Visionary

Mikko Hyppönen is considered one of the world’s foremost cybersecurity experts. He is known for his work on IoT security, where he coined the term “The Hyppönen law”. Currently he is working as Chief Research Officer at Withsecure and as Principal Research Advisor at F Secure. He has lectured at the universities of Stanford and Oxford and is a regular contributor to the New York Times, the Wall Street Journal and Scientific American. He was named among the 50 most influential people on the web by PC World Magazine and listed in the FP Global 100 Thought Leaders list. He speaks regularly at conferences such as Black Hat, DEF CON, HackInTheBox, OWASP, RSA, SOURCE, Security BSides Las Vegas and Shmoocon. He has advised companies such as Microsoft, Facebook, HPE, Google, Huawei, Dell and Cisco. He also advises governments around the globe including the United States, Canada, China, Japan, South Korea, Taiwan, Russia and Saudi Arabia.

Mikko serves as Chairman on a number of industry organizations such as the Electronic Frontier Foundation (EFF), Digital Citizens Alliance (DCA) and Internet Archive. He is also a member of the board of directors of the International Association for Cryptologic Research (IACR).

He sits down with us to chat about his background, the internet, the future of the web and what advice he would give to aspiring security professionals.

TIMESTAMPS
0:03:41 – Background/ Experience
0:07:10 – The Internet: A Passion
0:08:59 – The Impact of the Internet on Crime
0:11:01 – The Impact of Technology on Law Enforcement
0:13:43 – The Impact of Strong Encryption on Privacy and Security
0:15:19 – The Use of Technology in Criminal Activity
0:17:19 – The Impact of AI on Cybersecurity
0:19:03 – The Benefits and Risks of Investing in Cryptocurrency
0:22:05 – The Future of NFTs: A Conversation with an Expert
0:25:02 – The Importance of Blockchain Technologies
0:28:49 – History of Malware
0:32:33 – The Evolution of Ransomware: From Viruses to Double Extortion
0:34:19 – The Importance of Specialization in the Cybersecurity Field
0:37:29 – The Importance of Being Proactive

SYMLINKS
Mikko Hyppönen – Website
Mikko Hyppönen – Wikipedia
Mikko – Twitter
Mikko – LinkedIn
PCWORLD – The 50 most important people on the Web
WithSecure
TED talks
If it’s Smart, It’s Vulnerable
Liberty or Death | Helsinki Finland
ARKADE BAR | Helsinki Finland
Bar Chaplin | Helsinki Finland
Logan Arcade | Chicago IL

DRINK INSTRUCTION

EPISODE SPONSOR
Center For Internet Security (CIS)

CONNECT WITH US
http://www.barcodesecurity.com
Become a Sponsor
Follow us on LinkedIn
Tweet us at @BarCodeSecurity
Email us at info@barcodesecurity.com

This episode has been automatically transcribed by AI, please excuse any typos or grammatical errors.

Chris: Mikko Hyppönen, CRO at WithSecure, is a global security expert, speaker and author who has written on his research for the New York Times, wired and Scientific American. He’s lectured at Oxford, Stanford, and Harvard, and additionally keynoted BlackHat, Defcon and Rubicon. Also, amongst his accomplishments are giving a TED Talk in 2011 and being featured in the 50 Best People on the Internet list by PC World Magazine.

Chris: Mikko, it’s an honor. Thanks for stopping by BarCode man. If you don’t mind, tell me about yourself and your background. I would love to hear how your interest in security evolved into what it is today.

Mikko: I started my computing career by programming Commodore 64. I started commercially selling my first programs when I was 17 years old.

Mikko: These were like speed loaders for Commodore floppy drives and things like that, which. Gave me the low level skills I would need a couple of year later when I joined this small Helsinki based startup in Finland, which is my home country. And this company ended up doing things related to early MSS viruses.

Mikko: And someone needed to be able to decode and reverse engineer those samples. And since I knew assembly, No game coding and turbo order coding I used to do on those home computers. I took a crack at it and I was pretty good at it. And. Turns out 31 years later, I’m still working at the same company. Today, the company has evolved from a small startup to right now we have 1300 people in 25 countries around the world.

Mikko: And today the company’s called WithSecure. My job is the Chief research Officer, and I spent big part of my time trucking Russian crime gangs and trying to figure out where the various attacks are coming from. That’s what I’ve been doing all my life.

Chris: So what would you say has kept your passion alive over the years?

Chris: You’ve been with the same company, so do you feel like it’s the constant evolution of our industry, or what exactly keeps you going?

Mikko: I haven’t had a boring day yet. Why would I change anything as long as I’m enjoying it. And I remember as a small kid, I always told everybody that when I grow up, I want to be a doctor.

Mikko: And they would ask me, Mikko, why do you want to be a doctor? And I would answer that. I want to help other people. I want to help people. That’s what I wanna do. I didn’t become a doctor, but I guess I became some kind of a. I dunno. A virus doctor or whatever. I am using the skills that I have to help other people one way or another.

Mikko: That’s what I’m doing. Not in medical capacity but something to do with our security online today. And that’s important. People come to us with very concrete please for help and when we can help them, it feels good. That’s the gist of it.

Chris: So let’s talk about the internet which is a passion of yours.

Chris: And as we both know, as the internet has evolved over the years, it’s just become a gold mine for personal identification of others. Who someone is, where they are, their likes, dislikes. It’s a digital DNA in a way. And taking advantage of that capability is not only personal users, but it’s also law enforce.

Chris: and other Intel agencies as well. So typically we don’t see inside the operational side of that. Can you talk us through your perspective on their approach, the advantages and the intel that those agencies gather and how it’s used?

Mikko: Internet has become the best and the worst thing changing our lives.

Mikko: Right now. We are living in the middle of massive revolution. It’s so big, it’s hard for even us to see how big it is, but we will forever be remembered as the first generations in mankind’s history who are living. This has never happened before and that’s why it’s so complex and that’s why it brings us so many great benefits and so many great new risks.

Mikko: And all of these changes really are about. Geography disappearing. That’s what internet does. It deletes geography. Geography used to matter. Distances used to matter, borders used to matter. Then internet comes around and suddenly it’s no longer relevant. You can run your company online. It can operate anywhere on the planet which is great.

Mikko: And we get all these great communication benefits and all these great new types of entertainment, but at the same. We get all these new risks. One data point I often use to illustrate this is that here in my home country, which is tiny, we have 5 million people living in Finland. 30 years ago, which is before the internet, we had around 120 bank robberies a year.

Mikko: So twice a week, someone somewhere in Finland took a gun and went to a bank to steal cash. The last time we had a bank robbery like that was 12 years ago. They are no longer a thing because. Banks when digital, which means physical banks disappeared, and a few banks, we still have left. They don’t have any cash, which means the bank robbers had to digitalize their work as well.

Mikko: Of course, we still have bank robbers. They’re not just real world bank robbers. They use banking Trojans, or they use BEC scams or they use key loggers to steal credit card numbers, or they break into cryptocurrency exchanges to steal money from there. So everything is becoming digital. And the difference between the bank robbers of 1992 and the bank robbers of 2022 is that the bank robbers 30 years ago were Robb their own bank.

Mikko: They were Robb, the bank in their own town or in their own city. They were local. They were from the 10 mile radius of the bank, which was getting robbed. And today when we see these crimes happening, the criminals could be from anywhere on the planet, literary from the other side of the planet, because geography no longer matters.

Chris: Yeah. It erases the boundary lines of crime. When we talk about law enforcement and Intel agencies, does that then help in a way to identify individuals or does it make it more difficult for them?

Mikko: Once again, it’s the best thing and the worst thing. I worked with law enforcement for, decades in various cases, and it sometimes it’s a bit.

Mikko: Schizophrenic because the very same cops that I work with try to catch criminal hackers are always, are also themselves using offensive tools to be able to investigate crimes, which is problematic by itself because sometimes they investigate innocent people and those innocent people might be using security products to protect themselves, so they would expect to be protected against law enforcement malware, which is something we do, which is, it’s a bit split.

Mikko: It’s a bit weird. One thing which really has changed in the world of law enforcement and in forensic investigations is that it only used to be cybercrime, like when a criminal hacker was caught, then the experts working in law enforcement would do forensic examination of the computers to try to get evidence today.

Mikko: My, my contact at law enforcement tell me that almost any crime involves investigating forensic evidence from computers and from tablet and from phones. And of course it does because our phones tell where we were at certain hours of certain days. And our Google history tells exactly what we were thinking at any time of the day.

Mikko: And, Like I said, it’s not just cybercrime. It’s like a car theft gets investigated. They will do forensic examination of the suspect’s, computers. There’s a murder case. They will do a forensic examination of the computers and phones of course, and murderers actually make Google searches for things like, how do I hide the murder weapon?

Mikko: That’s what they actually search for. That’s how open we are with any deep and troubling questions we might have. The first place we go is. In good and bad. That’s where we go and it tells whoever looks at the data exactly who we are and exactly what we think.

Chris: Yeah. It’s like second nature, I need to look something up.

Chris: I’m going straight to Google, and you don’t think about it,

Mikko: Or  if you have health problems, before you ask anyone else, you ask Google. You ask a company in California before you ask your spouse..

Chris: Yeah. It’s scary and no matter what device you’re on now, it all reroutes to you

Mikko: yeah. But it’s also true that we might also have better technologies to protect ourselves than ever before. Over the last 10 years, end to end, strong encryption has become a much more common thing which is great. And at the same time, it’s awful. It’s great when you and I use it because we get better privacy.

Mikko: It’s awful when extremists or terrorists, or, I dunno, school shooters use it to hide whatever they’re planning or thinking. But the thing about technology innovations, Is that when we invent something, we cannot reinvent it. We cannot make it go away. The best thing we can do is to make it illegal to use some technologies.

Mikko: And that’s problematic because if it tried to somehow curtail criminals the thing criminals do, the thing that makes them criminals is that they break laws. So if we pass a law that you must not use this technology, then you and me, law abiding citizens, we will follow the law. Who doesn’t follow the law?

Mikko: The criminals don’t follow the law. That’s the problem. So when we’ll try to make things like using strong encryption that, maybe we shouldn’t be using this because then criminals can hide what they’re doing. That won’t change a thing for criminals, but it would make our privacy and our security worse.

Mikko: And that’s what I mean by not being able to uninvent things. Yeah. You can walk into any library anywhere in the world and you will be able to lend out a book about computer science, which will tell you exactly how to implement strong encryption algorithms. We cannot make this information go away.

Mikko: So it’s that, that’s the problem. Once it’s invented, we’ll never get rid.

Chris: Yeah. Do you feel like attackers are savvy enough though, to keep up with that? Or is it still a, let’s take a shot in the dark and see if we hit a target type approach?

Mikko: It depends. I’m regularly impressed by, Fast moving, innovative things some criminals are able to do.

Mikko: I’ll give you an example. The first time I heard about Bitcoin, which was invented in 2009, was in 2011. And the way I first heard about it, Was that here in our labs we have a reverse engineering, a malware sample, which had this really weird botnet technology where it was connecting to this blockchain and doing something on these infected home computers.

Mikko: And of course it was mining coins in 2011. Think about that. The first stop I follow technology. I’m pretty up to speed on what’s happening. I hadn’t heard about Bitcoin at all. The first time I heard about it was already malicious use of bitcoin. Someone using someone else’s computers to mine for coins in late 2011 or somewhere around there.

Mikko: That’s a very early adopter. And you have to give them credit that, they are. Up to speed and they are using the opportunities they have to make money for themselves. Of course, it’s not always that easy for the bad actors and the criminals to use new technology. One thing which we are waiting right now to happen, which still hasn’t happened, is for the malware orders.

Mikko: And mal. Ransomware gangs or other organized criminal gangs to start to move the management and the operations of their malware campaigns to be fully automated with machine learning, which wouldn’t be very hard to do. And we’ve Been held holding our breath that it’s gonna happen any time.

Mikko: And it still hasn’t happened, but it will be happening soon. And what I mean by that is that right now the defenders companies which built which block Online attacks and block exploits or Block malware Block runs, aware all of them, including our company we are working at computer speed, everything has been automated.

Mikko: We run all these fancy systems with honey nets and honey pots collecting new exploit and samples. We import them automatically. We run them in our virtual environment automatically. We make cross references. We figure out if it’s good or bad. If it’s bad, we build detection. We test detection. We deploy detection at very fast pace because it’s all machines.

Mikko: There’s no humans doing any of this. The def, the defenders are fast, but the attack. Are still reacting to our work at human speed. They see that their male’s website is blocked, so they register a new website, create new content. They see that their emails, which with malicious links are blocked. So they rewrite new emails, create new addresses.

Mikko: They see that the binary, let’s say it’s ransomware, windows etc., they see that’s getting blocked, so they recompile add a new layer of obfuscation, re, whatever to hide it. That’s human speed. We know it’s human speed because it’s slow. When they go to fully automated processes, when they go to machine learning frameworks, it’s gonna be machine speed against machine speed, and that hasn’t happened yet, but it’s gonna happen anytime soon.

Mikko: And that’s a bit worrying. And then we will see just how good the AI systems built by defenders are. Once we have AI against ai, that’s scary. It’s gonna happen in the next 12 to 24 months. Watch my words. And if it doesn’t happen, never mind. .

Chris: So you mentioned Bitcoin, and I want to hit on that for a moment because you do speak to the topic of digital currency in your new book.

Chris: If it’s smart, it’s vulnerable. . And it’s fascinating because not only does it continue to just keep pushing mainstream I have a Bitcoin ATM down the street from me, by the way. But you also see the use cases that the underlying blockchain technology provide now, like NFT, which I’m still trying to understand the value there.

Chris: And I have a question for you on NFT specifically in a moment, but Sure. Thoughts on cryptocurrency. Is this possible to invest in preserve capital and grow your assets? Or is it just too volatile to trust at this point?

Mikko: It is very early times for all of these blockchain applications, including cryptocurrencies.

Mikko: Of course I’m not recommending anybody to put their money into cryptocurrencies. They are indeed very volatile. There’s gonna be big changes. Having said that, I do believe that the blockchain innovation in itself, Is a major innovation and there will be major things coming out of it. I just don’t think we’ve seen the true potential there.

Mikko: And the way I can almost always tell. That an innovation is, a major innovation is that when you explain the innovation to someone else, it seems pretty obvious. And blockchain, if you just look at the original Bitcoin blockchain by Satoshi Nakamoto 2008 2009, you can explain it to someone in a sentence.

Mikko: This is a system which builds a ledger where every transaction is public forever and unchangeable forever. That’s it. And when you say it like that, it’s That’s it. But that’s pretty obvious. Yes, you’re right. It’s pretty obvious, but it wasn’t obvious before it was invented. So that’s how, it’s pretty big deal and sure if you have a ledger where every transaction is public forever and unchangeable forever, maybe one of the first things that comes to your mind is that you can use this to move value around.

Mikko: Like you can use a currency based on this, but that’s, Just scratching the surface, there’s so many things you can do with it which have nothing to do with money. Yeah, indeed. Tracking real world things and how they move around. For example, if you buy a piece of fine art, next time you’re buying a Picasso for example, I don’t know how often you do that, but next time you buy a Picasso, there could be.

Mikko: Public blockchain, just tracking where that piece of art should be right now. So you know, you won’t be buying a fake copy, things like that. So a public ledger, which cannot be changed by people. Or let’s say having your land records in your country stored in a public blockchain so you would know exactly who owns a piece of land.

Mikko: There are things which have nothing to do with money, which you can, which we can use blockchain for. Yeah. Yeah, I agree. It’s very early days. This is a brand new innovation. In 20 years, we’ll see much more exciting things using these technologies.

Chris: So NFT has just taken over. I’m curious what your thought is on the future of not only NFT but NFT capabilities.

Chris: Do you see a world where NFT eventually extends beyond digital art? And we can use NFT for. Blueprints or even non imagery like software or, concepts, ideas. I see how it could easily become the next level copyright.

Mikko: I was in a meeting last year and I met an old friend and he had just released a book by himself.

Mikko: My book came out a couple of months later, but he had brand new book out and we spoke about the book. Then during a break, I actually took out my iPad and I bought his, From Apple Books, so I had his brand new book on my iPad. We were sitting right next to each other and I would have loved to have him sign my book, but how the hell does he sign it when it’s on my iPad?

Mikko: I think these one of the perfect examples of where you might be able to use NFT Technologies in the future. Nobody’s just built it yet. Sure. Collecting virtual collection cards or whatever. Art. Sure. Maybe some people like to do that, or maybe people like to collect things inside games, which are then hooked to NFTs.

Mikko: But I’d like to be able to, if I meet a famous artist, maybe he could sign a song on my Spotify playlist. If I have a book in my Kindle, maybe someone could sign that. And you could take this much further, since NFTs are examples of programmable. Programmable finance. Imagine that you are in a live concert for, I don’t know, guns and roses, and during the concert, Axle Rose tells everybody to take out their phone because they’re gonna sign the next song on your Spotify playlist and only the people in the audience will get it signed.

Mikko: And then no, because it’s now more valuable to you because you were there when this happened. And not only it’s more valuable to you, but it might also actually gain collectible value later. So it might be that you might be able to sell that copy of the song later, and since it’s programmable system, the band could get a cut of that resale that you might be doing years later, or for that copy of the song.

Mikko: So the idea that we can add like pro crumble properties, To pieces of creation is powerful. And again, very early days, there might be things that will totally change the way we think about ownership and value.

Chris: And it’s so ironic that you mentioned that because not long ago I attended a World Series game and it’s a pretty significant sporting. After the game, I got a I got an email that contained a commemorative NFT version of my exact ticket. Same section, same row, same seat number. And I don’t know how I’m gonna use it yet, but I thought it was cool.

Mikko: But there is something in there.

Mikko: There is something in there. We might not fully understand what we can use these technologies for, but there’s something in there. There’s tons of problems to be solved. And of course one of the things which we are solving right now is the energy usage, which is, has been really bad. But of course it’s now getting much, much better.

Mikko: Cause we don’t want to be using blockchain technologies, which will destroy the earth, but, that’s a problem, which is solvable.

Chris: Yeah, I think so too. So being on the front line of security research for over 30 years with a solid understanding of the vulnerabilities that surround all of us with internet connectivity specifically, what is the view of the internet through your lens?

Chris: As it stands today, obviously it has changed the world’s view of technology. It’s changed people’s lives over the years, but I’m curious, do you feel like we are progressing in a positive direction moving forward, and what do you envision as the next wave of the internet when you look at ai, the metaverse, and other cutting edge emerging technology.

Mikko: The importance of this revolution is as big as the revolution of electricity. Most cities around the world got their first electric grid around 150 years ago. During these 150 years, electricity has become mandatory. Modern societies will not carry on without electricity. That’s why we rarely have blackout, and when we do have blackouts, they’re very short.

Mikko: But if you imagine something more drastic like a solar storm, which would cut electricity for a decade, it’s easy to see that. We wouldn’t all. Our societies wouldn’t be able to feed all the people. We wouldn’t be able to communicate, we wouldn’t be able to move around. Only the people who could create their own food would be able to carry on normally.

Mikko: And that’s exactly the same kind of thing we’re doing right now with connectivity. Connectivity will become exactly as necessary as electricity. It’s not there. But it will be right now if internet goes down it’s mostly just very expensive and it’s painful, it’s a nuisance. But our society wouldn’t stop.

Mikko: We would still be able to make food. We would still be able to travel around things like that. But in 20 years, 30 years, I think it’s gonna be different. It’s gonna be shutting down our societies just. Shutting down electricity will shut down our society. And I’m not saying that we shouldn’t be embracing this new technology because clearly our great grandfathers made the right choice 150 years ago by embracing electricity.

Mikko: The upsides we’ve got gotten from electricity have been much, much bigger than the fact that we are now reliant on electricity. Exactly. In the same way. We should be embracing connectivity. But we should understand the responsibility we have because we will be making this decision and it will become mandatory for all future generations.

Mikko: And it’s happening right now. It is happening during our generations and as everything goes online. Because of IoT technologies and factories being moved to run on over the internet because of OT technologies and everything else. One day there will be a day where a cut. Internet connectivity will actually cut electricity because right now it’s obviously the other way around.

Mikko: Routers don’t work without electricity. What I’m saying is that one day an internet cut will cut power. And I know it sounds crazy, but when it happens, remember that Mikko said it, and if it doesn’t happen, then nevermind.

Chris: I love that. I love that. If it doesn’t happen, nevermind. I’m gonna add that to my email signature.

Chris: All right, so let me ask you this then, and all of your research and everything that you have predicted like that, what element has surprised you the most or has been the most unexpected or shocking revelation for you?

Mikko: I’ve been in the industry for so long that we already got used to the fact that criminal hackers had no real motive.

Mikko: For what they were doing. I did my first malware analysis in 1991. This was still the floppy era. For years and years when we caught malware riders or virus riders, they were teenage boys. That’s what they always were. Teenage boys. Teenage boys. And we asked them, why did you do it? And they had no reason.

Mikko: For fun, for excitement, for a challenge because they wanted to destroy something. Maybe also, funnily enough, they were also always boys. We never caught girls, and I always figured that girls were too clever that they weren’t getting caught. I’m sure they were riding viruses as well, but they just didn’t get caught.

Mikko: . So I was really surprised when we started then seeing around 2003, 2004, that some people were starting to make money. With malware. And of course now it’s almost funny to think about that because of course now all the malware riding, almost everything is done for money. All the ransomware attacks, all the Trojans stealing money is from money from bank or online stores.

Mikko: Everything is about money except nation state. So which is then different problem. But practically all of the malware creation and exploit are about stealing money. But that’s not such a, That doesn’t have such a long history started 20 years ago, and initially it started with spammers cooperating with botnet masters because they needed computers from which they could send emails spam, because their own servers were blacklisted and started paying money to mal rider who had large botnets.

Mikko: And that’s how it all started changing. I still remember when we found the first one fi was the first piece of model we found, which was sending spam. We realized that it had this SOX proxy embedded, but we couldn’t figure out why. So we infected some test systems and let them sit on the internet to see what they’re being used for.

Mikko: We figured that someone is gonna reroute I don’t know, talent or SSH hacking attempts through infected computers to hide their tracks. We were really surprised when we started seeing traffic going over port 25, so SMTP traffic, and then we looked at the traffic, it was email and it was via spam by the million and then we realized that holy hell, these guys are using viruses to send spam to make money.

Mikko: Oh my god. That was 20 years ago, but that was a massive change and everything really shifted on its head because of that shift in, in demo motives of the Marvel riders.

Chris: Gotcha. Yeah. Yeah. Money changes everything, right? Oh yeah. I remember the shift from, a straight computer virus to computer virus plus ransom, right?

Chris: And that was like, another invention where it’s why hasn’t this been done yet? And then, once you realize. It’s here to stay.

Mikko: That’s right. The big innovation around ransomware really was. Since online criminals for at least a decade before that were making money by stealing valuable information and then selling that information to the highest bidder.

Mikko: The real innovation here was that they figured out that in many cases, the highest bidder is the original owner of the information. Steal the information, then we sell it back to whoever had the information in the first place, that’s what ransomware did. Now, of course, ransomware has evolved to these double extortion techniques where they not only steal the information, not only encrypt the information, they also steal the information and will leak the information if you don’t pay the ransom.

Mikko: But the original idea is very simple, steal information and send it to the highest bid.

Chris: I hate to say it’s genius, but it’s genius.

Mikko: And we have to remember malware ran over. Malware was a thing before Bitcoin. They tried collecting the ransom with virtual credit cards and things like that and vouchers and various kind of things.

Mikko: But it really wasn’t working very well for the criminals. It was far too easy to track down where the money went. But then when ransomware and Bitcoin merged, the idea merged, then that exploded. Crypto War was the first one, which actually used that, and it became huge, very.

Chris: If anyone listening right now is looking to get into the cybersecurity field with no discipline in mind, because as we know now, you can go in many different directions.

Chris: Looking at where we are today in society and where you believe we’re going, what direction would you point them in and say, look, this is the one area that will just continue to evolve and be relevant for us as security professionals.

Mikko: That’s a hard one. I would much rather recommend for people to figure out what they are interested in, what they’re passionate about what they want to do.

Mikko: As you said, there’s so many areas within security are you interested in auditing code? Are you interested in pen testing? Are you interested in smart contract security? Are you interested in malware analysis? Figure. What you’re interested in. Pick a niche as narrow niche as possible and then go all in that niche.

Mikko: You want to be one of the best in that niche, and it doesn’t matter how narrow the niche is. If you are one of the best in that niche, you will always have a great paying job. You could. One of the best in the world in auditing, I don’t know, red Forest Security for Microsoft Exchange 365, which is a fairly narrow thing to be, but there’s always gonna be need for that.

Mikko: And if you’re one of the best, you’ll always have a great job right there. Find the area that you’re interested in and then go all in. Great. My late mother Raha, she actually sat me down on the kitchen table in 1986 when I was 16. I was born in the 1960s. And she told me that Mikko, When you finish high school, you should go and study telecommunications because telecommunications is the future.

Mikko: Think about that. This is 1980s. This is way before the web, the internet way before mobile phones or any of that. She really did see the future, and I’m really happy I had a chance to, tell her before she passed away. That Mom, that was a very nice call. I’m really happy I listened to you in 1986.

Chris: I See where you got your visionary skill from.

Mikko: She started working with computers already in the 1960s, so she saw the future. I’m here because of her.

Chris: Yeah, I was in high school in the mid-nineties and, I realized then that I wanted to get into computers and ultimately into IT.

Chris: And it was just knowing that the technology won’t stop, the technology won’t go away, it’s just gonna become more relevant.

Mikko: Yep. Yep. And it’s not easy to see the future. Cause I remember early on in this company we weren’t doing only security. We were doing various kinds of things. We, for example, we had our own CRM database product, which we were building.

Mikko: And we thought that’s the future, like that’s the big ticket for us to go global and, really grow. But at the same time, we already had an early antivirus product and we were like, Confident that this virus problem will go away. Microsoft will fix this. Like they, they will somehow come up with a new operating system which will not have this problem.

Mikko: Or they come up with their own solution and they’re gonna take away the business from anyone else. So we did like the minimum amount of investment into this anti-virus business, which was then basically funding everything else we were doing. And that lasted for many years until we finally like, The penny dropped and this isn’t going to go away.

Mikko: They will not be able to fix this. This is here to stay. There’s business in this. And we actually then got rid of everything else and went all in, in security in the late 1990s. And that’s when we renamed the company to F Secure. Originally we had a different name and we were doing all kinds of things.

Mikko: Then we became F Secure. And then later this year, or early this year, we split the company into consumer and business companies. So we became F Secure. And With Secure. And With Secure is where I work today.

Chris: Awesome. And a lot of these topics that we discussed today are discussed in more depth in your new book.

Chris: If it’s smart, it’s vulnerable. Where can our listeners find that book and where can our listeners find you and connect with you online?

Mikko: Sure. So the book was published by Wiley in August. I actually had the book launch during BlackHat in Vegas, which was great. We had a big party at Luxor. It’s published by Wiley, available everywhere, so you can get it from amazon.com and it’s actually, I walked into a local bar and nobles in Henderson, Nevada, and they actually had it on shelves, which was. Which is was, I’m really happy it’s available. It’s also available in libraries around the world.

Mikko: I did a global library research and people can just, you don’t have to buy it. You can actually get it from libraries nowadays. It’s also available on Audible read by a great reader, rich Miller, who read the book and also available as e-book. And to find the book and to find me, you can just go to my homepage.

Mikko: My name is Mikko. My homepage is mikko.com. That’s M I K O dot com.

Chris: Nice. I can’t remember the last time I walked into a Barnes and Noble, but now I’m gonna walk into my local Barnes and Noble and I’ll look for your book and I’ll let you know.

Mikko: All right. If you do, post me a picture, if you see it there.

Chris: I will. And then I guess I’ll have to wait for the NFT version to get a signed copy.

Mikko: Or maybe next BlackHat.

Chris: or Next Black Hat. Yeah, for sure. So geographically, Mikko, you mentioned you’re in Finland, where exactly in Finland?

Mikko: Helsinki, that’s the capital.

Chris: Okay. So I imagine that there are some good bars there.

Chris: If I came in from outta town, what’s a good bar or a unique bar that you would direct me to?

Mikko: Funnily enough, I don’t drink myself, but I know couple of great places here that my friends recommend to me. The best cocktail bar apparently in Helsinki is a place called Liberty or death.

Mikko: Apparently has very good cocktails. I, that’s where I would point you to go get your taste off the local scene when I go to a bar. Here in Helsinki, or actually anywhere I travel, what I’m always looking for is Barcades because I’m big into retro gaming, especially into pinballs. So there’s a couple of good places here in Helsinki, a place called Lou Sister, like Lou’s sister, which has always the latest pinballs in town.

Mikko: Another one very downtown called Chaplain. And maybe my favorite park. Everywhere in the world is actually in Chicago, a place called Logan Arcade. So shout out to Logan and also to my good friend Dead Flip Jack Danger.

Chris: Love it, man.

Chris: I’m a fan of Barcades also. So I just heard last call here. You got time for one more? If you opened a cybersecurity theme bar, what would the name be and what would your signature drink be called?

Mikko: The name is easy. The name of the bar would be Press Space Bar. Of course. Now the signature drink; when I fly I typically fly the Finnish flagship airline, and they always serve blueberry juice on the plane.

Mikko: So my, what I always order on thinner is blueberry juice with tonic and with lemon and a lot of ice. My signature drink in the bar probably would have to be a variation there. It would be, instead of blueberry juice, I would put in raspberry juice and I would call the signature drink Raspberry Pi. And if there would be food in my bar, there would be fish and chips, and fish would be spelled with “PH”.

Chris: You put some thought into this.

Mikko: I try, man. I try.

Chris: Thanks for stopping by Mikko. This was an amazing conversation, man. I appreciate the knowledge and yeah, everyone go pick up a copy of, if it’s smart, it’s vulnerable at your local, Barnes and Noble online, wherever you get your books from. Again, I appreciate you, man.

Mikko: Thanks, Chris. Thanks for having me.

To top