TRANSCRIPT

Ken: Today, I'm pleased to host John Sirianni, founder of Quantum Cybersecurity International, or QCI. John is a deep tech CEO, founder, board advisor, and strategic innovation consultant. He has a 30-year career commercializing technology for global companies and startups, with experience spanning over 20 countries. His first decade of experience was focused on research, development, and deployment of advanced engineering systems; his second on sales and marketing for deep tech innovators; and his most recent decade on CEO roles, international corporate restructuring, and strategic advisory services related to cybersecurity in quantum innovators. John, welcome to our Digital Thread podcast.

[00:01:30]

John: Ken, being here with you today is a pleasure. You and I have been riffing together on technology, investing, and commercialization now for, I think, about ten years or so. Always, it's a true pleasure to be with you. Thank you, Ken, for hosting me today.

[00:01:44]

Ken: As you say, it's long overdue. We've known each other across your cybersecurity background and, more recently, the quantum I always thought you had this interesting, deep perspective on these areas and put them together with a very strong commercial and operational bent. It makes it interesting to describe generally complex topics to a lay audience per se, so I'm glad we finally could book some time to get you here.

[00:02:17]

John: Thank you. Long overdue.

[00:02:18]

Ken: Absolutely. You know we call this the Digital Thread podcast, so I always like to start by asking: What would you consider your digital thread?

[00:02:27]

John: Great question. The simple ones are the hard ones, aren't they? Looking back over my long career, I would say that commercializing early technology has been the common theme across most of my pretty broad experiences, specifically researching, developing, and deploying new and very raw technology into the marketplace. The enjoyment I get from portfolio and business strategy consulting, I think we're born out of that- bringing the very raw technologies to market. I would say that was the thread.

[00:02:56]

Ken: Solid one. I know you've been at the forefront of embedded computing and cybersecurity since at least 2010, so you had leadership roles at Intel, Webroot, Carrier IQ, and Techniche. If you had to summarize that time into three insights relative to Edge security, what would they be?

[00:03:17]

John:

I enjoy sharing stories, so I'd like to offer three insights resembling a historical journey. My embedded computing journey began when I was involved in business development, sales, and marketing for a small embedded systems consulting firm in my hometown of Rochester, New York, in the early 2000s. Our work involved creating custom firmware solutions for semiconductor companies and the research and development departments of major wireless imaging and aerospace corporations. During those years, I established strong connections within the global semiconductor ecosystem. In the early 2000s, few people fully grasped the concept of cybersecurity within the Edge stack or network, and Cloud architectures were starting to evolve. I encountered a handful of security-aware experts in the embedded field attempting to incorporate security into their devices. However, they often lacked the necessary tools, a compelling business case, and the time to integrate security features into their designs. Then, in 2010, as we all know, the Stuxnet worm became publicly known, and awareness that malware was being developed to target critical infrastructure became a concern across the industry. Prior to Stuxnet, original equipment manufacturers (OEMs) and operational technology (OT) operators did not perceive the need for enhanced security. This leads us to insight number one: introducing new technology into the marketplace can be exceptionally challenging without a well-known, publicized problem to solve. That's our first insight.

In 2010, I relocated to the West Coast and joined Silicon Valley, where I worked for Wind River Systems, Intel's real-time operating system division. This exceptional organization was home to brilliant and dedicated professionals. As the strategy director, I led product and solution portfolio development across the IoT, industrial, telecom, and automotive markets. As customers began to recognize the importance of enhanced security, and with new product architectures emerging to address Cloud-to-Edge connectivity, it became evident that we needed to offer an integrated design environment and provide IP solutions that could empower design teams with stronger device and network security.

I led technology scouting activities for Silicon and firmware IP acquisitions and collaborated with Intel teams. I had an incredible time during that period, Ken; I traveled extensively. Our main focus was to enhance our portfolio to address the significant concerns of our key customers. This leads me to the second insight: if your major customers prioritize security, you'll find a way to integrate new features into your offerings. Here's some advice for young product development engineers: pay attention to your sales team when they raise customer concerns. It often indicates an innovative opportunity worth exploring.

Moving on to the third point, in 2014, I joined Carrier IQ, a company operating in the emerging big data and mobile device telemetry field. Carrier IQ had developed the first petabyte-sized machine learning platform, offering diagnostic analysis to mobile network carriers, the pioneers in deploying network monitoring agent technology on consumer mobile devices. It was an advanced technology but raised concerns about data rights and privacy. This was the dawn of a new era in data security, where each participant in the ecosystem added new potential security vulnerabilities. For example, if a participant in the value chain, such as a mobile device manufacturer, fails to deploy security measures correctly, it could create vulnerabilities for others in the value chain.

Furthermore, in 2013, mobile app stores were flooded with as much malware as legitimate apps, creating confusion among customers and leading to resistance. AT&T eventually acquired Carrier IQ. The third insight: user perceptions of security significantly impact the adoption of new technology.

As a bonus insight that comes to mind, I'd like to mention my role at Webroot, a leader in the PC malware protection market for about 15 years. My task was to build the IoT and OT business unit. While excelling in consumer and SOHO markets, we needed to develop new device agent technology for OT and IoT customers. We lacked network behavior intelligence, a gap that risked our position in the market. Competition was fierce, and we needed to act quickly. We identified CyberFlow Analytics, an advanced network anomaly detection technology provider for east-west anomalous traffic detection. They had a user-friendly graphical display ideal for small enterprise accounts and MSPs. We had limited time to adopt, deploy, and monetize this technology. I was instrumental in driving the acquisition. However, Webroot underwent changes amid these developments, eventually becoming part of OpenText, which underscores the point that the time available to find and integrate new technology into a portfolio can be very short.

The fourth lesson from my experience as a CEO with the Australian-based company Techniche Group was the significance of red team cybersecurity audits. Upon joining in 2017, I realized our product hadn't undergone such an audit. We took steps to address this by bringing in cybersecurity experts to test against advanced attacks and make necessary improvements. We competed with SolarWinds, a dominant player at the time. However, they faced significant security challenges while we did not. Lesson four: engage experts to ensure your product, regardless of its nature, doesn't compromise your customers.

These insights span various domains, from commercialization and business strategy to cybersecurity. I trust this response adequately addresses your question.

[00:10:57]

Ken: It did, and then two bonuses on top of that, so thank you for that. I appreciate that. Interesting, the last one about bringing in experts around your product- it's certainly apropos. Next question: you founded QCI or Quantum Cybersecurity International at the end of 2019. What inspired you to start the company, and what is your focus?

[00:11:21]

John: Yes, here's another story. My passion for scouting cybersecurity technology is where it all began. The moment that caught my attention was when NIST, the National Institute of Standards and Technology group, initiated its post-quantum cryptographic initiative in 2016. Then, I became aware of the potential for quantum computing to disrupt the prevailing paradigm of cryptography-based security. Over the years, I've been involved in market entry consulting for innovators in blockchain and distributed technologies, allowing me to grasp the implications of this impending change. Additionally, my strong desire to commercialize new technology and build portfolios significantly influenced my inspiration.

The initial focus of QCI was to uncover new technology as it emerged from universities and then to leverage investors to combine together existing mature mid-market cybersecurity companies with new emerging tech. A group of us traveled around the world conducting technical due diligence. However, when the pandemic struck, I was in Italy, scouting security technology. It was indeed a turbulent year. Although I made it back home safely and in good health, the investment community faced its own challenges. Consequently, when we emerged from the lockdowns, I decided to pivot QCI's focus to the tactial work of commercializing emerging quantum security technologies.

Today, the QCI business model is straightforward: we provide venture development advisory services. We offer corporate development support to emerging quantum technology companies and perform due diligence services for strategic investors. We operate as a boutique firm, relying largely on word-of-mouth referrals due to our specialization. Our attention has shifted from only cybersecurity to quantum applications, quantum sensing, and quantum communications. These areas support the evolution into what I believe is on the horizon—quantum operations or Q-Ops. Over the next decade, we anticipate a transformation akin to what we are currently witnessing with the emergence of AI Ops.

[00:13:24]

Ken: You've introduced a lot of topics there, right at the end: quantum applications, sensing, communications, all converging into Q-Ops. Maybe I'm going to pull you back, leverage the fact that you've got a foot in technology and commercialization, and ask you to explain what quantum computing actually is. It's still a very nascent technology, but what exactly is it? How soon do you think it will become real?

[00:13:51]

John: Alright, fasten your seatbelts; we're diving into the world of quantum computing. I'm not a physicist but an engineer, so I'll keep things simple. We can delve deeper into this over a beer someday. Quantum computing is a nascent field, but it's built on over a century of developments in physics. Today, it's a tangible reality capable of accelerating various computational tasks. Let's start with a straightforward definition of quantum computing. Quantum computers leverage the unique properties of quantum physics to store data and perform computations. Instead of digital bits, they use quantum bits, which we call “qubits, " which operate much like nature. The real power of quantum computing lies in its ability to perform calculations at exponentially faster speeds compared to traditional computers. It harnesses quantum physics principles like superposition, interference, and entanglement to execute tasks. Traditional transistors in classical computers use binary encoding, represented by on/off states or 0s and 1s.

In contrast, qubits can exist in a superposition of states, meaning they're simultaneously in multiple states until measured, making quantum computers non-deterministic. In a quantum computer, a small number of qubits are matched up at runtime into quantum gates, and the gates are manipulated as quantum circuits; these logic gates are the building blocks of quantum circuits, just like classical logic gates are for conventional digital circuits.

Now, let's look at the development landscape. The heart of the system is referred to as a QPU (Quantum Processing Unit). Now developers of advanced systems have a new option – we had CPUs, GPUs and TPUs, and now QPUs are being added to the compute workload mix.   It's beginning to accelerate core algorithm areas like simulation, optimization, machine learning, and AI. For the past five years, we've been in the era of "small-scale noisy quantum computing architectures." During this time, universities, government labs, and major corporations have developed quantum applications on small systems. The number of developers creating quantum solutions on emulators is rapidly increasing. These developers span universities, research labs, major corporations, and various industries, from aerospace to finance and logistics. As error mitigation improves and noise levels decrease, we're witnessing a substantial performance boost. We are entering the era of hybrid quantum computing, where applications can run across CPU, GPU, and QPU workloads. We will likely remain in this era for five years before reaching near-fault tolerant systems.

Performance depends on the application. For example, IBM recently demonstrated a 127-qubit system that outperformed classical supercomputers in modeling physical systems. IBM plans to release a 1000-qubit system next year, indicating rapid advancements. Now, let's explore the key players in this field and the evolving ecosystem. Over 25 major quantum computer companies employ six primary quantum computing architectural approaches, each racing to be the most stable and usable. Different architectures excel at specific problems. Some require dilution refrigerators to run at near absolute zero temperatures, while others operate at room temperature. The major architectural approaches include quantum annealing computers, superconducting gate computers, trapped-ion computers, photonic computers, neutral atom computers, silicon spin quantum designs, and nitrogen void in diamonds for Edge quantum computing.

Quantum computing has attracted significant investments. By 2022, governments worldwide are projected to have invested over $30 billion in quantum computing development. This doesn't account for venture capital or IPOs. The stakes are high. Now, let's broaden the scope and explore additional categories in quantum technology. Quantum sensing involves using electric, magnetic, and gravitational field measurements to improve measurement tools' efficiency. It's already applied in navigation without GPS, medical imaging, underground mapping, and materials characterization. Quantum sensing innovations are expected to impact IoT, OT, and autonomous exploration significantly. Quantum sensing, combined with AI, might create awareness levels we've never seen before.

Quantum networking and quantum-resistant security are additional areas experiencing growth. Quantum entanglement, a fundamental quantum physics principle, plays a key role. Quantum Key Distribution (QKD) is used to distribute cryptographic keys securely. If someone tries to intercept or measure these keys, the entanglement is broken, and transmission halts. Although transmission rates are still low and distances covered are limited, QKD networks are operational worldwide. Providers include Toshiba and QTI in Italy.

[00:26:38]

Ken: My head is absolutely swimming now, and there are so many hooks that you gave me. I'm sorry that we only have 30 minutes for this because there are many interesting ways you can take this; I want to get into cybersecurity. I know you've worked with companies like Patero, QWERX, and their providers of quantum resistance security. What exactly is quantum resistance security, and why is it important?

[00:27:04]

John: Great topic! We've delved so deep into quantum physics that we're practically quantum physicists. The threat posed by large quantum computers is real, prompting NIST to initiate a global effort in 2016 to sponsor the development of new cryptography resistant to quantum computer attacks.

The global digital economy heavily relies on Public Key Infrastructure (PKI), a complex system involving key establishment, exchange mechanisms, certificate authorities, and root authorities. This infrastructure is based on mathematical algorithms, primarily using prime number factorization. Quantum algorithms like Shor's algorithm, proposed by Peter Shor in 1994, have the potential to break public key cryptography. Shor's algorithm, operating on a sufficiently large quantum computer, directly threatens our digital infrastructure.

Another quantum algorithm, Grover's, provides a quadratic speed-up for unstructured search tasks, further challenging our existing security systems. The implications are profound, given that our digital economy, blockchain, and cryptocurrencies all rely on the same protocols.

The need for enhanced security is evident as we venture into the fifth industrial revolution, characterized by machine interconnections and secure data transmission. But when might this quantum computing revolution occur? Estimates suggest that a quantum computer running Shor's algorithm would require well over 1200 logical, stable circuits, and some believe we're just a few short years away from that reality. Assumptions also indicate that AI and quantum AI techniques could significantly reduce the solution space. The horizon is approaching rapidly, raising questions about how to address these challenges.

Since 2016, NIST has been actively working on the issue, collaborating with various international bodies, universities, government security agencies, and private startups to develop new standards for post-quantum cryptography (PQC). A shortlist of new schemes was published in August and is open for review and comments.

Will these new post-quantum cryptographic schemes stand the test of time? That's a difficult question to answer. Some experts believe we need to transition away from algorithm-based asymmetric systems altogether and use quantum to secure quantum. This has prompted an increased focus on symmetric encryption as a long-term solution.

Symmetric approaches like Quantum Key Distribution (QKD) and quantum random number generation (QRNG) are gaining traction. Keys are not transmitted, but quantum random information is sent, and keys are generated on-demand from this information. Various schemes cater to use cases, from telecom infrastructure to lightweight Edge devices.

The secure quantum ecosystem comprises several active startups and established companies. Here's a quick rundown of a few of them:

Sandbox AQ: A Google spin-out offering a crypto-agile security suite.

Arqit: Based in London, provides a Cloud-delivered Symmetric Key Agreement Platform, which is applied to digital trade instruments.

Patero: Offers a hybrid post-quantum cryptographic solution optimized for critical infrastructure.

Quantropi: Located in Ottawa, Canada, it provides quantum-proof communications for telecom networks, lightweight Edge devices, and IT infrastructure.

QuSecure: Specializes in high-end solutions for government and defense.

PQShield: Based in London, provides consulting on cryptographic primitives and custom hardware and software solutions for various applications.

QWERX: A startup from Virginia offering a symmetric approach, is ideal for securing the DevOps perimeter against external attacks.

[00:32:49]

Ken: I understand why this is a critical concern for many. It's downright scary when you think that you're only a couple of years from being able to decrypt just about anything. I can understand why your services are in great demand. I wish we had more time for this call, but let me just take it to the point. How can somebody find out more about your company, Quantum Security International?

[00:33:17]

John: Very simply, just reach out to me on LinkedIn. We are going through a business model evolution, website, and other things. LinkedIn is the easiest way; just reach out.

[00:33:28]

Ken: Perfect. In closing, I always like to ask: where do you find your inspiration?

[00:33:34]

John: I read a lot, Ken. I attend conferences, and consulting and other activities allow me to constantly talk to end customers. This helps with context-technology to the usability of technology. It's first getting vision and clarity. Sometimes, I just walk in nature. I love to listen to music. Cycling in the mountains is a passion of mine. To relax, I play classical and Spanish guitar. Now, “play” might be a bit of an extrapolation of my skill, but it's relaxing. That's where I get most of my inspiration. This summer, I finished up a nice read. For those wanting to get deep into quantum, Dr. Amit Goswami's seminal book in the late 90s, "The Self-Aware Universe: How Consciousness Creates the Material World," is very interesting. Dr. Goswami has a PhD in Quantum Mechanics. As a physicist, he provides a clear explanation of quantum physics and a wonderfully articulated synthesis of science and spirituality. It’s very readable, and there are no equations in it. It's a nice read; it's very inspirational.

[00:34:42]

Ken: It sounds to me like your personal inspiration is a counterbalance to your heavy focus on theory and application of very complex quantum topics. Again, I wish we had more time, John. It really has been a great conversation, and I look forward to, hopefully, being able to do more of this in the future in terms of deep dives.

[00:35:03]

John: I enjoyed it, Ken. Thank you for giving me the platform to riff on this subject. It's an exciting area. Love the work you and your team are doing and look forward to staying in touch.

[00:35:14]

Ken: Absolutely, thank you so much. This has been John Sirianni, founder of Quantum Cybersecurity International. Thank you for listening, and please join us for the next episode of our Digital Thread podcast series. We wish you a momentous day. You've been listening to the Momenta Digital Thread podcast series. We hope you've enjoyed the discussion, and as always, we welcome your comments and suggestions. Please check our website at momenta.one for archived versions of podcasts, as well as resources to help with your digital industry journey. Thank you for listening.

[The End]