Tom Garrison: [00:00:00] Hi. Welcome to the Cyber Security Inside podcast. I’m your host, Tom Garrison. And with me is my co-host Camille Morhardt. Camille, how are you today?
Camille Morhardt: [00:00:08] I’m doing really well because unlike the guest that we interviewed for this podcast, I got more than two hours of sleep last night. I know she thrives on two hours of sleep a night, so that wasn’t even unusual for her. But I need much more than that. So I’m doing well with much more than that. Thank you.
Tom Garrison: [00:00:26] Yeah, our, our guests today without giving too much away, [00:00:30] we’ll put almost everyone that’s listening to the podcast to shame in terms of what she accomplishes, not just over her career, but even within just a single day–all the different hats she wears and what she can get accomplished. She’s truly an inspiring individual.
Camille Morhardt: [00:00:48] Yeah, she, and, uh, she and her husband are starting a company and they also have two little kids. And it’s just fascinating. They’re starting a [00:01:00] company that deals with manufacturing in the United States, which is not something that we hear about every day, especially in tech.
Tom Garrison: [00:01:07] Yeah. And I think going into a little bit more depth with her in terms of what are the areas that really matter when you’re, when you’re starting a small company. What do you have to think about when it comes to security and, and who do you work with and how, you know, you’re not a major corporation with years and years [00:01:30] of policies and procedures and lawyers and everything else in play.
You know, we dive into a bit more of the, the nuts and bolts of what do you have to think about when it comes to starting up a manufacturing facility in the US? and what matters to the customers who want to buy from a security company that manufacturers in the US?
Camille Morhardt: [00:01:53] I also thought that her personal story, which she related to us about, uh, [00:02:00] immigrating to the United States when she was very young, uh, and then how she was as a young child–I think around seven years-old–doing the business negotiations for her family, because she was the best person to speaking English and how that kind of shaped her and her ability to never stop, never give up, you know, push through.
Uh, and how she kind of cultivated that into now being an entrepreneur and how she does a lot of the things she [00:02:30] does so that her daughters can see a path and can see how to approach things with confidence, um, and perseverance, grit. I thought that was really interesting to hear that personal side of the story.
Tom Garrison: [00:02:43] Um, and, and clearly as I hinted, you know, when we first started, she is, uh, she’s just an inspiration in terms of all the things she can get done. So she’s taken those somewhat, uh, humble beginnings in terms of, you know, having to do just the translation work [00:03:00] now into growing businesses and manufacturing and truly a branching out in the security space.
Camille Morhardt: [00:03:07] Yeah, very impressive lady.
Tom Garrison: [00:00:00] Our guest today is Min Kyriannis. She is CEO and co-founder of Amyna Systems and managing director of EMD| JFK. She has 25 plus years in converged and global information technology and operational technology, as well as cyber security, physical and risk management across the globe. She’s received numerous accolades for her work and is currently focusing on nonprofits as [00:00:30] a way of giving back to the community.
So welcome to the podcast, Min.
Min Kyriannis: [00:00:35] Thank you, Tom. And thank you Camille for having me. Um, it’s, I’m happy to be here and, um, I’m sure, but I’m having a blast talking to you both.
Tom Garrison: [00:00:42] That’s right. Well, that’s our goal. We’re going to have some fun before we get into the cyber security elements. I thought it would be good maybe to have you talk a bit about your background.
Min Kyriannis: [00:00:55] Oh, uh, Hmm. There’s a numerous backgrounds. So literally a Jack-of-all [00:01:00] trades saying 25 plus years already gave away my age, darn it! But, uh, started off as one of the few females in the IT industry, you know, um, working for a client side, doing punch downs, configuring networks and routers. So I was really heavily engaged with networking and that went on for about over a decade, a little bit over a decade. And then I decided to resign because I got fed up with IT. Um, I actually broke three computers programming, uh, because I couldn’t yell at it and it didn’t respond to me. So I [00:01:30] smacked it and I think I broke the motherboard. So, and plus the fact that, you know, it doesn’t respond when I yell, yell at them. So that wasn’t a good thing.
And then decided to go into catering and modeling, which was fun. Catering was much more fun, but that being said, after a few years of that, uh, someone had came up to me and was looking for me because they knew I had a technical background and brought me back to technology. And at that point I was actually working in security, uh, physical security, and that just came and [00:02:00] never left, loved it ever since. Um, and really keeps me on my toes.
And currently now I’m working with a bunch of organizations. Women in International Security is one, um, which is really looking at women. We’ve worked with NGOs and also on a policy side. And also now we’re creating a bunch of foundations, one specifically dedicated on underprivileged youths let’s give them opportunities, which they otherwise wouldn’t have. And also looking at veteran veterans, seeing if there’s a way to help veterans who are just recently discharged from the military at the same time.
[00:02:30] And it has a few other as the Global Cyber Consortium, as well as Moms in Security, specifically geared toward combating human trafficking. So we raise funds to actually have organizations who are boots on the ground to help save children and women from who are in forced labor.
Tom Garrison: [00:02:45] Wow. There is so much to talk about there. Let’s start with a more traditional areas and then we’ll, I think we’ll probably over the course of our time together, we’ll move into some of these newer areas. You mentioned physical security, [00:03:00] so I assume that you’re talking about manufacturing, a physical box that aids in security in some way. Can you talk a little bit about it?
Min Kyriannis: [00:03:11] Yeah, the box that we manufacture isn’t part of physical security. Physical security is mostly, you know, people think of as law enforcement, uh, perimeter security. The box we’re manufacturing is actually gears to IOT devices, specifically, issues that you see that’s out there.
What we’ve been trying to do is really fill the [00:03:30] gap that’s there and we’ve actually figured out how to do it. Currently, the box that we’re manufacturing, even the software that we’re writing is all proprietary. Um, it’s, it’s specific to looking at in hopes of also protecting these devices that actually have no security built in. I would say from legacy devices to recent devices at the same time.
Camille Morhardt: [00:03:50] When you’re talking about IOT, I know you used to work in that intersection of IT and IOT, are you looking at connecting green field or new devices in [00:04:00] IOT or consumer devices or things that have been out there.
Min Kyriannis: [00:04:04] I think it’s everything that’s out there. And the reason being specifically for that is because with COVID, everything has been blurred. I mean, we’re all working from home. So the expectation is when you go home, you should be able to connect to your workplace and also work and perform your functions at the same time. So for us, we kind of view it more as an entire ecosystem. It’s not whether it’s commercial, residential, private, or public, it’s basically everything, all the devices. [00:04:30]
Tom Garrison: [00:04:30] Yeah, so your solution basically enables a modern sort of interface with these devices that were never designed to be–so whether they be control systems or other things that were probably architected in some cases many, many, many years ago, And so your, your device allows you to connect to those systems that were probably proprietary, as well. Not only were they not connected, but they were probably proprietary. And then you can manage them in a more modern way [00:05:00] remotely or whatever. And you do that securely for obvious reasons.
Min Kyriannis: [00:05:03] And that’s a hundred percent. It’s a big thing of securely. I think this is the biggest concern because the past couple of years I’ve been touting, um, critical infrastructure needs to be protected. And with all the EOs with binds that’s out right now, I think it’s coming to fruition to people are starting to realize and say, “oh my God, you know, we have to start protecting this infrastructure.”
Tom Garrison: [00:05:22] Yeah, well, yeah, I mean, you’ve got pipelines being, uh, yeah, the colonial pipeline. You’ve got other, other things that are in the [00:05:30] news seemingly every day now with different meat packing plants.
Min Kyriannis: [00:05:35] (Sighs) Water treatment plant
Tom Garrison: [00:05:36] Yeah, exactly. Yeah. So what is interesting to me is not just the, the opportunity that you’re going after, but you have a pretty interesting, uh, I guess challenge, I’ll say in that you are physically building something, but that device itself has to be very, very highly trusted. So [00:06:00] first of all, where do you manufacture and how do you navigate through, into having that super high trust in the device side so that you can build the trust with the customers are going to be putting this in very, very sensitive parts of their network.
Min Kyriannis: [00:06:14] So one of the things we’ve been working on, especially as I, I’m not building every single component directly right now, that will be the main goal later on, but the reality is we do have to work with partners at the same time who are providing specific components that we’re building. So one of the key things we ask a supply chain, where are [00:06:30] you acquiring these components from? how you’re doing it? And then there’s some sort of due diligence has provided. We are looking at that very, very diligently specifically on the fact that if we are and hope to work with the government, we have to ensure that these devices are secured. So one of the things that we’re doing is also quality control. We’re actually making sure that these devices are tested properly before it gets shipped out, but we’re at the proof of concept stage.
So what we’ve been doing is heavily testing these boxes to ensure that there is no compromise. There’s no way of getting in, but that’s just now. [00:07:00] So, you know, with cyber security and security being so dynamic, we need to always be ahead of the game as we’re manufacturing and working with these devices. So the team is critical and I think it’s not just a supply chain, but also the team of people that you’re working with needs to be also vetted and looked at properly. And that’s what we’re doing right now as we’re developing these components, the software, the boxes itself, we’re working with the right people and also the right companies at the same.
Camille Morhardt: [00:07:28] So, this is like a [00:07:30] physical device that sits somewhere, um, onsite or close to an area where you’re connecting something, a thing for internet of things and helps ensure that it’s connecting securely. Um, and you’re being very diligent during the course of the supply chain through manufacturing, and then this device goes out to its resting place or its site of operation. How are you protecting or what kinds of things do you need to protect against once the [00:08:00] device is already deployed?
Min Kyriannis: [00:08:01] Wow! So that’s a loaded question. I hope you realize that, Camille. So there’s two things that we have to think about, too. Once the device leaves home or where the manufacturer is, it actually goes to the owners. So recommendations are, have to be in place specifically around the owners. And this is one of the big things I keep talking about is as much as we’re talking about cyber security and security in environment, there’s a physical aspect. Right. You don’t, you cannot install these types of devices in [00:08:30] a public area where people can easily get access to. And that means also access control and ensuring these devices are in a secure location properly, you know, set up with proper credentials, people walking in.
So there’s a collaborative effort that has to happen between the manufacturer, the distributor integrator, as well as the owners themselves. And I think this is where the ownership has to be taken up by everybody. It’s not just us as a manufacturer, providing you with a secure device to protect your devices. You also have to protect your [00:09:00] assets because once you procure these assets, they belong to you. So if it’s sitting in, you know, Tom’s building or Tom’s home My God, Tom, I do hope you protect your house and no one can break in, but the expectation is you’re going to have to put this somewhere secure where people can’t break in and tamper with the device.
Tom Garrison: [00:09:17] I think physical security, which is why I got confused earlier, but the physical security piece is a much higher bar because for example, protecting the network so that,[00:09:30] somebody can’t come in from the outside. Is one level of challenge and people kind of think about that. Like “I gotta keep my network safe, um, and don’t let anybody in.” But physical security, they can actually hold the box and open it up and put probes in and do this and that and whatever.
And in the case of IOT, some of these things are out really in the wild west. I mean, there, there’s not necessarily people around to even watch them do this. So yeah, [00:10:00] the challenge there is super, super high from a, from a physical security and protecting to that level of threshold. So the fact that you’re doing that, I think is interesting where I was, where I was hoping we could even explore more was you said, “I need to work with the right people. And I needed to work with the right companies.” And, and now being somebody who’s gone through that journey. I’d like to understand more about how do you do that? How do you [00:10:30] define what “right” is? And, and, and even more importantly, once you’re convinced that they are the right people, how do you convince your customers that you’re working with the “right” people?
Min Kyriannis: [00:10:40] You know, if people are going to be people, um, I’m not a person that trusts very easily. But I think if you were speaking to a right individual, I think first and foremost is understanding who these individuals are. I can’t just go into, you know, a shop and say, “Hey, but Mr. Bob, I need your help right now. I don’t know who you are, but I trust you a hundred percent. Can you provide me [00:11:00] with this stuff right now?” And God forbid, he buys it from E-Bay. Now that being said, that’s not the right person that you want.
So the right people in my mind is you’re going to speak to these people. You’re going to ask for the credentials, you’re going to get these credentials coming in. There’s going to be contracts signed in advance that basically tie, and it’s going to be important because Laurie is going to be involved, but there’s going to be discussions around this first, before any, you know, anything happens. And that journey, unfortunately—well I should say fortunately it was very good because I have already established a [00:11:30] rapport in the industry and also have worked with numerous other folks that I’ve known already for a substantial amount of time. So that relationship has already been established.
Now we just have to go and deep dive further in now because we already had that relationship already. Let’s talk about the other things. Like where are you getting a components from? Can you show me the proof that you’re getting this components where it’s coming from? Who are you working with? This is stuff that unfortunately, you know, people can lie, but people with people that you work with for a [00:12:00] long time, it’s harder for them because there’s a reputation there also.
I think with folks that have been, that you’ve been working with for quite a bit of time, you’re going to know if there’s something wrong, you know, you can understand your body language, you can understand how they work due to business dealings. You can understand who they’ve been dealing with for a long time and into something, you’re going to know right away. And that’s the norm.
With someone new, it’s the same process, but it’s going to be a little more stringent because you’re going to have your lawyers involved at that point, [00:12:30] reviewing every single document that comes through to your table. And that basically means everything I have to look at and review it gets passed to my lawyers and they review it before I actually signed the line and says, “okay, let’s work.”
So I think, my journey has been very interesting. Um, and because I’ve already established some relationships in the past, it’s been a lot easier than others, but you know, if you’re starting from ground up, those relationships are going to be critical, even if you’re new that you’re establishing, you’re going to have to get to know [00:13:00] these people before you actually jump in and start doing any type of business dealings with them.
And you know, the other thing also is trusting your gut. You’re going to know when something’s off, but, but this is the thing you’re going to know if you can talk to people and work with these guys in the long-term, and that’s what we’ve been doing. We’ve been working very diligently across that and working with people, talking to a lot of folks that we would want to partner with.
Tom Garrison: [00:13:21] So I want to try to branch now into some of the other things that you talked about in your introduction, because they just sound really, really interesting. So you [00:13:30] mentioned that you are working with an agency that also talks about security of women. And can you talk, can you talk more about that and what, what the challenges are and what, what it is that the group is focused on?
Min Kyriannis: [00:13:45] So you mean Women in International Security–WISE? Yes. So I co-chair the New York chapter. So one of the things that I’m going to call her out, ?Alisa Mila? and I myself have been doing in the past and we known each other for well, way too long, is that [00:14:00] when we were in this industry, there were really only a handful of women, um, in the industry. And I can literally count the number of names that I’ve known, um, 20, 25 years ago on one hand.
Um, and it was very challenging. It’s a very male dominated industry, even in security, physical security, IT has been very male dominated. That being said, mentorship has been extremely difficult. So there wasn’t a mentorship. You had to learn things on your own or really kind of claw some ways and read a lot to get to, to an [00:14:30] executive level.
So one of the things Alisa and I talked about was “why don’t we work on an organization and let’s take a look at it, see how we can provide a platform to young ladies. And also the ones that are are less represented, who don’t have these mentors to provide me with some sort of mentorship, professional development, whatever is needed just to get them support.” That there are people out here that want to see them succeed.
And because I have two girls that will be honest. I don’t want them going through the [00:15:00] struggles I have or have had in the past to really get to where I am. So really, you know, working with WISE–which has been around for 35 years–it was just, it just fell in my lap. Um, which has been phenomenal meeting some of the people. We’ve been working with, uh, a UN liaison has been one of our biggest advisors and supporters. But it really is to provide mentorship, professional development, to young budding people who are interested in gaining some knowledge, thought transfer and really become leaders themselves. So that’s what, WISE [00:15:30] is.
So what we’ve been doing is creating newsletters, groups, conferences. We’ve been pushing these women to speaking more on [00:16:00] public forums. And hopefully later on, I want to see these women and papers really leading the industry, you know, in [00:16:30] strength. So that’s what that’s about. Um, it, it really is for that.
Camille Morhardt: [00:16:35] Min, you, to me, it seems you kind of exude confidence and I’m just wondering, it sounds like, I mean, you came from when you were starting a couple of decades ago, like you said, a handful of other women that you saw, were you born with this confidence? Did you ever doubt that you were going to get to where you are today? Um, does it wane ever?
Min Kyriannis: [00:16:57] Oh, the Imposter Syndrome. So there are [00:17:00] days I know Imposter Syndrome comes in. I was not a privileged child growing up. I actually had a very rough past growing up in a sense that my parents were living in poverty lines and, um, we, my parents struggled to make ends meet. So we were, we were considered one of those immigrants that were literally coming here penniless. Um, and I grew up in the United States. So I’ve been put into many challenging positions in the past, pretty much at a young age to take the lead. And unfortunately when you’re seven and [00:17:30] eight and your parents are asking you to do things–they don’t speak English and you’re the one that has to do all the business negotiations–it’s very hard to break down because you learn very quickly that you really have to put an ironclad face on.
So I’ve learned at a very young age to put up a wall and a shield, just so that way things get done. And as much as I sometimes look back, and regret that I wish, you know, I have was entitled and had certain privileges my friends did [00:18:00] and I didn’t. And I don’t look back with regret, but I look, look at it as a learning curve for me, where I started moving forward. Um, and that’s where that came from. It’s really just that grit. And my husband has always said to me that like, “you look like you were about to take over the world!” And I said, “yeah, I do want to take over the world, but in the right way and with a positive, positive message going forward.”
S o the confidence comes from really, you know, looking at my past and really thinking forward as to what can we do to make this better. [00:18:30] Um, and also for my kids really.They’re going to be facing with certain challenges I had and hopefully they gain a confidence now, seeing me as a mother moving forward like this versus, you know, coming back, crying and… crossing my fingers! Really crossing my fingers!
Tom Garrison: [00:18:47] Well, so I happen to know, not only are you, are you a successful business woman and you’re doing this mentoring work. You’ve also been trained as a professional chef?
[00:19:00] Min Kyriannis: [00:18:59] Yes, I had been. That was one of those things that you do, which is weird. Yes.
Camille Morhardt: That too!
Min Kyriannis: Yes, that too! If you’re interested in coming to my house for a feast, I welcome you because I’ve been told I cook for an army and I used to cater, yes.
Tom Garrison: [00:19:18] I guess the real question here is how do you find the time?
Min Kyriannis: [00:19:45] There is no sleep. Sleep does not exist. Sleep is for—no, I a kid. Um, I’m an insomniac. I’ve always been insomniac and, um, to be candid, my brain is always rolling. [00:20:00] Um, so when I sleep too much, um, I become very lethargic. Um, so this is, this is me with two hours of sleep, very hyper.
Camille Morhardt: [00:20:09] Oh my God. You’ve slept. How much sleep do you normally get?
Min Kyriannis: About two to four hours every day, at most.
Camille Morhardt: Two hours within 24 hours?
Min Kyriannis: [00:20:18] Yeah. Yeah. I am a very hyper person.
Camille Morhardt: [00:20:23] Wow, I didn’t know that was possible.
Tom Garrison: [00:20:24] It is certainly impressive in terms of what you can get done. So that’s, uh, [00:20:30] that’s incredible. So I think you have elevated yourself, at least in my mind, to superhero category, so (laughs).
Min Kyriannis: [00:20:37] Oh, thank you. No, if I can make laser eyebeams that would be even better, but that’s another story. (laughs)
Tom Garrison: [00:20:42] Well, there you go.
Tom Garrison: So Min this has been really, really interesting from a background and, and obviously all the things that you’re working on, it’s just so inspiring really. But before we let you go, we do have in our podcast, the opportunity [00:21:00] to share a fun fact with our listeners. And so I know that we, we, we let you know that this was coming. But with all of your background of all the things that you could talk about, that you’ve shared here, I’m, I’m just intrigued with what are you going to share with us today?
Min Kyriannis: [00:21:18] Mm, okay. So do you guys like hot peppers?
Tom Garrison: Of course.
Camille Morhardt: [00:21:23] Well define hot. (laughs)
Min Kyriannis: [00:21:24] Spicy, very spicy hot.
Camille Morhardt: [00:21:26] I mean, not ghost pepper level.
Min Kyriannis: [00:21:30] I’m talking to world’s hottest.
Tom Garrison: [00:21:32] Oh no, no, no, no. Don’t even. I’m dying to hear where this goes.
Min Kyriannis: [00:21:37] So I’m a pepper head and I love spicy peppers. So. When I was pregnant with two girls, I was literally chewing ghost peppers and habaneros raw. That was the only thing that could keep the morning sickness down. It was so bad. So, so those pepper and ghost peppers and habneros do nothing to me. Well, I found that there was [00:22:00] actually a spicier pepper than that. It’s either the scorpion pepper or the Carolina reaper. Now I’m growing them in my backyard because I make this hot pepper sauce and I’m happy to send you both some (laughs).
Tom Garrison: [00:22:11] No, please. Don’t actually my son, my son, my son probably would love it. He loves to eat hot stuff. But anything with the word “reaper” in it, I think I’m out.
Min Kyriannis: [00:22:21] It’s actually not too bad. It actually has some really nice flavors to it. actually it maxed out at 2.2 Scoville units. That’s the type of rating scale it uses for hot peppers. So I marinate these peppers in a black vinegar and soy sauce base and it comes out really nice and stuff. But it kicks up a heat. So a little bit, and even the Carolina Reaper is a little, it’s a little spicy for me. I don’t eat it with discretion.
Tom Garrison: [00:23:23] Wow. That’s great. So Camille, what, what fun fact do you have for us today?
Camille Morhardt: [00:23:44] Okay, well, I got stuck on the fact that Min was a chef too. So I was trying to think of something, food that was interesting and you know, one of them. Um, one of my really good friends, uh, is from Japan and he just had to fly back there to help a family member.
[00:24:00] And so I started thinking about that because one of the things he’s going to do is eat a bunch of fresh fish. And I remembered going to Tsukiji fish market when I was living in Japan. And I just loved that experience. Um, and so I thought, what is interesting about that place they must have had. I mean, that’s the first place I tried, I think a sea urchin, Uni orange it’s bright orange.
Yeah. And, um, and then I was, so I just looked some stuff up. I realized [00:24:30] Tsu kiji has since closed or moved or kind of been replaced. Yeah. Um, so I think there’s still a tourist attraction there. Um, but when I was there, it was in full swing and it says that they, on a typical day, they sell, um, 3.6 million pounds of seafood. Yeah. Which is just a lot, 3.6 million pounds on a day. I guess the value of that they’re saying in US dollars is about $14 million a day, which actually seemed kind of low to me compared with the poundage. So it’s really a cool thing.
Tom Garrison: [00:25:40] Yeah, I, so I’ve been there, uh, multiple times and, uh, before it closed and what I was taken back by was not just the side. Which I agree with you is amazing. It’s also that when I think about a fish market, I think about fish and when you’re there. Okay. Yeah, they got fish, but [00:26:00] they got just about every other thing you can imagine. I mean you can get the sea cucumbers, you could get the. Like eel looking things, you can get, uh, various forms of kelp. And if it’s in the ocean, you can buy it at that place. It is, it’s kind of crazy,
Min Kyriannis: I learned something new today.
Tom Garrison: So here’s mine. So I knew that Min was going to talk something about food. We didn’t know what it was. Could we try to keep some level of secrecy here, but, uh, so I decided I would go on the farm side of farm to table. When I think about farms, I think about the iconic buildings, you know, the big red barn and what I found interesting when I did this research was that, uh, the whole, [00:27:00] uh, history behind the red barn, It’s not paint.
Um, New England’s settlers didn’t have enough money to actually paint their farms. So they, they needed a cheap way to protect the barn’s wood. And so what they did was they mixed, skim milk, lime and red iron oxide–basically the rust–to make red plastic-like [00:27:30] coating that went on their barns to protect the wood.
And there’s at some other places said there was also linseed oil in there, but the, the, the red actually came from it wasn’t paint. Uh, it actually came from rust. It was just iron oxide that they would have around any farm with metal in the, uh, elements. You’d take that rust and mix it in. And then that, that’s what they would coat the buildings with.
Min Kyriannis: [00:27:54] That’s interesting. Wow OK.
Tom Garrison: [00:27:55] Well, you know, that’s the [00:28:00] aim of the show. We hopefully will teach us something about security, but also you learn something else that you didn’t know about. (Min laughs)
Camille Morhardt: Some kind of fun fact.
Tom Garrison: Well Min, thank you very much for joining today. I think we covered a wide range of topics with you, but I will say, you know, your journey and what you’re accomplishing, not only in cyber security, but just in general as a human being is really inspiring. So thanks for being here.
Min Kyriannis: [00:28:24] Yeah, thank you for having me. This was really fun. I enjoyed it. Thank you so much.