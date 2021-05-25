Empower others and always give credit where it is due. One of the things that bothers me is the fact that there are people who will take credit for other people’s hard work. Do not do that — remember your reputation is at stake and you need to have integrity to maintain that reputation.

The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series called “Wisdom From The Women Leading Cybersecurity Industry”, we had the pleasure of interviewing Min Kyriannis.

Min Kyriannis is the CEO and co-Founder of Amyna Systems Inc. and Managing Director of EMD|JMK. She has 25+ years in converged, global, information technology, operational technology, cybersecurity, physical and risk management across the globe. She has received numerous accolades for her work and is currently focusing on non-profits as a way of giving back to the community.

Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?

My family immigrated to the United States in 1977 when I was an infant. Even though I came to the US at such an early age, English was still a second language. My parents did not have much money, my father was a carpenter by trade and my mother was a stay-at-home mom but did factory work on the side. I remember her working on the knitting machine provided by the factory (for which she had to pay). She would make clothes in bulk. She did not get paid much for the work, in fact it was minimal and per finished piece. We were the typical immigrant family, working hard to make ends meet to support the family.

I do not remember having the luxuries given to many of the kids in our neighborhood. At that time, Flushing, NY was predominantly Italian and Polish. It was not the Chinatown we know today. Since my parents did not speak English, beginning in elementary school, I was asked to negotiate and translate all their business transactions. It was an interesting time — I was such a tomboy, preferring to do things atypical of a “girl”. By junior high, there were more Chinese immigrants and even then, I still did not fit in and was ostracized. As much as I spoke both the English and Chinese languages, I was never accepted into any of the cliques in school. The library became my hide out for solace. I remember heading to the library 2–3 times a week to get books to read, return them and then grab another stack to go home and read. I always felt that our extended family and even our friends looked down on our family, and frankly, it made me angry. Funny thing is the anger made me work harder.

In High School, we got our first computer, and I remember how that was so novel. It made me fall in love with technology and it seemed natural to me. By the time I reached college, things shifted a bit. I made it to NYU and saw a different world. In fact, I was hired at NYU to begin working full-time starting as a computer technician — which paid for my tuition at the university! I did not have much of a college life since I worked and pursued my degrees, but the journey provided a huge amount of experience in the technology world. At one point, I decided to leave technology and go into catering and modeling, but then technology pulled me back again. I met my husband because of technology.

Is there a particular book, film, or podcast that made a significant impact on you? Can you share a story or explain why it resonated with you so much?

Wow, there were so many books I read. I do not even know where to start with this one. I always loved reading books on mythology — all kinds of mythology because it was a way to peek into the minds of ancient cultures. As I read more, one of the books that really got to me was “The Bone Lady” by Mary Manhein. That world fascinated me, and I had at one point thought I wanted to go into forensic anthropology or law enforcement to solve crimes. I love to learn, and I have always felt that things in the past affect our decision-making processes and how we think. I also enjoy putting things together, which is why I love complex problems. When I came back into technology in the physical security world and cyber world, I just fell in love and never left. The world is constantly evolving, so it kept my mind busy.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

I know everyone says the same thing, it just fell on my lap. But the reality is if I analyze my career in the past 25 years, it was all technology and security oriented. Without even realizing it, I was already in the realm. When an opportunity came up to converge building systems and security and work with companies to implement best practices, I jumped at the chance and loved every second of it!

Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lesson you learned from that?

Oh boy, people in the industry who know me know I have a crazy sense of humor and am a troublemaker. What is the funniest mistake or funniest thing I have done? I know I have done some crazy stuff, but I will not name those. I would call people by incorrect names or if I know them very well, say some off-the-wall comment with a straight face — just to get a reaction. I know I would tell telemarketers who call me at work looking for Mr. Kyriannis that he is not here. And when they inquired with my full name, I would just say “oh, you’re looking for me.” One thing I have learned through my experiences is really to be able to laugh at yourself and own your mistakes. There is absolutely nothing wrong with laughing at different uncomfortable situations. In fact, it diffuses the stress level a lot when you do.

Are you working on any exciting new projects now? How do you think that will help people?

I have a start-up that I am working on — Amyna Systems. We have created a disruptive technology that we believe can solve many of the cyber issues around IoT devices both commercially and at your residence. Cybersecurity is an interesting world — people know something about it, but there are so many layers to peel back. We are making the security process simple — anyone will be able to utilize the technology.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?

It is constantly moving — there is not a point where this industry slows down. The industry is so dynamic that the minute you slow down, you are behind. You meet so many brilliant people — I am not going to say I know everything about cybersecurity — but you now have an opportunity to continuously learn from so many amazing people that you meet across the industry. There are so many opportunities — because of the way the industry moves in cyber, there are a huge number of opportunities that are possible.

What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?

One is awareness — I feel people know and have heard of cybersecurity, but what it truly means is a separate issue. What is common knowledge is the theft of data, but there is a lot more than just the data and information being compromised, which leads to #2. Critical infrastructure — Our systems are getting smarter and are designed to make it easier for users to access remotely. Systems that are not yet online are moving towards that sort of access due to everyone’s desire to have this convenience and to be able to implement remote monitoring. Companies need to band together to protect these infrastructures. Complacency — we have become very complacent to with regards technology. The convenience is astounding and generally, we have become reliant on all the technology because we are exposed to it. It seems that even our children are born knowing how to use technology. I saw this with my firstborn when she went up to a television screen and tried to swipe the screen to get rid of the image she did not want. We need to take a step back and think about why we are so connected to technology and train ourselves to be more aware. Our complacency and dependence make us vulnerable, so the more we are aware and can discern information, it will help with the challenges out there.

Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for? Can you explain?

In cybersecurity, there are always critical threats actively occurring. However, in my opinion, the attack surface is now beginning to widen further to other systems — especially building systems. When we log into an app to turn on the light, or to change the thermostat, these are just opportunities for bad threat actors to look to compromise. Any node or endpoint is a vulnerability. For companies, a thorough analysis of assets is critical. This means doing an inventory of all active devices on the network (and if possible, passive devices) on both the Information Technology Systems and Building Systems. From there, companies then need to have specialists come in and analyze or even test to see if the eco-system is secure at all points. This only protects the devices. On the human front, companies should invest in training ALL staff on steps to protect these devices. Not only does training help their employees individually, but it also allows them to be more aware of the risks onf utilizing technology. Lastly, continuous reinforcement is critical. Cybersecurity is dynamic and constantly moving. Companies who go through these exercises multiple times a year tend to be more secure than others who believe that cybersecurity is not a threat.

Can you share a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?

If it is okay, I am going to generalize as much as possible. We had located a few rogue devices connected to some head end equipment. These rogue devices were cellular transceivers used to send data back to wherever “home” was. These devices were active, and we did not know who was connected to them. The existence of these devices was a surprise to many people in the company, and it shows that having a thorough asset inventory PLUS frequently conducting these types of due diligence are important to any organization.

What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?

Without providing vendor names, we typically use packet sniffers (or analyzers) on the network. This allows the engineers to capture each packet (data) and analyzes the information and where it is going. This allows the team to see if the data is going to the right place or if there is some anomalous traffic that is moving on the network. However, this is only on the network side. Unfortunately, on the OT side, there needs to be boots on the ground doing asset management to the best of their abilities. Much of the equipment installed are decades old and are being modernized without security in mind. Understanding where the equipment is located and consolidating this information is crucial for the teams to manage down the line.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?

Many breaches are conducted by someone from the inside. There are many things to watch out for to notice certain tell-tale signs from an individual — if the person is disgruntled or discontent and continuously complaining about their work or if their habits changed at work. For example, if they never stayed late, but are remaining at hours that are not customary to their work habits.

Email phishing is extremely common, if an email comes in that seems odd, trust your gut, and validate. Many spoofing emails now are becoming more realistic. If you typically do not receive email from people who are requesting a fund transfer, make sure you investigate the request with your internal team and validate that information.

Physical access –If you notice a secured door propped open when it is typically closed only to authorized users, report it. We understand people must work and having the door open may be convenient to their work, but there are reasons the door is secured.

When individuals ask too many questions that are not necessary for their work. Some people work with classified information or data that may be critical, if anyone is asking any questions that sound too specific or odd or fishy, make sure you inquire why they are asking and report the questions to senior management. Many of these inquiries are data gathering and people tend to give a lot away.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

Always contact key personnel and ensure that the general counsel / compliance officer is included as part of the discussion. If there are security policies and procedures in place, the team would use a step-by-step process which details who to contact and what must happen. It is a best practice to ensure that there is a crisis management plan which considers their customers and supply-chain and makes sure that they are also managed appropriately. Once the issue is identified, now the team calmly reacts, detains, mitigates, and prevents!

What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?

This will go on forever! One of the things I talk about is complacency: we have become too complacent with respect to technology, and everyone expects the newest and quickest technology to be available and convenient and secure. That said, this goes above and beyond companies, but to the individuals themselves. In my opinion, we need to make the public aware of their responsibilities to secure their information. I have spoken to many people (and this includes family), who tell me that they do not care about their data being compromised!! That attitude is dangerous: if you are compromised, guess what, it is your responsibility and takes a lot of work to prevent fraud and monetary loss. There needs to be accountability in place, and I would not be surprised if down the line, laws and company policies begin shifting because of the world we live in with remote work. If you are working at home with company provided equipment, you as an individual are required to ensure that the equipment does not get compromised because you are utilizing the device on a network that is not secure. There needs to be social accountability.

Let’s zoom out a bit and talk in broader terms. Are you currently satisfied with the status quo regarding women in STEM? If not, what specific changes do you think are needed to change the status quo?

Yes and no — Yes, that we are making headways in terms of talking about the need to diversity. This has been a major topic of discussion across many industries, and it is great that it is being discussed. The reason I say no is because I need to see action. Everyone preaches, but until more companies truly execute to diversify internally, it will only be a topic of conversation. I’m impatient in that sense — feathers will be ruffled, but in my mind, these may not be comfortable conversations, we just need to have the courage to make it happen. Actions speak louder than words.

What are the “myths” that you would like to dispel about working in the cybersecurity industry? Can you explain what you mean?

Myths — there is so much — cybersecurity is much broader in scope and scale. People say they want to go into cybersecurity, and I always ask, which area of cybersecurity? There’ are many different areas and believe me, it is not a 9 to 5 job. Cybersecurity is dynamic and continuously evolving. The threat landscape is broad and huge, so you will be constantly working! In my mind, it is rewarding. I am an individual that needs to be continuously thinking and moving. But if you are looking for a 9 to 5 job, this is definitely not the job for you.

Thank you for all of this. Here is the main question of our discussion. What are your “5 Leadership Lessons I Learned From My Experience as a Woman in Tech” and why? (Please share a story or example for each.)

Be confident and believe in yourself — Imposter syndrome is constant when you reach a certain point. I know I have questioned my own ability at times since I know there are people smarter than me. However, if you are willing to learn and honest with people you meet, that confidence will take your far. Empower others and always give credit where it is due. One of the things that bothers me is the fact that there are people who will take credit for other people’s hard work. Do not do that — remember your reputation is at stake and you need to have integrity to maintain that reputation. Continuously learn — the world is vast and huge and learning is key here. Sometimes you can learn about different things that have nothing to do with your profession, but guess what, that can come to full circle and eventually have a positive impact on someone in your profession. Learning helps your grow and I wish there were more time in the day for me to sit down and keep reading. Allies — finding allies in your profession is extremely important. These are people who will speak up for you when you are not there as well as support you when you are in the same meeting. This also allows you to start networking and growing your network which is extremely important in any line of work. Have a sense of humor — I like to laugh; it takes away the stress that is there and eases your colleagues. Always have fun and laugh. Jobs will be stressful, but you are there for a reason, so maintain that humor.

We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would like to have a private breakfast or lunch, and why? He or she might just see this if we tag them 🙂

There are so many people I would love to meet but the one that immediately comes to mind is Ms. Tsai Ing-Wen from Taiwan — being of Taiwanese descent, I would love to get her perspective as a woman president and having the ability to manage the country successfully during Covid while facing certain cultural mindsets.

In the US, Oprah Winfrey and Aileen Lee are at the top of my list. I mean who does not want to meet Oprah, but kidding aside, it would be interesting to have a lengthy conversation with her on the issues of racial division and how to have conversations gently and tactfully on how to discuss this topic widely on mainstream media. I read about Aileen many years ago. I would love to bring Silicon Valley to the East and foster talent on the East Coast. She has been vocal on the diversity challenges in Silicon Valley, and I would love to get her perspective on how to grow the business properly and organically moving forward to avoid those pitfalls.

Thank you so much for these excellent stories and insights. We wish you continued success in your great work!