and renegotiate and rethink about this. We tell you, this is a camera used to choose this.
We are, the servings should be selecting, let's get deployed and working. And, you know, we'll get involved with the deployment of the copper, the complement of the fiber, where should we be putting IDs? Where should we be putting our switches? What should the home running where, you know, you're talking about 900 feet of cable, are you sure he can run that?
Right? Copper has a [00:22:00] 300 foot limit. So you're talking about 900 feet. Should we put something in between there that, you know, it's going to boost the signal? So those are the pieces that we are not part of. So when our team deploys a building, it's hopefully at the best standards that we've produced.
Totally.
James Dice: Tell me about, like for the average existing building, you guys have a hundred, a hundred buildings, average existing building it, it started off with maybe a couple networks, probably OT, a couple of redundant networks, a couple of systems that maybe needed to be connected and probably weren't connected.
Right. Uh, Tell me about how that, how a building started and then how it's going. Like how like, well,
Bayron Lopez Pineda: it started with Fred Gordian scaring the heck out of us. Right. So he went and did an assessment and he said, look, look, look, look. And we're like, wow. Right. So I always credit Fred with, you know, starting this adventure for a lot of us.
Right. He's, he's a great resource. And you know, I've, I've trusted his wisdom over the years, so that's how it first started. Right. You need somebody to kind of like that [00:23:00] fire and not necessarily for us. Cause we kind of had the idea, but for upper management for him to be able to go and tell something like this is what I've found for your building and this is what we cause they're the ones who are going to put the money towards it.
Right. They're the ones who can do. Here's the check that you need to do, go fix it. So it started with him. We did the assessments and we figured out initially, we're only going to do our BMS, our HVAC, and including right. Heating, cooling for the building. As people got aware of that, they're like, well, look, we have a lighting controller that connects to this.
And then physical security said, well, we have cameras and servers. Can we tie that into that? And then water detection. So it just grew from there, right? We opened the can of worms and it just exploded. And now basically every building system, every operational technology system in the building goes to us, right.
Or we try to go through us, right. As much as we can. There are some things where, you know, it might not be on our network or it has to be on a security network or by required it just to be completely offline, just cause you know, there's requirements. But we try to work with all of our teams to figure out what's the best approach for them to then [00:24:00] reinforce them in the van.
But it started with just let's look at what our HVAC is doing. And then from there it exploded and, you know, taking those networks and making sure that we can connect them down.
James Dice: Well, correct me if I'm wrong. Both of you, a lot of times this conversation starts from an HVAC standpoint, right. And
Andy Schonberger: then it's pretty common.
James Dice: I think what we're seeing today is like, there's like, as my friend, Joe Gasper, Doni likes to say there's like 35 different types of systems that could potentially be connected. You know, Peloton likes to systems to, you know, connected coffee makers,
Bayron Lopez Pineda: everything, everything. It's just about you figuring out what the appetite is.
Right. You know, Do you spend hundreds of thousands of dollars to connect the coffee maker, right. Is that something that's within your strategy? Maybe not. Right, but what about your lighting controls or your HVAC or your elevators, right? Yeah, probably those pieces you need to do. Right. So you also have to be strategic within the building and say, these are probably the core items, especially if you have [00:25:00] a tight budget, right.
Or if you have a restriction or you want to set certain goals within a certain timeframe, you have to be strategic because if you're telling people, yeah, we spent, you know, two K on connecting the coffee maker, then maybe they're going to look at you and say, maybe that budget should be going somewhere else.
But if you're able to tell them that we have better resources, our engineers can work on our buildings from anywhere in the world. I've actually worked on our access control server, sitting over Waikiki beach. Right. If you're able to then leverage those pieces for our sites and give that technology towards systems, then it's, it's, it makes it functional.
If you're just saying let's connect everything because that we can, then that's a different approach.
Andy Schonberger: Yeah, James, that's pretty common for our clients too. I mean, with a lot of you know, those that work deploying these services for, it usually starts with what is the, you know, what is our biggest bang for the buck?
Because it's inevitably, this is a bit of a change management effort too. And if you think about you know, a REIT, the, you know, distributed property managers with various levels of expertise, sometimes the chief engineer on site, sometimes [00:26:00] it's remote person. Sometimes it's completely outsourced or FM is outsourced.
It's just, it can be fragmented. So you have to build it as a program and kind of roll it out and keep going. But almost always the, the, the BMS is the kind of catalyst, because it's the most number of points. It's usually the one that most impacts daily operations for comfort or for energy. And so there's usually a let's lock this one down first and then, you know, like, like Kilroy scale from there.
And, and sometimes you have clients who, you know, they'll say security, like, for example, the. Parking security and parking management. That's completely outsourced that network is separate. It's got credit card information. Nope. Not in scope. No. One's just going to leave that for now. Don't catch it right.
Or, or, I mean, we have clients with large campuses where the physical security is handled in a security operation center, and they're already pretty Batten down from, from a security perspective, cyber security as well. And, but, but they don't want anything to do with, you know, the, the BMS or the meters or the, you know, the, I dunno, the demand limiting system [00:27:00] or, you know, keep going.
So we kind of have to look at. How bespoke these buildings can be. You never building as a snowflake, we beat that phrase to death. And look at what, where's your biggest bang for the buck in terms of the program and scaling it out with this ecosystem. We're all dealing with.
Bayron Lopez Pineda: Yeah, we were lucky enough that we early on built a team that included facility, master physical security, sustainability, and it, and we said, what are our common goals?
Where can we reinforce each other? Where can we work on projects that you know, many different teams are spearheading where they're spending funds that are similar to each other. And we can be leveraging that towards infrastructure. We would all use it. So we've got great feedback from our head of engineering, our VP of physical security, what are their needs and how can we solve them together?
So that's kind of helped us. And that's a big item that tell people that always do it right? Bringing in all your stakeholders, because you never know, they might be willing to work with you on every single project that you have, or might I know the channel policy going
Bayron Lopez Pineda: on and they're willing to jump in place, right?
Our security [00:28:00] officers, they're great security officers. They patrol, they keep our building secure, but they're not it people, right? If you tell my, you know, our physical director or director of physical security or one of our regions, great guy, right. He knows his stuff, but he's going to tell you that he's not a, a windows guy.
He's not a server guy. He doesn't know what that is, but he can rely on us to give him that information and make his job a little bit easier.
Cool. As long as he's not doing what I did in my past, right. By her and uh, plugging something in and taking a network segment down.
Yeah. Yeah. And they, and they know that now.
Right. They know that we're going to connect something. We should probably check with Byron or his guys and say, does this work, or does it not work? Or we have a point down, can he check the network to see if we can check the logs and see, where was it connected or, you know, without us having to trace the cables all the way back.
So it's resourceful both ways.
James Dice: Cool.
Hey guys, just another quick note from our sponsor nexus labs. And then we'll get back to the show. This episode is brought to you by nexus foundations, our introductory course on the smart buildings [00:29:00] industry. If you're new to the industry, this course is for you. If you're an industry vet, but want to understand how technology is changing things.
This course is also for you. The alumni are raving about the content, which they say pulls it all together, and they also love getting to meet the other students on the weekly zoom calls and in the private chat room, you can find out more about the course@courses.nexus lab. Start online. All right, back to the interview
Well, let's talk about paying for this. So obviously taking a hundred buildings and completely changing them over to this new standard is not feasible from a capital expense standpoint, but doesn't this start to pay for itself over time. Once you start to get more efficient and how, how does that happen?
Bayron Lopez Pineda: Yeah. I mean, it's, it gives you the opportunity to start leveraging the technology. Like I gave you the example, right? We found that some buildings had multiple internet lines. Right. And for some people, those might be small dollars, but let's say you're paying. A hundred bucks a month, right? Because you have four different Interlines.
If you would do sets of 500 [00:30:00] bucks, right. Or a security aggregation, right. Security operation centers. If you start to point security operation centers, maybe you can leverage down or reduce the amount of officers that you need out deployed in petroleum because you have a location where everything's in scene.
So in the long run, it makes it more efficient. It makes it more easy for a building to deploy systems. And then we can also take a look at contracts and say, look, this tech, this vendor is charging you for a server. That's going to. I by the end of this year, you're going to have to replace that right after.
So you're going to have to pay him again. Let's just do it right the first time we only pay one time and that device is going to last you for a while. So it allows us to scale up. It allows us also to replace equipment because now we have an SD wan, right? So let's say a server dies somewhere and we really didn't need that server for some reason, or it was just a legacy component.
Now we can say, look, we don't have to replace that $40,000 piece of equipment. We can leverage the wider network area. We can then point those points towards our data center or cloud and [00:31:00] bypass equipment altogether. So we can now have a little bit more control and make it a little bit leaner. Cool. Andy, anything to add
James Dice: from the client?
Andy Schonberger: Yeah, I mean, there's, there's obviously done, right? There's there's cost efficiencies of consolidating egress points, things like that. But a lot of this is cost of. This is risk reduction. This is, you know, you don't want to have to spend, we had a client have to spend $90,000 rebuilding a BMS because it got ransomed and they didn't have a recently.
You know how much, you know, that the cost of a service to maintain a, a, you know, an incremental backup is peanuts compared to that downtime and lost productivity and, you know, even mechanical damage that can happen with some of those systems when they're not properly controlled. So you're trying to avoid some of those things.
You know, with the services or with a group, like Byron's helping you take care of them, then you're avoiding the possibility of those costs or, you know, the worst case of a tenant evacuation and the productivity loss there. Or, you know, Byron [00:32:00] mentioned, we actually have an example from a client exactly that happening.
Thousands of devices getting knocked off because of it saying, oh no, we can do a, a penetration test or sorry, we can do a scan on these devices and look for abnormalities. And now they had the, the labor required to go and manually reset a thousand devices unplug them and plug them back in basically to get them to come back online because the best of intentions, like those things are expensive.
And the more technology we put into our buildings, because we're certainly not putting less in nowadays, you know, these things are going to happen. So it's, it's, it's risk avoidance in a lot of cases, I don't like telling them the doom and gloom stories because it's, you know, this shouldn't be a fear thing.
You know, real estate is the owner's manual managers. Developers are really keen to reducing risk that, you know, on that net operating income. And that's what this is, is, is a risk on that. So as long as you can build a program and think about reasonably deploying phasing things like we just talked about it doesn't have to break the bank.
You're not, you're not going to dramatically impact analy done, [00:33:00] right? I mean, of course you can go and throw money at a problem. But if you look at this right to manage the fragmentation we've got here and look at your biggest bang for the buck, you can reduce that risk without it breaking the bank.
Bayron Lopez Pineda: Cool.
James Dice: Let's talk about the, I mean, you guys have taken the stance that is different than that article I talked about on LinkedIn, which I'll put in the show notes, which is we're going to take responsibility
Andy Schonberger: for our own network.
James Dice: Right? What do you think is required from a personnel and skills and team standpoint in order for you to really, really take that full responsible.
Bayron Lopez Pineda: It's interesting. Cause we just actually hired another guy to be on our team and it took us forever just cause the, the skill sets out there are not really on the OT side. Right. And the way that I, I would present it to people is it's it, but not traditional it. Right. You're still going to have networks.
You're still gonna have infrastructure. You're still gonna have end points, but they're not going to be the same way that you manage a, you know, a corporate [00:34:00] infrastructure, very similar. But you know, if you take something down in a building, your elevator start running, right, your, your stop running, your HVAC stops running.
So there's different things that we have to be more addressed. One of the big success successes we've had is our facility guys who are younger, the computer, the computer guys, right. Who grew up gaming, but we're really into like the building facility sites. So those are the guys that really get, how do we network their meters in?
How do we make there be a message more accessible? How do we control the lighting systems? Right? So those are the kinds of roles that we want to look at the engineering guys who want to either grow their careers into technology and technologists and facility management and bringing the it guys into the infrastructure as well.
Right? Because many times they have no idea of how it's done, right. I come from a technology background, I've been doing it for a while, but you know, I was lucky enough that early on my career was deploying infrastructure and deploying IDs and in construction areas. So this kind of helped me segue into this role.
But many times the it guys are happy [00:35:00] being stuck behind the systems and just, you know, Plugging away at a computer. We actually have to go into the buildings and get dirty and start taking cables around and does not to any equipment, which is exciting. So you have to find something in that balance.
I know Fred has been talking about, you know, certain certifications and stuff that would be great to see, but right now, if you go into the schools and you talk to them about the building side of it and physical security, it's not really there. People are just, you know, when I was in college, I never thought I was going to work for real estate company.
I, you know, I thought I was going to go to the big boys and playing technology and engineering, but here I am doing technology systems are cutting edge and leading our industry. So it's, we have to make it a little more sexy for people to consider getting into these roles because they're not they to see the bill didn't really understand.
They know that an architect design is a civil engineer, built data and mechanical guy put it into the mechanical components, but all those guys are tied in by the infrastructure and the backbone. And that's the technologies behind it. I think that's where we need to really [00:36:00] go and say, we have to push people to go onto this.
Andy Schonberger: I think we we should have asked Fred Gordy to be on from intelligence side is just keep talking to him about him. Like, he's the godfather, actually. He really is the godfather of cybersecurity and building systems. But I I'd follow up Byron's note there because it is certainly a challenge for this industry to tackle, you know, this, this technology skillset.
And there is a lot of opportunities for this. I mean, we were talking about this in the show, prep James we're hiring because we're, you know, this skill set is in demand. So what, what we've tried to do with our services is build them. So that we're the easy button for clients. If they don't have the time to build out that program and, you know, upscale at, we can, we can help them through that journey.
You know, whether it's for a year or two years or three years until they spin up a team, like, like Byron's, that's, that's the whole reason that IB exists is to fill this gap in this industry. So, but it is certainly a challenge we've been working with. Some of the community colleges, if you will on, on some of the programs on, on building cybersecurity curriculum about [00:37:00] control systems.
So, you know, we have these, you know, kids coming out of college, learning about, you know, the latest and greatest from Johnson or Honeywell or, or the Niagara framework. And we want them to have some be versed in cybersecurity as well, one as a source of, you know, a skill in this industry, of course, but also because then the whole industry has moved, you know, moved forward.
But, you know, we're, we're certainly dealing with that challenge. You can't expect, you know, an asset manager or your average facility manager to understand the NIST framework. It's just, that's not fair. They weren't trained that way so we can bring them along the journey, but we can also provide the services for them on a very targeted way where, you know, you don't expect too much of them or the vendors.
Cool. And then when you,
James Dice: when you kind of coach your clients on putting together that team, what do you recommend they have in place when that teams put
Andy Schonberger: together? So we're really building that out as a playbook. Like we do the very consulting, ease things, you know, build out a RACI model of who's responsible, who's accountable.
Who's consulted throughout the [00:38:00] organization. That is very much dependent on how the organization is structured. You know, to Byron's point, we do our best to bring all those stakeholders involved. You know, the, the physical security of the construction folks that, you know, get all their drivers. I mean, we know quite a few of them, right?
I mean, Byron working with construction folks, you know, they want help on technology and they don't want him to increase a schedule or add any cost. So we know that we know the typical drivers of these folks, but we wanna make sure that they're, you know, along for the journey and understanding how they can you know, pull from this operating model, how does it affect them?
Where should procurement include language in, you know, issuing a, an RFP, for example of cybersecurity requirements versus what does MEP need to know, building a new building and writing a division 25 for Kilroy. You know, those are very different things you know, in this organization. So you have to understand.
The whole life cycle of the building from how, you know, coming out of the ground right through to we're selling it, you know, at some point down the road. So it's, it's not a simple thing, but it is a knowable thing. We've been, we've been working at this for [00:39:00] 17 years. So, that's what the godfather, Fred and team have done is built this out so that it can be consumable as a playbook.
And then you have all those folks kind of knowing how to take advantage of this and, and, you know, do better instead of just pretending there's no problem here.
Bayron Lopez Pineda: Yeah. And James, if I can add one thing again to the kind of the workforce, the other thing is too, as you're coming in, ask questions, I've seen a lot of the people who I've talked to on your podcast, they're always looking to share their ideas, share their information, their experiences.
That's one of the great things about being kind of in this field, right? You have people like Andy and the team over at IB who are always willing to do. With what other, but also just look to the resources. Everybody always wants to share information, learn from each other. And even though we are competitors, right, we are working towards, you know, getting somebody else's leads to come over to our list.
Cause that's the nature of the business, but we're always looking at each other's backs. We're always looking at what are you doing from a technology standpoint? Okay. This is what I'm doing. Where can we leverage each other? Or you're [00:40:00] having difficulties with this vendor? Oh, me too. Let's work together.
So being able to ask the questions, like one of the things I tell the guy that we just hired is just ask any question. You come from an it background system engineering. Ask me any questions on the building side of, I don't know, it will ask our building engineers. If they don't know it, we'll reach out to somebody else.
Just be willing to learn. I will send to, you know, physical security conferences, right. Where I'm looking at bowlers and looking at, you know, Jones and all this stuff. And it's like, okay, cool. It's part of the role, right? You're going to see these pieces, right? We've sat at locations where they're showing us new cameras.
And so is showing us how far it can go in mile long. And necessarily for me, it's not what I need, but it's something that I can have in the back of my mind in case our physical security guys asked us for a solution. So be open to taking them, certifications, anything that is dealing with the building and just, you know, going from there.
Cause you never know when you're going to use it.
James Dice: Cool. Yeah, the work, the workforce side of things is something that the nexus community has been digging [00:41:00] into a lot more. We did an event on it in July, I think. And several members have joined recently and their number one focuses on these types of workforce programs.
So it's definitely a huge bottleneck for everyone and we gotta do what we can to, to remove that obstacle. Well, cool. Let's talk about when the policy set up strategy set up long-term roadmap set up, you start to get these systems connected to the same network. What does that enabling? And I'm thinking of it in two buckets, one is how does it enable you to manage all your subsystems better?
Right. And then the second thing I'm thinking of is like, Applications, what technology does it now enable because your data is available and it's easy to integrate stuff and that type of thing. How do you think about those two categories?
Bayron Lopez Pineda: So, I mean, it really enables you to look forward to new systems, right?
Because you now have legacy you've, you're replacing legacy components that maybe we're not capable of, you know, passing traffic quickly enough, or you had [00:42:00] switches were never managed. You had conflicts of data right now. You're putting infrastructure in place where you can go and do, you know, high visibility cameras or AR analytics and the cameras and the devices.
You're able to pull data quickly from your building systems. If you have IQ and analytics right before we've had people who walk around and not just us, but the industry is walk around with a little meter and looking at, you know, how particles are in their houses. Now you're able to leverage that for all your buildings from.
And say, oh, this is the trend for the past 30 days, 60 days, 90 days. And you didn't have somebody on site. So leverage you to be able to deploy the technology. You're able to start cutting edge systems. And a lot of our tenants are, you know, high technology companies. You have to keep up with them, right.
And not just us, but in real estate in general, you have to keep up with their needs. So contact lists, right? They contact us, push, you know, being able to call your elevator directly from your cell phone. People want that, you know, they don't want to touch anything. So they want to come into choosing this device and not touch [00:43:00] anything or anybody and just get to their spaces they need to.
So that enables you to have those technology sentencing systems, right? Because you know, if you're looking at 4k cameras, it doesn't matter if your cameras are 4k, is which is our, you know, very slower, you know, things that you bought at best buy. You know, if you're not have gigs switches and you're not really doing much with it.
So I think enables that in terms of technology and systems,
James Dice: What are your thoughts on Andy?
Andy Schonberger: Yeah, I mean, that's, I would say what most of the industry knows us for is helping strategy, you know, strategize, establish what your use cases are, figure out how that maps to your systems understand, you know, the design guidance required, you know, to get that into a project or a site assessments.
This has been our bread and butter for years. So, you know, we, we've spent a lot of time, you know, helping clients scale out fault detection, diagnostics, or look at the next level of integration to work orders. And, you know, late lately it's a lot of tenant applications and amenity, you know, things. So instead of just operational efficiency, being more experiential, but the key to all this is understanding what [00:44:00] conductivity is.
And isn't a good idea. And, and you know, how you want that managed because going back into my, my former life, there was plenty of clients who just said, no, we're not doing that because it sounds. You know, like you you'd get the the it folks saying, no, you're not connecting to a cloud service because I don't trust how you would get.
So just flat out, no, I don't care what you think you're going to get in terms of an ROI. And so you'd bang your head against the wall, or maybe just, maybe it's just me. But so what we want to do with, with strategies like this is de-risk that so that you can now think of those top, we've actually categorized the top 20 use cases that our clients have been consuming and they aligned directly with what Byron was just saying around, around analytics, around frictionless entry, into buildings, around understanding indoor inventor, environmental quality, or getting into the, you know, the, the utilization data or the, you know, having the elevator management system integrated into, you know, a unified interface, all the things I know you covered a lot of detail, James, and then a bunch of your other podcasts.
But what we want to do is make sure that. [00:45:00] When we come up with those strategies or talk to the leasing team about how much that would differentiate the property compared to the one across the street that on the backend, we've done all our homework and everybody who is going to connect and maintain, operate, and continue to manage the change of those systems is aware of how this is all going to work so that there's no extra risk and not just it gets hacked, but is it going to work?
What happens if the internet goes down, where does the finger get pointed? You know, on, for example, on our, our, our managed services, you know, we've had a client call and say, Hey, your remote access is, is, you know, management for us is not working. And, you know, we look at the system and we're actually know you're an it service provider that the, the link has been going up and down every 30 seconds, you need to call them.
We're standing by ready, you know, call us for support. But look here, here's the data. So now we can make better decisions based on all that, of how to keep. You know, admittedly more complex systems up and running. We're not just opening windows anymore. And now we're Byron's logging in from Hawaii to make sure that, you know, the, the systems working [00:46:00] properly.
So that, that complexity, I don't think is going anywhere. It just needs to be managed. And so that we can enable all these use cases. And heck, I don't know what's coming a year from now, but we certainly want to be ready to have a secure connection to some cloud service. Some AI engine, some data lake from a client, some digital twin, all of the use cases you cover in extensive detail, you know, in, in your series here, we want to make sure that we can say yes, you know, but understanding how that whole life cycle is going to work and not have to bang our heads against the wall with a no from it, because it's just too
Bayron Lopez Pineda: risky.
Yeah. And that's one of the things I think that we reach a lot now, right. As we get requests and when you're leasing many times you to say yes to everything, right. And then lease it first and then we'll figure it out later. We're lucky. After we have the infrastructure to say, okay, you set that. Okay. We probably would have said yes, right off the bat, but we can probably make it work.
All right. We could probably get you to do what, whatever you were asking for it, which then makes our tenants happy. Right. Or there might be some crazy ideas that come [00:47:00] out from a conversation that somebody saw at, you know, do by expo or whatever. And maybe they have the tons of money to throw at them, but maybe we don't have that resource and we're asked to do it.
And okay. We, we actually had a request to put a security operation center up and running in about think it was two months. They'll usually that will take us eight months infrastructure, where we had the infrastructure in place to say, okay, cool. We need to just spin up the VMs in the cloud, make sure that the tunnels are up and running.
The infrastructure locally is ready that we can deploy that fairly quickly. But without this infrastructure, it would've taken us eight months a year. And now, because we had that success, we're now being told, okay, we want four more of them done by. The end of the year, whatever that is. So it allows us to be able to leverage technology and be able to tell our, our C-suites like, okay, we can, we can probably figure it out or no, we don't have the infrastructure for it.
It's not there. So it gives us a little bit more leverage and more usability for
Andy Schonberger: the buildings or the next step are in, which is, Hey, I know you just connected [00:48:00] those four buildings, but we just sold them. Can you take them off?
Bayron Lopez Pineda: It happens. It happens. And you know what that is now. It's just, okay. You just know that box that sits in that MPO, take that out in the building's disconnected and you can just sell it to the property.
And it is that simple, right? And here's a model of everything. That's in the building here, all the passwords and IP addresses, and here's a portfolio for that site. Give it to the buyer and they're up and. So it does happen for us.
James Dice: as it gotten to the point where that makes it the building more valuable at this point, or is that not, is that, is that fluff at
Bayron Lopez Pineda: this point?
I think we believe so. I mean, we believe so. And if you looked at what killer has recently done, right. With sales and acquisitions, I think, you know, it makes it a little bit more valuable to also does it from the tenant perspective. Right? Cause they might have questions as to how are you protecting us?
How are you protecting to make sure that the buildings, you know, being adequately secure, what are you doing for my employees to come into your site? So I think that makes it appetizing for the tenants. You know, if you're able to tell the tenant, look, we can get rid of all the physical [00:49:00] key card waste.
Right. Cause we're moving to mobile. Right. That might be a good strategy for them as well. Cause they might have a ESG policy that they're working towards. Right. So now they say, oh, none of our employees KCI carts because our landlord doesn't provide that. So mobile. It makes it accessible appeasing for some appealing for some tenets.
So we're, we hope so. Right. We keep on getting projects. So I think we are, but you know, we'll find out.
James Dice: Cool. Well, you guys mentioned tenant apps. I just want to ask about that because they're so hot right now, Andy, I saw you wrote an article on tenant apps in 2015, which is hilarious to think about because it's come so far and become so hot at this point. But can you, can you guys talk about how you're thinking about tenant apps today and specifically.
'cause you guys have this air gapped sort of front of the house corporate network? Well, actually you might be have the Kilroy corporate landlord network, right. And then you have this air gap, OT network, and then the tenants [00:50:00] might have their networks as well. And so I'm thinking about three different networks here, right?
That the app could be connecting to, depending on what use cases you're enabling. For instance, I want to change my HVAC set point or you, what, what sort of use cases are you thinking about for tenant apps and which ones are sort of the most successful at this point?
Bayron Lopez Pineda: So we leverage that through each building is unique, right?
So whatever services you might have on one side might not be needed another. So we li we really like to tailor towards those and specifically, right. Depending on the needs of the building, the tenant needs, you know, there might be locations. Tenant might have a specific solution that they want to work with.
And if they are a, you know, a fully occupied tenant, then we have to work with them on that. Right. So we'll have to figure out that solution for them, where we have multiple tenants. That's somewhere we work with the building and the asset management team to see how that interaction needs to happen are listening to marketing, marketing teams are becoming really heavy as to, you know, what they [00:51:00] receive from us providing services, right?
So will OT be able to provide you an application where you order lunch and do your dry cleaning? Probably not. Right, because that's probably not within our scope, but we might have something as part of our marketing team, which that will be its focus. So that's what we're trying to figure out. What is specifically building operations, right?
Where can you request a mobile credential to go into a property or where can you request, you know, lunch or services that way? So those are kind of the strategies that we're looking towards. What do we make efficient and available for the building and where does. That makes sense and say, look, you have a request.
Call the engineer, the engineers on site. He has all the tools available for him to be able to make changes 24 7 and that's just a process. So it really depends on the building and, and the tenant and the space.
James Dice: Yeah. The reason I asked this question is because this, this technology has the potential to make all the last silos go away at some point, but we can't act like the silos aren't there when we implement the technology.
Right. So I think people [00:52:00] kind of gloss over that fact when they talk about this, what do you think, Andy?
Andy Schonberger: Yeah. Yeah. And you can get the, I mean the, the tenant employee experience platforms is actually what I would call them instead of just the tenant app, because it really just depends on who the, the user mix is here.
But from a lot of the marketing I've seen, they've done a great job at make it seem like this is one app to rule them all, you know, in the building. But, but underneath the sheets, you know, there's a lot of API integration to building systems and you have to think about how is that connected and how are you doing.
You know, how are you onboarding a tenant versus, you know, just how an engineer using it? There, there are certain lines in the sand you have to draw and going to the marketing of these experience platforms, there's a lot of functionality they're stacking up as a menu list of everything from, you know, visitor management to the mobile access credentials we've been talking about and concierge services and, you know, book an exercise bike, and, you know, I mean, keep going on, on maybe it's the environmental controls or request fresh air or, or submit a work order, or, I mean, you can [00:53:00] keep going.
And I saw the list on, on one for our client. It's this amount of services is 50 long actually. And they basically just said, let us know how you want to configure them. Because we can do all of this under that umbrella. And now you're looking at that and going, where do I start? Like, how do I prioritize?
Because that, and do they really know what they're getting in for? When I tell them I have 17 building automation systems and four of them are proprietary and those vendors are not going to want to let us connect at all. So do they even understand all of this? You know, so there's a lot of, there's a lot of complexity there, but I will say that as these platforms are maturing, then a lot of these are, it's not just a custom app being developed, like what I was talking about years ago, where, you know, hire an app developer and you can make whatever you want right now.
Nowadays there's a lot that's it's pre-configured now you're just tailoring it right now. You're changing a logo or you're changing a sequence for example, or they're using a different API to get at a particular system or. It's certainly come a long way. They are pretty powerful, but they are not that one app to rule them all in my opinion [00:54:00] yet still because you know, it is focused so much more on the experience and this is where you need somebody like, you know, with Byron's experience or hours to help you understand those connections under the hood.
Because you know, you can get leasing folks, look at that feature list and go, I want it. And then when you have to run it, you know, especially in an existing building where you may not have a clean sheet of paper to specify all those integrations right upfront, you may have your hands full making it viable and, and, you know, working on an ongoing basis.
So I love where this is going, because what it's doing is driving a lot more connections to those base building systems. And now there is more eyeballs on making sure they're configured, right? And that, you know, that this is going to work long-term and that there is someone like the bot team at Kilroy is supporting it on an ongoing basis.
So I think it's great because it's getting more eyeballs into this space. But it certainly, isn't just a magic, like if you just say, oh yeah, connects by eight API. Okay. Maybe right there, there may be some more expense there that you're not quite sure what right off the bat. But man out of the platform is powerful and it's really hard not to be [00:55:00] inspired when you pick one up and get to play with it for the first time.
Compared to where we were five years ago. That's for sure.
James Dice: Very cool. Yeah. I'm super excited about where it's headed as well. Cause it's creating those conversations about knocking down silos that, that we wouldn't have had as early as quickly before. Well with that, what do you let's let's wrap up here.
What are you guys excited about heading into the end of the year early next year, maybe you start with you Byron.
Bayron Lopez Pineda: COVID showed us a lot of things, right? So COVID actually helped the building wrap up also, right. Unfortunately, everything that happened, but we've actually been more busy within our buildings, retrofitting and repositioning and updating and upgrading.
So the technology that's coming into the spaces for the next years is, you know, it's phenomenal, right? Some of the things that we'll be able to do with elevators and access controls and cameras and internal Kilroy pieces, right. That we might not, you know, expose to tenants or that might not be needed for them.
Right. Because another thing of the tenant experiences, you know, who needs what, [00:56:00] right? A facility, people at the tenant might need something different than your regular employee, but for us, the technology that we're able to leverage, right? We're able to push technology forward the way that we're building our sites, the way that we're thinking about, you know, how should we elevators integrate?
How should an elevator and all that you lock, walk into the lobby and select your Florida magically for you. And the pieces as we're making it easier for you to live in our space and welcome you guys back and make sure that you're enjoying the killer brand and, and say, yes, we want to renew our lease, or we want to leave some more spaces.
Just pushing that innovation. We always say that, you know, we're, we're innovation works. And we, we truly want, I mean that, and we see it with our sustainability team, our development teams and our technology teams. So really excited about where we're going and the technology approvals that we've gotten over the last couple of months to push the technology forward for our sites.
James Dice: Very cool. I love that answer. What about you?
Andy Schonberger: Yeah, what he said, we're actually in a very, very similar position in that a lot of our clients [00:57:00] are looking at how it is, how is technology a differentiator, maybe it is in that new build, you know, trying to, you know, add in digital amenities because there's an expectation of it.
Or maybe it is around risk reduction because of a particular event, or there's certainly some critical mass to this market right now, as I'm sure. You know, and, and you're, you're actually a good poster child for it, with the diversity of your, you know, your, your speakers. But we really just want to help our clients go through this same journey.
We've got some hard lessons learned over the years of, of ways to do things and ways not to do things. And, and going back to my role of telling the stories, that's really what our team does is help, you know, help shortcut our clients onto the path that, you know, clients like Kilroy have done. How do you learn these, these lessons?
How do you take, you know, take a bite of the elephant one at a time, maybe it's attending a, you know, a bootcamp or, or one of your classes to get started or diving into a particular use case and figuring out how you enable it. But it's, it's pretty exciting. I mean, we've definitely seen some critical mass here.
I mean, but are a lot of our clients are going through that same journey. If you will, from let's [00:58:00] dip our toes in the water and just do one assessment or maybe five or a representative sample of the portfolio, and then build this into something that's going to live and breathe because we know. You know, the, the Pandora's box is open here.
We can't unsee what's happened. We can't not pretend we don't know about this breach or this ransomware, or, you know, the risk of this new technology. So pretty exciting times for our team. So we're just trying to keep up with our client's demand to keep rolling with this. So, great, great challenge. Love the fact that, you know, we have clients pressing us and, you know, Kilroy included.
I won't, I won't give away any Byron and Kilroy's secret sauce here on, you know, their strategies and their, their prioritization. But I think everybody in this market is kind of tackling it a little bit different. So that's what we're our job is to, to meet them where they are and really help them build out that program, whether it's around, you know, a smart building strategy or very particular managed service on a cybersecurity risk reduction efforts.
So fun to be in this space right now. I think we'd all agree.
James Dice: Yeah. 100%. Well, thanks to you both for coming on the show. It's fun to do a [00:59:00] little dual interview. So thanks so much.
Bayron Lopez Pineda: Cool. Thank you for having us.
James Dice: All right friends, thanks for listening to this episode of the Nexus Podcast. For more episodes like this and to get the weekly Nexus Newsletter, which by the way, readers have said is the best way to stay up to date on the future of the smart building industry, please subscribe at nexuslabs.online. You can find the show notes for this conversation there as well. Have a great day.
“We were lucky enough that early on we built a team that included facilities management, physical security, sustainability, and IT.
And we said, 'What are our common goals? Where can we reinforce each other? What are all stakeholders' needs and how can we solve them together?'"
—Bayron Lopez Pineda
Welcome to Nexus, a newsletter and podcast for smart people applying smart building technology—hosted by James Dice. If you’re new to Nexus, you might want to start here.
The Nexus podcast (Apple | Spotify | YouTube | Other apps) is our chance to explore and learn with the brightest in our industry—together. The project is directly funded by listeners like you who have joined the Nexus Pro membership community.
You can join Nexus Pro to get a weekly-ish deep dive, access to the Nexus Vendor Landscape, and invites to exclusive events with a community of smart buildings nerds.
Episode 72 is a conversation with Andy Schonberger of Intelligent Buildings and Bayron Lopez Pineda of Kilroy Realty Corporation.
We talked about Kilroy's journey towards smarter buildings, including how they started down the path to reduce cybersecurity risk and how their work converging networks has led to all kinds of benefits for the portfolio as a whole.
Throughout the conversation, Andy sprinkled in how the consultants at Intelligent Buildings have helped Kilroy and many other clients with setting the initial strategy for this journey and helping them get there along the way.
So without further ado, please enjoy the Nexus Podcast with Kilroy Realty and Intelligent Buildings.
You can find Andy and Bayron on LinkedIn.
Enjoy!
Music credit: Dream Big by Audiobinger—licensed under an Attribution-NonCommercial-ShareAlike License.
Note: transcript was created using an imperfect machine learning tool and lightly edited by a human (so you can get the gist). Please forgive errors!
James Dice: hello friends, welcome to the nexus podcast. I'm your host James dice each week. I fire questions that the leaders of the smart buildings industry to try to figure out where we're headed and how we can get there faster without all the marketing fluff. I'm pushing my learning to the limit. And I'm so glad to have you here following along.
James Dice: This episode is a conversation with Andy Schonberger of Intelligent Buildings and Bayron Lopez Pineda of Kilroy Realty corporation.
We talked about Kilroy's journey towards smarter buildings, including how they started down the path to reduce cybersecurity risk and how their work converging networks has led to all kinds of benefits for the portfolio as a whole.
Throughout the conversation, Andy sprinkled in how the consultants at Intelligent Buildings have helped Kilroy and many other clients with setting the initial strategy for this journey [00:01:00] and helping them get there along the way.
So without further ado, please enjoy the Nexus Podcast with Kilroy Realty and Intelligent Buildings. All right, Byron and Andy, welcome to the show. Can we start with you, Byron? Can you introduce yourself?
Bayron Lopez Pineda: Sure. My name is Byron Lopez Vinetta. I'm the operational technology manager for killer Realty. Under my supervision, we work on our building components and systems, everything from water detection to access controls, BMS is elevator and everything that helps operate the cure portfolio.
James Dice: Cool. And can you, can you talk a little bit more about the killer portfolio for those
Bayron Lopez Pineda: who don't? Nope. Sure. Kilroy is a developer asset manager, a REIT implementer. We have assets primary and west coast, everything from San Diego, Los Angeles, San Francisco, Seattle. We recently had an acquisition in Austin, so we're 40.
We're going into that market. Uh, But commercial classic real estate high-tech individuals and high tech tenants within our portfolio about 15 million square feet currently. And there's [00:02:00] a couple million more under development. Cool. So
James Dice: developer and
Bayron Lopez Pineda: occupier, developer, occupier, you know, landlord so a little bit of everything.
Most of our stuff, you know, we'd like to do ground up construction and then we'd do acquisitions here and there, but we maintain all of our sites directly. Okay. And how many sites? It's about a hundred buildings. So depending on who you ask, you know, a complex can be a building of eight individual locations, or I have measures, but individual sites about a hundred, 120.
James Dice: And I saw it when I was stalking you on LinkedIn. I saw you're a founding member of CCA.
What's the say?
Bayron Lopez Pineda: So it's a Cybersecurity Control Systems Association International. So the primary focus is to look at cybersecurity as it focuses on cyber security controls and control systems in general.
Right? So how do we look at threats and vectors of attacks and how do we make sure that the environment that we're putting into our buildings are better addressed? You know, how do we look at our BMS controllers? How do we look at elevators? Anything that operates and [00:03:00] controls the building layers and security around that, right?
Most of the time people forgot that these components added internet connection or were able to be logged onto and control your buildings. So you have to make sure that you have some securities around that. So we try to push forward the idea of cyber security control.
James Dice: Cool. Yeah, we're going to talk a little bit more about cyber security in a minute, and we'll put the link to that organization in the show notes for anyone that wants to dive deeper.
All right, Andy. Welcome to you. Can you introduce yourself?
Andy Schonberger: Yeah, thanks James. First time caller, long time listener. Thanks for having me. I'm Andy Shaundra. I'm a VP of client services at Intelligent Buildings. My job is really chief storyteller. I really take lessons learned from our clients share them, I'd say anonymously with other clients and really help them try and figure out how to advance their smart building program and with one of our lines of service.
So we do advisory services site assessments and managed services, [00:04:00] and really intelligent buildings is really the only company focused on those services at scale and nothing else. So we're not an it company. That's Johnny come lately into the real estate space. You know, we're, we're not an engineering firm that has, you know, expanded into the analytics space if you will.
So this is the only thing we've been doing for 17 years and commercial corporate institutional real estate for clients like Kilroy as an example, My day-to-day job involves trying to map out our client's needs and map it to some really smart folks on the backside of our operations to enable all these services.
So I get to have a lot of fun, a lot of other smart people do all the real work I'd say. All
James Dice: right. Well, very cool. Well, we'll get to give a shout out to Eric Larson. Who's on your team that kind of set this up. He's a member of the nexus community. So shout out to Eric. Thanks for getting us started here.
And Andy, while I was stalking you, I saw you or a board member of, of a green building council chapter, which is something we share in common. So you were in Toronto around the same time I was doing that same thing [00:05:00] in St. Louis. So that's a, that's fun work is like engaging the local community around, you know, the idea of, of greener buildings.
How, how has that experience for you?
Andy Schonberger: It's great. Still really engaged with, with the community of. Stakeholders and that whole ecosystem here in the Toronto market, I'm a green building dork by trade, I would say so energy manager, I'm really used to the idea of getting into clean tech and hurried buildings to get me out of my former life, which was in steel production, which was dirty or let's say.
And yeah, I really loved the passion of that community and, and it led me into the smart building space because so many of the technologies that I was having fun deploying required networks required more security. And you know, I wound up learning the hard way, how to break or sorry, how to fix building systems based on wanting to write new code myself or not wanting to call my peers in it for help to connect a new meter and then taking down a sub-net and [00:06:00] doing things absolutely the wrong way.
So there was an organic journey coming from the green building road, I would say, into the smart building world, but you can see there's quite a few times. The two of them.
James Dice: Yeah. And that matches my experiences as well, breaking stuff. And then hitting roadblocks and wondering why are those roadblocks there?
And then going down the rabbit hole to where we are today. Cool. That's fun. I think there are a lot of people that kind of share that, that background wanting to enable something and realizing why it's not working. And then. Figuring out, you need the infrastructure to support that, which is a great segue into our conversation today.
Um, Oh, cool. I want to hear from both of you on sort of your work together in the Kilroy portfolio who wants to start on kind of the origin story of you guys working together?
Bayron Lopez Pineda: Um, I guess I'll take that Andy. Cause I mean, we were the, the customer at that point, right? So it, back then, you know, there was a bunch of hoopla about target hack and people getting tagged and [00:07:00] infrastructure and information.
So we really saw it as a brand. You know, what do we need to do in order not to be targeted or not to be hacked? Right. So we looked at, you know, IB intelligent buildings as the leader in the market to figure out where are we lacking? You know, we know our infrastructure is great. We have a great corporate it team who has had this infrastructure in place for 20 years on the corporate side.
But the building was really lacking, right? Most of the time engineering facilities management ran the sites, they leverage our vendors and they were doing a great job, but you know, security wasn't at the front end, right. They always thought about, you know, efficiency, how do we make sure that people are getting what they need, that the buildings operating 24 7 and being able to access the site whenever they need it.
So that meant. Building a DSL line from at, and T whoever connecting it to the BMS system or the lighting controls or the elevators and just saying, okay, cool. That's what we needed to do. And we really weren't quite sure what we had. So we went out and we found intelligent buildings to help do an assessment.
What was our state, right? Where [00:08:00] were we compared to the rest of the industry? And we found out that we were probably at the same level as most of our peers which was very early stages at that point. Most people hadn't thought about buildings and the cybersecurity threats that they had. They knew that they had something, but they weren't quite sure what that was.
And intelligent buildings helped us kind of identify those points so that we can go back in there. Establish a policy of a converged network, establish a policy of how do we work with our vendors and then build that foundation from there. So it was the initial steps of, you know, what we call now, our operational technology team, part of the it department, it was a role that was created.
My role was created as part of that assessment. And then we've let that internally to grow, make that part of our kilowatt standard part of our new developments or sustained portfolio, and then making sure that goes forward. So the seeds were initially, while those people got hacked, let's make sure we don't get hacked.
And then how do we make sure that we stop that from happening and what our risk appetite was?
James Dice: So, so it sounds like the initial impetus [00:09:00] was cybersecurity and then the IB team kind of zoomed out and looked at things kind of holistically. Is that how it worked, Andy?
Andy Schonberger: Yeah, that Byron's right. It really was.
Hey, let's, let's look at a building and see how bad. Um, and And that's a pretty common starting point for our clients is I don't think nowadays they may have actually had a breach that that's a lot more common and that becomes a driver to, okay, how bad is this really? And what can we do about it? But almost always with our clients starts with, let's do a deep dive assessment.
Let's get someone who really knows the building systems and the vendor ecosystem, and can go through and connect to these systems and see what they're connected to. What are they talking to? How are they configured? How are they being used and scare some people in the organization a little bit with what could happen, you know, because some people still to this day think, oh, it's if they could change the thermostat.
So what, you know, there's still a bit of that ostrich head in the sand, if you will. So you know, that first assessment is really a catalyst to building out a pro. For, [00:10:00] for many of our clients that becomes, okay, let's look at a sample of the portfolio now, because maybe we differ by region or by investment partner or by asset class or by, or keep going.
And then usually what happens is, is where we went with . With Byron and team is to bring some planning and policy, like, how is this going to work as a program? What are we going to tell vendors that they must do? They shall do? What are we going to build for a playbook for us internally? So, you know, what is barn's job set compared to what is the, an outsource it provider or an OT vendor provider?
And what are we going to build into contract language on services for risk reduction? What are we going to require from an insurance perspective from our vendors? You know, all of these things change as a result of having your eyes open from a couple of these assessments typically. And so that's where we went with, with, with Byron and team and with a lot of our clients do is building out that, how do we now manage this now that we're aware of these risks?
The, so what is, is those next steps.
Bayron Lopez Pineda: And the procedures, if I may add, to think as technologists as it, individuals, we [00:11:00] have an idea of how a network should be ran, right? We know that we should be doing scanning and policies, but that may not work for a facility, right? You, you run a scan of all the end points.
You might break something or you might lock up a network and Nope, it devices and IOT devices are different. They might both have it, but that little Ole in the middle makes things sometimes very difficult. So you have to figure out that, you know, the policies from the it side might not apply to the building.
And how do we then go ahead with that? How do we tweak our policies? How do we make sure that they are adjusted to meet the goals and ends of the.
James Dice: So it's a dedicated operational technology specific team that sits inside of the it team.
Bayron Lopez Pineda: Exactly correct. So what we do is we work with all of our, our teams, right?
Everything from facilities management, to property management, to cybersecurity, physical security construction. So we basically provide the it OT services for all the different teams within the organization. So if they, [00:12:00] you know, if construction is looking to put up a new site together, we help with the design, the cabling, the allocation of resources, what vendors should we looking at?
What should we deploy? If it's physical security, they might want a camera that does this, that and the other. Right. But we might know that, you know, there's certain vendors who meet the standards, need the policies, have that infrastructure in place. So we'll be able to work with all of them, review their proposals.
If let's say an BMS vendor comes back and says, you need a, a server. Okay. The facility guys are their wrenches. They're very smart guys, right? They can execute and operate a building a hundred percent, 24 hours, but they're not it guys. They can't tell you if that's a correct operating system for a server, what the IP address is should be.
They need a resources. And that's where we come in and say, look, we will be that resource for you internally. If you need anything, let us know. And we will help you navigate the crazy world of IOT and OT and it converging together.
James Dice: Cool. So. Let's zoom in on a piece of the [00:13:00] sort of roadmap that you guys put together back then, which is the network convergence, right? About what, what that entailed and what the goal was there.
Bayron Lopez Pineda: Sure. And for us, it was people who had convergence and sometimes there's two approaches to it, right?
There's a convergence with your corporate network, right? Your file shares your servers, your day-to-day operations, and converting our two facilities. We did not want to do that. We wanted to make sure that we kept those air gapped, right? Our, our it team has put together an infrastructure over 20 years.
That's amazing. Right? So we didn't want to affect them. What we did is we converged to the building, right? BMS, lighting, controls, access controls, water detection, all those dispersed networks within the building and converts them into one. Right. And the past you would see that there was. Or DSL. And since you had four different systems, why is that needed?
Right? Why don't we just consolidate to one network, make sure that that's managed accurately through, you know, a firewall to manage switches in converts those devices into one. So, what we did [00:14:00] is we essentially created a secondary corporate network for the building itself that was converted. So now we have multiple villains, multiple subnets, right?
You have different firewalls, controlling axes. You have the removal of those third party, you know, team viewer and logging in solutions and converse that so that we manage the connection. We have a active directory, we have a domain controller specifically just for that outwork we're in the past, it was just Willy nilly, whoever came in.
So we converged to build the network itself into one. And then we can scale that up with an SD wan and pieces. Okay.
James Dice: This might sound like a stupid question, but it just came up to today on LinkedIn. Well, I brought it up on LinkedIn because it was something related to an article that someone wrote.
Why did you decide to do it that way? And the reason I asked that is because there's a subset of the industry that says, oh, just leave it up to a contractor. They're going to put this in for you. Why did you decide to take ownership and responsibility and [00:15:00] have one, one network that might sound like a stupid question, but I think it needs to be explained.
Bayron Lopez Pineda: Well, if you historically think about it, it's been managed by third parties, right? And when you are not the one responsible for that on a day-to-day basis, right. Contractors can go from one job to another. Right. But we want to be employees of killers. Okay. Our team wants to make sure that we were proud of our buildings, right.
We're part of what we've worked on. So we feel like there's more control and we want to be able to manage it better. So for us, that was the only way we would really want to do it. We did use vendors in the past, right? Each BMS vendor was managing their own network. We told them, look, we can take over that because we have the expertise to help you.
We also wanted to be more proactive in the buildings, right? Because when something goes down, it connects Ethan, your Jack it's it, it doesn't matter if we manage it or not call it, it's it get Byron or get whoever on the phone. It's their system. Even though we might not even know that it was there. So this way we can have some control, not be blindsided by issues, and then be able to dictate where we're going, as [00:16:00] opposed to following what the vendor says and saying, oh yeah, okay.
They said this was the best practice, but now this way we have more control and we're able to be more proud about the work that we do. Right? Totally. And
James Dice: Andy, from a PR perspective of all your clients, I'm sure that you guys are having this conversation all the time with whatever subset of vendors that serving your clients.
How does that conversation normally?
Andy Schonberger: It really does come down to risk and control because inevitably, you know, lieutenants, or if you're an owner occupier, you know, the users of the building, you know, they still are going to point fingers at whoever's got their fingers on the technology. And it doesn't matter if the vendor was controlling it or not.
You know, it's somebody inside the company who owns the, the system end of the day is going to have to fix it. So that there's certainly an appetite for that risk reduction of, of some investment in time and effort of folks like Byron to, to get further down that road. Now where the arguments come in, I think is on, on what convergence means and how far do you go?
And, and, you know, because our industry has done a great job of selling [00:17:00] the benefits of, you know, a fiber backbone and, and, and, you know, copper across the floor plate or, or various, you know, fiber strategies or what have you, in some people in our industry, think that just means massive dollar signs all over the place.
And so, you know, there can be investment criteria to go over to justify, you know, that type of investment or. Convergence can just mean control of the entry into siloed building networks. So, as an example, we, you know, we have plenty of clients, existing portfolios who still just like, just like Byron and Kilroy, want to get that risk reduction down for people accessing the building, but they also don't want to have to throw six or plus figures at, you know, a building network convergence program, if you will.
So, okay. We just need to control egress. Now we need to make sure that remote access is managed for example, and we need to have an enforcement mechanism in place for. For vendors around their cybersecurity, best practices and maybe a bit of a hammer, you know, in case they don't comply. And maybe there's some things that we want to take off the vendor's plate, like [00:18:00] backup with building systems of, of managing antivirus on servers, because that's not their core expertise.
So we're going to act as it for OT, for operations technology. So that is certainly a trend that we've seen to the point where we've built a practice to support clients, because, you know, they, they have aspirations of doing what the Kilroy OT team here is doing, but they don't have the resources yet. So they want someone who can act as that single throat to choke, to, you know, keep the vendors from running a muck, if you will, or just keeping them focused on what they're really good at and providing this as a service for them.
So we've actually, as this has evolved over the last five years, have built this up as a practice to offer that as a service. Because of the need in the market for it. So long way around answering your question, never about just network convergence, but you know, the idea here is to help each client to find exactly what it means to them, without it requiring a blank check.
But to get at the, the same nut that Byron and team have cracked, which is risk reduction and ownership of these systems.
James Dice: Yeah. W [00:19:00] where, what I was trying to convey by posting this on LinkedIn was that every organization is going to have a different playbook, a different answer here, depending on the staff, depending on the funding they have, depending on the existing situation.
So yeah, I love hearing this. It sounds like you guys have figured out what, what your unique approach to it is going to be and your unique roadmap, because like you guys said, It doesn't sound like everything was exactly how you wanted it to be when you, when you created the strategy. So now it's about a roadmap to get there over time,
Bayron Lopez Pineda: correct?
Yeah. We wanted to lay that, lay the foundation, right? We can't rip out access controls. We can rip out BMS replacement equipment. You can't rip that out. Right? If you buy a building, you're not going to retrofit for exactly hundreds of thousands of dollars, but you can do is you can lay the foundation that controls those pieces.
Right? You can say, how do these devices connect to the internet? How do we control people coming into the systems? How do we [00:20:00] control connectivity? You can standardize the pieces above that, right? Cause there's multiple layers to our BMS, right? There's different layers where you can place yourself in there and add controls to the systems without.
I mean, and without causing too much of a financial impact. And then you also reduce your attack vectors, right? If you had four different systems that were all open, now you might reduce that to one attack vector, right? Cause you're, everything is behind one network. So when people say, well, look, it's probably not smart for you to do that.
Well, you know, do you want to have four ways to take an attack to you or one way that you can manage that you can reinforce and you can bunker down on, and that gives you a much, much better solution than you don't before. So that was our idea. How do we hunker down? How do we, or the core, right. And then how do we then grow from there?
How do we make sure we establish the policies and make sure everybody's playing together and on the same infrastructure and then leveraged from there.
James Dice: And then obviously new developments are being created. Exactly.
Bayron Lopez Pineda: Exactly. So, yeah. So that's part of the development project. We [00:21:00] now work with our construction team and say, look, this is a matrix of approved security devices, right?
These are the vendors that we know will provide good resources, good equipment, things that meet our standards. We can leverage in costs, right? Because many times when you look at construction, there's always a cost evaluation, right? Many times as a subcontractor, they get selected might not be the best might not be the cheapest, but there's somewhere in that cost bracket that might be towards the end.
Right? If you can say, look, we can get your solution that is near the top of the charts for a much lower price, because we are now using it across a portfolio that makes it easier for them. And they don't have to go out there and renegotiate and rethink about this. We tell you, this is a camera used to choose this.
We are, the servings should be selecting, let's get deployed and working. And, you know, we'll get involved with the deployment of the copper, the complement of the fiber, where should we be putting IDs? Where should we be putting our switches? What should the home running where, you know, you're talking about 900 feet of cable, are you sure he can run that?
Right? Copper has a [00:22:00] 300 foot limit. So you're talking about 900 feet. Should we put something in between there that, you know, it's going to boost the signal? So those are the pieces that we are not part of. So when our team deploys a building, it's hopefully at the best standards that we've produced.
Totally.
James Dice: Tell me about, like for the average existing building, you guys have a hundred, a hundred buildings, average existing building it, it started off with maybe a couple networks, probably OT, a couple of redundant networks, a couple of systems that maybe needed to be connected and probably weren't connected.
Right. Uh, Tell me about how that, how a building started and then how it's going. Like how like, well,
Bayron Lopez Pineda: it started with Fred Gordian scaring the heck out of us. Right. So he went and did an assessment and he said, look, look, look, look. And we're like, wow. Right. So I always credit Fred with, you know, starting this adventure for a lot of us.
Right. He's, he's a great resource. And you know, I've, I've trusted his wisdom over the years, so that's how it first started. Right. You need somebody to kind of like that [00:23:00] fire and not necessarily for us. Cause we kind of had the idea, but for upper management for him to be able to go and tell something like this is what I've found for your building and this is what we cause they're the ones who are going to put the money towards it.
Right. They're the ones who can do. Here's the check that you need to do, go fix it. So it started with him. We did the assessments and we figured out initially, we're only going to do our BMS, our HVAC, and including right. Heating, cooling for the building. As people got aware of that, they're like, well, look, we have a lighting controller that connects to this.
And then physical security said, well, we have cameras and servers. Can we tie that into that? And then water detection. So it just grew from there, right? We opened the can of worms and it just exploded. And now basically every building system, every operational technology system in the building goes to us, right.
Or we try to go through us, right. As much as we can. There are some things where, you know, it might not be on our network or it has to be on a security network or by required it just to be completely offline, just cause you know, there's requirements. But we try to work with all of our teams to figure out what's the best approach for them to then [00:24:00] reinforce them in the van.
But it started with just let's look at what our HVAC is doing. And then from there it exploded and, you know, taking those networks and making sure that we can connect them down.
James Dice: Well, correct me if I'm wrong. Both of you, a lot of times this conversation starts from an HVAC standpoint, right. And
Andy Schonberger: then it's pretty common.
James Dice: I think what we're seeing today is like, there's like, as my friend, Joe Gasper, Doni likes to say there's like 35 different types of systems that could potentially be connected. You know, Peloton likes to systems to, you know, connected coffee makers,
Bayron Lopez Pineda: everything, everything. It's just about you figuring out what the appetite is.
Right. You know, Do you spend hundreds of thousands of dollars to connect the coffee maker, right. Is that something that's within your strategy? Maybe not. Right, but what about your lighting controls or your HVAC or your elevators, right? Yeah, probably those pieces you need to do. Right. So you also have to be strategic within the building and say, these are probably the core items, especially if you have [00:25:00] a tight budget, right.
Or if you have a restriction or you want to set certain goals within a certain timeframe, you have to be strategic because if you're telling people, yeah, we spent, you know, two K on connecting the coffee maker, then maybe they're going to look at you and say, maybe that budget should be going somewhere else.
But if you're able to tell them that we have better resources, our engineers can work on our buildings from anywhere in the world. I've actually worked on our access control server, sitting over Waikiki beach. Right. If you're able to then leverage those pieces for our sites and give that technology towards systems, then it's, it's, it makes it functional.
If you're just saying let's connect everything because that we can, then that's a different approach.
Andy Schonberger: Yeah, James, that's pretty common for our clients too. I mean, with a lot of you know, those that work deploying these services for, it usually starts with what is the, you know, what is our biggest bang for the buck?
Because it's inevitably, this is a bit of a change management effort too. And if you think about you know, a REIT, the, you know, distributed property managers with various levels of expertise, sometimes the chief engineer on site, sometimes [00:26:00] it's remote person. Sometimes it's completely outsourced or FM is outsourced.
It's just, it can be fragmented. So you have to build it as a program and kind of roll it out and keep going. But almost always the, the, the BMS is the kind of catalyst, because it's the most number of points. It's usually the one that most impacts daily operations for comfort or for energy. And so there's usually a let's lock this one down first and then, you know, like, like Kilroy scale from there.
And, and sometimes you have clients who, you know, they'll say security, like, for example, the. Parking security and parking management. That's completely outsourced that network is separate. It's got credit card information. Nope. Not in scope. No. One's just going to leave that for now. Don't catch it right.
Or, or, I mean, we have clients with large campuses where the physical security is handled in a security operation center, and they're already pretty Batten down from, from a security perspective, cyber security as well. And, but, but they don't want anything to do with, you know, the, the BMS or the meters or the, you know, the, I dunno, the demand limiting system [00:27:00] or, you know, keep going.
So we kind of have to look at. How bespoke these buildings can be. You never building as a snowflake, we beat that phrase to death. And look at what, where's your biggest bang for the buck in terms of the program and scaling it out with this ecosystem. We're all dealing with.
Bayron Lopez Pineda: Yeah, we were lucky enough that we early on built a team that included facility, master physical security, sustainability, and it, and we said, what are our common goals?
Where can we reinforce each other? Where can we work on projects that you know, many different teams are spearheading where they're spending funds that are similar to each other. And we can be leveraging that towards infrastructure. We would all use it. So we've got great feedback from our head of engineering, our VP of physical security, what are their needs and how can we solve them together?
So that's kind of helped us. And that's a big item that tell people that always do it right? Bringing in all your stakeholders, because you never know, they might be willing to work with you on every single project that you have, or might I know the channel policy going
Bayron Lopez Pineda: on and they're willing to jump in place, right?
Our security [00:28:00] officers, they're great security officers. They patrol, they keep our building secure, but they're not it people, right? If you tell my, you know, our physical director or director of physical security or one of our regions, great guy, right. He knows his stuff, but he's going to tell you that he's not a, a windows guy.
He's not a server guy. He doesn't know what that is, but he can rely on us to give him that information and make his job a little bit easier.
Cool. As long as he's not doing what I did in my past, right. By her and uh, plugging something in and taking a network segment down.
Yeah. Yeah. And they, and they know that now.
Right. They know that we're going to connect something. We should probably check with Byron or his guys and say, does this work, or does it not work? Or we have a point down, can he check the network to see if we can check the logs and see, where was it connected or, you know, without us having to trace the cables all the way back.
So it's resourceful both ways.
James Dice: Cool.
Hey guys, just another quick note from our sponsor nexus labs. And then we'll get back to the show. This episode is brought to you by nexus foundations, our introductory course on the smart buildings [00:29:00] industry. If you're new to the industry, this course is for you. If you're an industry vet, but want to understand how technology is changing things.
This course is also for you. The alumni are raving about the content, which they say pulls it all together, and they also love getting to meet the other students on the weekly zoom calls and in the private chat room, you can find out more about the course@courses.nexus lab. Start online. All right, back to the interview
Well, let's talk about paying for this. So obviously taking a hundred buildings and completely changing them over to this new standard is not feasible from a capital expense standpoint, but doesn't this start to pay for itself over time. Once you start to get more efficient and how, how does that happen?
Bayron Lopez Pineda: Yeah. I mean, it's, it gives you the opportunity to start leveraging the technology. Like I gave you the example, right? We found that some buildings had multiple internet lines. Right. And for some people, those might be small dollars, but let's say you're paying. A hundred bucks a month, right? Because you have four different Interlines.
If you would do sets of 500 [00:30:00] bucks, right. Or a security aggregation, right. Security operation centers. If you start to point security operation centers, maybe you can leverage down or reduce the amount of officers that you need out deployed in petroleum because you have a location where everything's in scene.
So in the long run, it makes it more efficient. It makes it more easy for a building to deploy systems. And then we can also take a look at contracts and say, look, this tech, this vendor is charging you for a server. That's going to. I by the end of this year, you're going to have to replace that right after.
So you're going to have to pay him again. Let's just do it right the first time we only pay one time and that device is going to last you for a while. So it allows us to scale up. It allows us also to replace equipment because now we have an SD wan, right? So let's say a server dies somewhere and we really didn't need that server for some reason, or it was just a legacy component.
Now we can say, look, we don't have to replace that $40,000 piece of equipment. We can leverage the wider network area. We can then point those points towards our data center or cloud and [00:31:00] bypass equipment altogether. So we can now have a little bit more control and make it a little bit leaner. Cool. Andy, anything to add
James Dice: from the client?
Andy Schonberger: Yeah, I mean, there's, there's obviously done, right? There's there's cost efficiencies of consolidating egress points, things like that. But a lot of this is cost of. This is risk reduction. This is, you know, you don't want to have to spend, we had a client have to spend $90,000 rebuilding a BMS because it got ransomed and they didn't have a recently.
You know how much, you know, that the cost of a service to maintain a, a, you know, an incremental backup is peanuts compared to that downtime and lost productivity and, you know, even mechanical damage that can happen with some of those systems when they're not properly controlled. So you're trying to avoid some of those things.
You know, with the services or with a group, like Byron's helping you take care of them, then you're avoiding the possibility of those costs or, you know, the worst case of a tenant evacuation and the productivity loss there. Or, you know, Byron [00:32:00] mentioned, we actually have an example from a client exactly that happening.
Thousands of devices getting knocked off because of it saying, oh no, we can do a, a penetration test or sorry, we can do a scan on these devices and look for abnormalities. And now they had the, the labor required to go and manually reset a thousand devices unplug them and plug them back in basically to get them to come back online because the best of intentions, like those things are expensive.
And the more technology we put into our buildings, because we're certainly not putting less in nowadays, you know, these things are going to happen. So it's, it's, it's risk avoidance in a lot of cases, I don't like telling them the doom and gloom stories because it's, you know, this shouldn't be a fear thing.
You know, real estate is the owner's manual managers. Developers are really keen to reducing risk that, you know, on that net operating income. And that's what this is, is, is a risk on that. So as long as you can build a program and think about reasonably deploying phasing things like we just talked about it doesn't have to break the bank.
You're not, you're not going to dramatically impact analy done, [00:33:00] right? I mean, of course you can go and throw money at a problem. But if you look at this right to manage the fragmentation we've got here and look at your biggest bang for the buck, you can reduce that risk without it breaking the bank.
Bayron Lopez Pineda: Cool.
James Dice: Let's talk about the, I mean, you guys have taken the stance that is different than that article I talked about on LinkedIn, which I'll put in the show notes, which is we're going to take responsibility
Andy Schonberger: for our own network.
James Dice: Right? What do you think is required from a personnel and skills and team standpoint in order for you to really, really take that full responsible.
Bayron Lopez Pineda: It's interesting. Cause we just actually hired another guy to be on our team and it took us forever just cause the, the skill sets out there are not really on the OT side. Right. And the way that I, I would present it to people is it's it, but not traditional it. Right. You're still going to have networks.
You're still gonna have infrastructure. You're still gonna have end points, but they're not going to be the same way that you manage a, you know, a corporate [00:34:00] infrastructure, very similar. But you know, if you take something down in a building, your elevator start running, right, your, your stop running, your HVAC stops running.
So there's different things that we have to be more addressed. One of the big success successes we've had is our facility guys who are younger, the computer, the computer guys, right. Who grew up gaming, but we're really into like the building facility sites. So those are the guys that really get, how do we network their meters in?
How do we make there be a message more accessible? How do we control the lighting systems? Right? So those are the kinds of roles that we want to look at the engineering guys who want to either grow their careers into technology and technologists and facility management and bringing the it guys into the infrastructure as well.
Right? Because many times they have no idea of how it's done, right. I come from a technology background, I've been doing it for a while, but you know, I was lucky enough that early on my career was deploying infrastructure and deploying IDs and in construction areas. So this kind of helped me segue into this role.
But many times the it guys are happy [00:35:00] being stuck behind the systems and just, you know, Plugging away at a computer. We actually have to go into the buildings and get dirty and start taking cables around and does not to any equipment, which is exciting. So you have to find something in that balance.
I know Fred has been talking about, you know, certain certifications and stuff that would be great to see, but right now, if you go into the schools and you talk to them about the building side of it and physical security, it's not really there. People are just, you know, when I was in college, I never thought I was going to work for real estate company.
I, you know, I thought I was going to go to the big boys and playing technology and engineering, but here I am doing technology systems are cutting edge and leading our industry. So it's, we have to make it a little more sexy for people to consider getting into these roles because they're not they to see the bill didn't really understand.
They know that an architect design is a civil engineer, built data and mechanical guy put it into the mechanical components, but all those guys are tied in by the infrastructure and the backbone. And that's the technologies behind it. I think that's where we need to really [00:36:00] go and say, we have to push people to go onto this.
Andy Schonberger: I think we we should have asked Fred Gordy to be on from intelligence side is just keep talking to him about him. Like, he's the godfather, actually. He really is the godfather of cybersecurity and building systems. But I I'd follow up Byron's note there because it is certainly a challenge for this industry to tackle, you know, this, this technology skillset.
And there is a lot of opportunities for this. I mean, we were talking about this in the show, prep James we're hiring because we're, you know, this skill set is in demand. So what, what we've tried to do with our services is build them. So that we're the easy button for clients. If they don't have the time to build out that program and, you know, upscale at, we can, we can help them through that journey.
You know, whether it's for a year or two years or three years until they spin up a team, like, like Byron's, that's, that's the whole reason that IB exists is to fill this gap in this industry. So, but it is certainly a challenge we've been working with. Some of the community colleges, if you will on, on some of the programs on, on building cybersecurity curriculum about [00:37:00] control systems.
So, you know, we have these, you know, kids coming out of college, learning about, you know, the latest and greatest from Johnson or Honeywell or, or the Niagara framework. And we want them to have some be versed in cybersecurity as well, one as a source of, you know, a skill in this industry, of course, but also because then the whole industry has moved, you know, moved forward.
But, you know, we're, we're certainly dealing with that challenge. You can't expect, you know, an asset manager or your average facility manager to understand the NIST framework. It's just, that's not fair. They weren't trained that way so we can bring them along the journey, but we can also provide the services for them on a very targeted way where, you know, you don't expect too much of them or the vendors.
Cool. And then when you,
James Dice: when you kind of coach your clients on putting together that team, what do you recommend they have in place when that teams put
Andy Schonberger: together? So we're really building that out as a playbook. Like we do the very consulting, ease things, you know, build out a RACI model of who's responsible, who's accountable.
Who's consulted throughout the [00:38:00] organization. That is very much dependent on how the organization is structured. You know, to Byron's point, we do our best to bring all those stakeholders involved. You know, the, the physical security of the construction folks that, you know, get all their drivers. I mean, we know quite a few of them, right?
I mean, Byron working with construction folks, you know, they want help on technology and they don't want him to increase a schedule or add any cost. So we know that we know the typical drivers of these folks, but we wanna make sure that they're, you know, along for the journey and understanding how they can you know, pull from this operating model, how does it affect them?
Where should procurement include language in, you know, issuing a, an RFP, for example of cybersecurity requirements versus what does MEP need to know, building a new building and writing a division 25 for Kilroy. You know, those are very different things you know, in this organization. So you have to understand.
The whole life cycle of the building from how, you know, coming out of the ground right through to we're selling it, you know, at some point down the road. So it's, it's not a simple thing, but it is a knowable thing. We've been, we've been working at this for [00:39:00] 17 years. So, that's what the godfather, Fred and team have done is built this out so that it can be consumable as a playbook.
And then you have all those folks kind of knowing how to take advantage of this and, and, you know, do better instead of just pretending there's no problem here.
Bayron Lopez Pineda: Yeah. And James, if I can add one thing again to the kind of the workforce, the other thing is too, as you're coming in, ask questions, I've seen a lot of the people who I've talked to on your podcast, they're always looking to share their ideas, share their information, their experiences.
That's one of the great things about being kind of in this field, right? You have people like Andy and the team over at IB who are always willing to do. With what other, but also just look to the resources. Everybody always wants to share information, learn from each other. And even though we are competitors, right, we are working towards, you know, getting somebody else's leads to come over to our list.
Cause that's the nature of the business, but we're always looking at each other's backs. We're always looking at what are you doing from a technology standpoint? Okay. This is what I'm doing. Where can we leverage each other? Or you're [00:40:00] having difficulties with this vendor? Oh, me too. Let's work together.
So being able to ask the questions, like one of the things I tell the guy that we just hired is just ask any question. You come from an it background system engineering. Ask me any questions on the building side of, I don't know, it will ask our building engineers. If they don't know it, we'll reach out to somebody else.
Just be willing to learn. I will send to, you know, physical security conferences, right. Where I'm looking at bowlers and looking at, you know, Jones and all this stuff. And it's like, okay, cool. It's part of the role, right? You're going to see these pieces, right? We've sat at locations where they're showing us new cameras.
And so is showing us how far it can go in mile long. And necessarily for me, it's not what I need, but it's something that I can have in the back of my mind in case our physical security guys asked us for a solution. So be open to taking them, certifications, anything that is dealing with the building and just, you know, going from there.
Cause you never know when you're going to use it.
James Dice: Cool. Yeah, the work, the workforce side of things is something that the nexus community has been digging [00:41:00] into a lot more. We did an event on it in July, I think. And several members have joined recently and their number one focuses on these types of workforce programs.
So it's definitely a huge bottleneck for everyone and we gotta do what we can to, to remove that obstacle. Well, cool. Let's talk about when the policy set up strategy set up long-term roadmap set up, you start to get these systems connected to the same network. What does that enabling? And I'm thinking of it in two buckets, one is how does it enable you to manage all your subsystems better?
Right. And then the second thing I'm thinking of is like, Applications, what technology does it now enable because your data is available and it's easy to integrate stuff and that type of thing. How do you think about those two categories?
Bayron Lopez Pineda: So, I mean, it really enables you to look forward to new systems, right?
Because you now have legacy you've, you're replacing legacy components that maybe we're not capable of, you know, passing traffic quickly enough, or you had [00:42:00] switches were never managed. You had conflicts of data right now. You're putting infrastructure in place where you can go and do, you know, high visibility cameras or AR analytics and the cameras and the devices.
You're able to pull data quickly from your building systems. If you have IQ and analytics right before we've had people who walk around and not just us, but the industry is walk around with a little meter and looking at, you know, how particles are in their houses. Now you're able to leverage that for all your buildings from.
And say, oh, this is the trend for the past 30 days, 60 days, 90 days. And you didn't have somebody on site. So leverage you to be able to deploy the technology. You're able to start cutting edge systems. And a lot of our tenants are, you know, high technology companies. You have to keep up with them, right.
And not just us, but in real estate in general, you have to keep up with their needs. So contact lists, right? They contact us, push, you know, being able to call your elevator directly from your cell phone. People want that, you know, they don't want to touch anything. So they want to come into choosing this device and not touch [00:43:00] anything or anybody and just get to their spaces they need to.
So that enables you to have those technology sentencing systems, right? Because you know, if you're looking at 4k cameras, it doesn't matter if your cameras are 4k, is which is our, you know, very slower, you know, things that you bought at best buy. You know, if you're not have gigs switches and you're not really doing much with it.
So I think enables that in terms of technology and systems,
James Dice: What are your thoughts on Andy?
Andy Schonberger: Yeah, I mean, that's, I would say what most of the industry knows us for is helping strategy, you know, strategize, establish what your use cases are, figure out how that maps to your systems understand, you know, the design guidance required, you know, to get that into a project or a site assessments.
This has been our bread and butter for years. So, you know, we, we've spent a lot of time, you know, helping clients scale out fault detection, diagnostics, or look at the next level of integration to work orders. And, you know, late lately it's a lot of tenant applications and amenity, you know, things. So instead of just operational efficiency, being more experiential, but the key to all this is understanding what [00:44:00] conductivity is.
And isn't a good idea. And, and you know, how you want that managed because going back into my, my former life, there was plenty of clients who just said, no, we're not doing that because it sounds. You know, like you you'd get the the it folks saying, no, you're not connecting to a cloud service because I don't trust how you would get.
So just flat out, no, I don't care what you think you're going to get in terms of an ROI. And so you'd bang your head against the wall, or maybe just, maybe it's just me. But so what we want to do with, with strategies like this is de-risk that so that you can now think of those top, we've actually categorized the top 20 use cases that our clients have been consuming and they aligned directly with what Byron was just saying around, around analytics, around frictionless entry, into buildings, around understanding indoor inventor, environmental quality, or getting into the, you know, the, the utilization data or the, you know, having the elevator management system integrated into, you know, a unified interface, all the things I know you covered a lot of detail, James, and then a bunch of your other podcasts.
But what we want to do is make sure that. [00:45:00] When we come up with those strategies or talk to the leasing team about how much that would differentiate the property compared to the one across the street that on the backend, we've done all our homework and everybody who is going to connect and maintain, operate, and continue to manage the change of those systems is aware of how this is all going to work so that there's no extra risk and not just it gets hacked, but is it going to work?
What happens if the internet goes down, where does the finger get pointed? You know, on, for example, on our, our, our managed services, you know, we've had a client call and say, Hey, your remote access is, is, you know, management for us is not working. And, you know, we look at the system and we're actually know you're an it service provider that the, the link has been going up and down every 30 seconds, you need to call them.
We're standing by ready, you know, call us for support. But look here, here's the data. So now we can make better decisions based on all that, of how to keep. You know, admittedly more complex systems up and running. We're not just opening windows anymore. And now we're Byron's logging in from Hawaii to make sure that, you know, the, the systems working [00:46:00] properly.
So that, that complexity, I don't think is going anywhere. It just needs to be managed. And so that we can enable all these use cases. And heck, I don't know what's coming a year from now, but we certainly want to be ready to have a secure connection to some cloud service. Some AI engine, some data lake from a client, some digital twin, all of the use cases you cover in extensive detail, you know, in, in your series here, we want to make sure that we can say yes, you know, but understanding how that whole life cycle is going to work and not have to bang our heads against the wall with a no from it, because it's just too
Bayron Lopez Pineda: risky.
Yeah. And that's one of the things I think that we reach a lot now, right. As we get requests and when you're leasing many times you to say yes to everything, right. And then lease it first and then we'll figure it out later. We're lucky. After we have the infrastructure to say, okay, you set that. Okay. We probably would have said yes, right off the bat, but we can probably make it work.
All right. We could probably get you to do what, whatever you were asking for it, which then makes our tenants happy. Right. Or there might be some crazy ideas that come [00:47:00] out from a conversation that somebody saw at, you know, do by expo or whatever. And maybe they have the tons of money to throw at them, but maybe we don't have that resource and we're asked to do it.
And okay. We, we actually had a request to put a security operation center up and running in about think it was two months. They'll usually that will take us eight months infrastructure, where we had the infrastructure in place to say, okay, cool. We need to just spin up the VMs in the cloud, make sure that the tunnels are up and running.
The infrastructure locally is ready that we can deploy that fairly quickly. But without this infrastructure, it would've taken us eight months a year. And now, because we had that success, we're now being told, okay, we want four more of them done by. The end of the year, whatever that is. So it allows us to be able to leverage technology and be able to tell our, our C-suites like, okay, we can, we can probably figure it out or no, we don't have the infrastructure for it.
It's not there. So it gives us a little bit more leverage and more usability for
Andy Schonberger: the buildings or the next step are in, which is, Hey, I know you just connected [00:48:00] those four buildings, but we just sold them. Can you take them off?
Bayron Lopez Pineda: It happens. It happens. And you know what that is now. It's just, okay. You just know that box that sits in that MPO, take that out in the building's disconnected and you can just sell it to the property.
And it is that simple, right? And here's a model of everything. That's in the building here, all the passwords and IP addresses, and here's a portfolio for that site. Give it to the buyer and they're up and. So it does happen for us.
James Dice: as it gotten to the point where that makes it the building more valuable at this point, or is that not, is that, is that fluff at
Bayron Lopez Pineda: this point?
I think we believe so. I mean, we believe so. And if you looked at what killer has recently done, right. With sales and acquisitions, I think, you know, it makes it a little bit more valuable to also does it from the tenant perspective. Right? Cause they might have questions as to how are you protecting us?
How are you protecting to make sure that the buildings, you know, being adequately secure, what are you doing for my employees to come into your site? So I think that makes it appetizing for the tenants. You know, if you're able to tell the tenant, look, we can get rid of all the physical [00:49:00] key card waste.
Right. Cause we're moving to mobile. Right. That might be a good strategy for them as well. Cause they might have a ESG policy that they're working towards. Right. So now they say, oh, none of our employees KCI carts because our landlord doesn't provide that. So mobile. It makes it accessible appeasing for some appealing for some tenets.
So we're, we hope so. Right. We keep on getting projects. So I think we are, but you know, we'll find out.
James Dice: Cool. Well, you guys mentioned tenant apps. I just want to ask about that because they're so hot right now, Andy, I saw you wrote an article on tenant apps in 2015, which is hilarious to think about because it's come so far and become so hot at this point. But can you, can you guys talk about how you're thinking about tenant apps today and specifically.
'cause you guys have this air gapped sort of front of the house corporate network? Well, actually you might be have the Kilroy corporate landlord network, right. And then you have this air gap, OT network, and then the tenants [00:50:00] might have their networks as well. And so I'm thinking about three different networks here, right?
That the app could be connecting to, depending on what use cases you're enabling. For instance, I want to change my HVAC set point or you, what, what sort of use cases are you thinking about for tenant apps and which ones are sort of the most successful at this point?
Bayron Lopez Pineda: So we leverage that through each building is unique, right?
So whatever services you might have on one side might not be needed another. So we li we really like to tailor towards those and specifically, right. Depending on the needs of the building, the tenant needs, you know, there might be locations. Tenant might have a specific solution that they want to work with.
And if they are a, you know, a fully occupied tenant, then we have to work with them on that. Right. So we'll have to figure out that solution for them, where we have multiple tenants. That's somewhere we work with the building and the asset management team to see how that interaction needs to happen are listening to marketing, marketing teams are becoming really heavy as to, you know, what they [00:51:00] receive from us providing services, right?
So will OT be able to provide you an application where you order lunch and do your dry cleaning? Probably not. Right, because that's probably not within our scope, but we might have something as part of our marketing team, which that will be its focus. So that's what we're trying to figure out. What is specifically building operations, right?
Where can you request a mobile credential to go into a property or where can you request, you know, lunch or services that way? So those are kind of the strategies that we're looking towards. What do we make efficient and available for the building and where does. That makes sense and say, look, you have a request.
Call the engineer, the engineers on site. He has all the tools available for him to be able to make changes 24 7 and that's just a process. So it really depends on the building and, and the tenant and the space.
James Dice: Yeah. The reason I asked this question is because this, this technology has the potential to make all the last silos go away at some point, but we can't act like the silos aren't there when we implement the technology.
Right. So I think people [00:52:00] kind of gloss over that fact when they talk about this, what do you think, Andy?
Andy Schonberger: Yeah. Yeah. And you can get the, I mean the, the tenant employee experience platforms is actually what I would call them instead of just the tenant app, because it really just depends on who the, the user mix is here.
But from a lot of the marketing I've seen, they've done a great job at make it seem like this is one app to rule them all, you know, in the building. But, but underneath the sheets, you know, there's a lot of API integration to building systems and you have to think about how is that connected and how are you doing.
You know, how are you onboarding a tenant versus, you know, just how an engineer using it? There, there are certain lines in the sand you have to draw and going to the marketing of these experience platforms, there's a lot of functionality they're stacking up as a menu list of everything from, you know, visitor management to the mobile access credentials we've been talking about and concierge services and, you know, book an exercise bike, and, you know, I mean, keep going on, on maybe it's the environmental controls or request fresh air or, or submit a work order, or, I mean, you can [00:53:00] keep going.
And I saw the list on, on one for our client. It's this amount of services is 50 long actually. And they basically just said, let us know how you want to configure them. Because we can do all of this under that umbrella. And now you're looking at that and going, where do I start? Like, how do I prioritize?
Because that, and do they really know what they're getting in for? When I tell them I have 17 building automation systems and four of them are proprietary and those vendors are not going to want to let us connect at all. So do they even understand all of this? You know, so there's a lot of, there's a lot of complexity there, but I will say that as these platforms are maturing, then a lot of these are, it's not just a custom app being developed, like what I was talking about years ago, where, you know, hire an app developer and you can make whatever you want right now.
Nowadays there's a lot that's it's pre-configured now you're just tailoring it right now. You're changing a logo or you're changing a sequence for example, or they're using a different API to get at a particular system or. It's certainly come a long way. They are pretty powerful, but they are not that one app to rule them all in my opinion [00:54:00] yet still because you know, it is focused so much more on the experience and this is where you need somebody like, you know, with Byron's experience or hours to help you understand those connections under the hood.
Because you know, you can get leasing folks, look at that feature list and go, I want it. And then when you have to run it, you know, especially in an existing building where you may not have a clean sheet of paper to specify all those integrations right upfront, you may have your hands full making it viable and, and, you know, working on an ongoing basis.
So I love where this is going, because what it's doing is driving a lot more connections to those base building systems. And now there is more eyeballs on making sure they're configured, right? And that, you know, that this is going to work long-term and that there is someone like the bot team at Kilroy is supporting it on an ongoing basis.
So I think it's great because it's getting more eyeballs into this space. But it certainly, isn't just a magic, like if you just say, oh yeah, connects by eight API. Okay. Maybe right there, there may be some more expense there that you're not quite sure what right off the bat. But man out of the platform is powerful and it's really hard not to be [00:55:00] inspired when you pick one up and get to play with it for the first time.
Compared to where we were five years ago. That's for sure.
James Dice: Very cool. Yeah. I'm super excited about where it's headed as well. Cause it's creating those conversations about knocking down silos that, that we wouldn't have had as early as quickly before. Well with that, what do you let's let's wrap up here.
What are you guys excited about heading into the end of the year early next year, maybe you start with you Byron.
Bayron Lopez Pineda: COVID showed us a lot of things, right? So COVID actually helped the building wrap up also, right. Unfortunately, everything that happened, but we've actually been more busy within our buildings, retrofitting and repositioning and updating and upgrading.
So the technology that's coming into the spaces for the next years is, you know, it's phenomenal, right? Some of the things that we'll be able to do with elevators and access controls and cameras and internal Kilroy pieces, right. That we might not, you know, expose to tenants or that might not be needed for them.
Right. Because another thing of the tenant experiences, you know, who needs what, [00:56:00] right? A facility, people at the tenant might need something different than your regular employee, but for us, the technology that we're able to leverage, right? We're able to push technology forward the way that we're building our sites, the way that we're thinking about, you know, how should we elevators integrate?
How should an elevator and all that you lock, walk into the lobby and select your Florida magically for you. And the pieces as we're making it easier for you to live in our space and welcome you guys back and make sure that you're enjoying the killer brand and, and say, yes, we want to renew our lease, or we want to leave some more spaces.
Just pushing that innovation. We always say that, you know, we're, we're innovation works. And we, we truly want, I mean that, and we see it with our sustainability team, our development teams and our technology teams. So really excited about where we're going and the technology approvals that we've gotten over the last couple of months to push the technology forward for our sites.
James Dice: Very cool. I love that answer. What about you?
Andy Schonberger: Yeah, what he said, we're actually in a very, very similar position in that a lot of our clients [00:57:00] are looking at how it is, how is technology a differentiator, maybe it is in that new build, you know, trying to, you know, add in digital amenities because there's an expectation of it.
Or maybe it is around risk reduction because of a particular event, or there's certainly some critical mass to this market right now, as I'm sure. You know, and, and you're, you're actually a good poster child for it, with the diversity of your, you know, your, your speakers. But we really just want to help our clients go through this same journey.
We've got some hard lessons learned over the years of, of ways to do things and ways not to do things. And, and going back to my role of telling the stories, that's really what our team does is help, you know, help shortcut our clients onto the path that, you know, clients like Kilroy have done. How do you learn these, these lessons?
How do you take, you know, take a bite of the elephant one at a time, maybe it's attending a, you know, a bootcamp or, or one of your classes to get started or diving into a particular use case and figuring out how you enable it. But it's, it's pretty exciting. I mean, we've definitely seen some critical mass here.
I mean, but are a lot of our clients are going through that same journey. If you will, from let's [00:58:00] dip our toes in the water and just do one assessment or maybe five or a representative sample of the portfolio, and then build this into something that's going to live and breathe because we know. You know, the, the Pandora's box is open here.
We can't unsee what's happened. We can't not pretend we don't know about this breach or this ransomware, or, you know, the risk of this new technology. So pretty exciting times for our team. So we're just trying to keep up with our client's demand to keep rolling with this. So, great, great challenge. Love the fact that, you know, we have clients pressing us and, you know, Kilroy included.
I won't, I won't give away any Byron and Kilroy's secret sauce here on, you know, their strategies and their, their prioritization. But I think everybody in this market is kind of tackling it a little bit different. So that's what we're our job is to, to meet them where they are and really help them build out that program, whether it's around, you know, a smart building strategy or very particular managed service on a cybersecurity risk reduction efforts.
So fun to be in this space right now. I think we'd all agree.
James Dice: Yeah. 100%. Well, thanks to you both for coming on the show. It's fun to do a [00:59:00] little dual interview. So thanks so much.
Bayron Lopez Pineda: Cool. Thank you for having us.
James Dice: All right friends, thanks for listening to this episode of the Nexus Podcast. For more episodes like this and to get the weekly Nexus Newsletter, which by the way, readers have said is the best way to stay up to date on the future of the smart building industry, please subscribe at nexuslabs.online. You can find the show notes for this conversation there as well. Have a great day.
Head over to Nexus Connect and see what’s new in the community. Don’t forget to check out the latest member-only events.
Go to Nexus ConnectJoin Nexus Pro and get full access including invite-only member gatherings, access to the community chatroom Nexus Connect, networking opportunities, and deep dive essays.
Sign Up