Shows
Modern Cyber with Jeremy SnyderMikko Hypponen of WithSecureIn this special in-person episode of Modern Cyber, Jeremy sits down with cybersecurity icon Mikko Hypponen at RSA Conference 2025 in San Francisco. Surrounded by the energy of the industry’s biggest event, the conversation dives into the current state of AI in security, LLMs discovering vulnerabilities, and the emerging threat of AI-powered ransomware gangs. Mikko also shares insights on geopolitics in cybersecurity—from North Korean developer infiltration to Russian ransomware operations—and reflects on Europe’s shifting trust in U.S. tech. This episode blends deep technical insight with broader industry trends and personal reflections, recorded steps away from the Mosc...2025-05-0831 min
Modern Cyber with Jeremy SnyderMikko Hypponen of WithSecure at the Museum of Malware ArtWatch the video for this episode here: https://www.firetail.io/modern-cyber-podcast/episode-42-mikko-hypponen-at-the-museum-of-malware-artIn this episode of Modern Cyber, Jeremy travels to Helsinki, Finland to meet with cybersecurity legend Mikko Hypponen for a personal tour of WithSecure's Museum of Malware Art. Mikko takes Jeremy on an exclusive curator’s tour of the museum, showcasing the intersection of malware history, art, and technology. Explore stunning exhibits like sculptures inspired by infamous ransomware, interactive malware simulations, and visualized outbreaks of iconic viruses such as Love Letter and Melissa. Hear Mikko’s insights on the evolution of malw...2025-01-0930 min
Uudistajat2. Show Interest in People’s Experiences in Times of Change – Guest Charlotte Guillou, WithSecureIn this episode, we explore questions such as: How can organizations support human-centered renewal? How can the root causes of resistance to change be identified and understood? And how can leaders help people adapt to a new direction? The expert guest for this episode is WithSecure’s Chief People Officer, Charlotte Guillou, who has nearly 20 years of experience in corporate renewal and development initiatives. At WithSecure, Charlotte has led a multi-year transformation aimed at aligning values, leadership principles, and culture to support the organization's growth goals and strategic changes.
Satu references the following research in the discussion:
Ha...2024-12-1230 min
EcoTech InsightsSustainability: Building a Safer, Greener Cyber World - Leszek Tasiemski, WithSecureJoin Bonnie Schneider in an enlightening conversation with Leszek Tasiemski, the VP of product management at WithSecure, as they explore the innovative W/Sustainability program. Uncover how WithSecure's sustainability efforts embed transparency and environmental responsibility, creating a safer, greener digital world within the cybersecurity industry.
2024-06-1715 min
InderesSijoitusprofiili: WithSecureWithSecure profiloituu kilpailukentässä merkittäväksi eurooppalaiseksi vaihtoehdoksi amerikkalaispainotteista pääkilpailijajoukkoa vastaan. Yhtiö on käynyt läpi isoja muutoksia, kun strategiaa on terävöitetty ja kustannusrakennettta sopeutettu. Strategian selkeyttäminen sai sinetin vuonna 2022, jolloin kuluttajatietoturvaliiketoiminta (nykyinen F-Secure) jakautui omaksi itsenäiseksi pörssiyhtiöksi.
Uusi laaja raportti on vapaasti ladattavissa osoitteessa: https://www.inderes.fi/research/withsecure-laaja-raportti-yritystietoturvan-eurooppalainen-vaihtoehto
Audioartikkelin tekijä: Mikael Maijala, Inderes
Alkuperäinen analyysi: Atte Riikola, Inderes2024-05-3102 min
Tech Talks DailySphere 24: WithSecure’s Christine Bejerasco on Evolving Cyber Threats and Effective Security PracticesI am live from Sphere 24 in Helsinki in this special Tech Talks Daily Podcast episode. I am pleased to speak with Christine Bejerasco, the Chief Information Security Officer at WithSecure. Christine brings her extensive 20-year experience in cybersecurity to our discussion, offering a unique perspective from the CISO point of view. We dive into what makes Sphere 24 a standout event in the cybersecurity landscape. Christine shares her passion for this participant-driven unconference that brings together experts from diverse backgrounds to tackle the multifaceted challenges of cybersecurity. She emphasizes the importance of collaboration and multiculturalism, highlighting how these...2024-05-3023 minTech Talks DailyWithSecure’s Antti Koskela Talks Luminen and Co-SecurityIn this special episode of the Tech Talks Daily Podcast, I am live from the Sphere Event in Helsinki, joined by Antti Koskela, the interim CEO of WithSecure. Antti, a seasoned global software business executive, brings a strategic perspective on how midmarket companies can navigate the often enterprise-centric world of cybersecurity. During our conversation, we delve into the unique needs of midmarket firms and how WithSecure is addressing these through innovative solutions tailored specifically for them. We also explore the European approach to cybersecurity and how it shapes the strategies and offerings of WithSecure. 2024-05-2918 min
Modern Cyber with Jeremy SnyderMikko Hypponen of WithSecureIn this episode of Modern Cyber, Jeremy is at RSAC 2024 where he catches up in person with cybersecurity legend, Mikko Hypponen.Fresh from his keynote on the 'First Decade of Corporate Ransomware', Mikko talks ransomware gangs, AI, quantum computing and the role of cyber in modern conflicts. This is an episode you don't want to miss.About Mikko HypponenMikko is a cybersecurity expert, speaker and author and currently the Chief Research Officer at WithSecure. He is well known for the Hypponen Law of IoT Security: "If It's Smart, It's Vulnerable," which is...2024-05-1639 min
Cyber Security Sauna086| Why showing value is more important for CISOs than everCISOs find themselves at the forefront of safeguarding sensitive information, ensuring regulatory compliance, and protecting their organizations from constantly evolving cyber risks. Today, we are joined by Cybersecurity Strategist and Eclipz.io Inc. CISO Matthew Rosenquist and WithSecure CISO Christine Bejerasco to discuss why making senior leadership and the board clear on the value that CISOs bring to the table. 2024-01-0338 minCyber Security Sauna085| NIST Cyber Security Framework V.2 – Help or Hindrance?The NIST Cyber Security Framework has helped secure organizations for nearly a decade and while it’s proven to be an invaluable tool, it’s gotten a bit long in the tooth for a cyber security landscape that never stays static. Enter V.2 which goes a long way in identifying the increasing cyber risk in organizations and implementing more governance, oversight and senior leadership accountability. For this episode we were joined by very special guest Cybersecurity Strategist and Eclipz.io Inc. CISO, Matthew Rosenquist, and WithSecure CISO Christine Bejerasco to discuss if the new framework will be enoug...2023-11-2244 minCyber Security Sauna084| Let's Talk About Threats BabyA successful cyber defense should protect an organization's critical assets from today's threats, not yesterday's. For this episode, we sat down with threat intelligence analysts Stephen Robinson and Ziggy Davies, two such people responsible for keeping tabs on threats and recent developments, to discuss updates on the threats currently affecting organizations. Check out the latest insights from the WithSecure Countercept Threat Intelligence team. Read the report on the professionialization of cybercrime 2023-11-0131 minCyber Security Sauna083| Security by design for CISOsThe term Shifting Left has not been traditionally associated with cyber security. In this episode, WithSecure CISO Christine Bejerasco lays out the case for how shifting left can evolve beyond its origins in software development to be a powerful tool for successful security and business outcomes. Recorded on-site at #SPHERE23.2023-10-0909 minCyber Security Sauna082| Hyped and Hacked - AI in Cyber SecurityAs Mikko Hyppönen said recently, we are indeed in the midst of the hottest AI summer ever, and the hype level is off the charts. Yes, AI presents amazing opportunities, but unfortunately, also threats. Nowadays, practically anyone with a passing interest in using it has a lot of power at their fingertips - no PhD is necessary. Naturally, we must view all of this through the lens of the cyber security industry. We sat down with Ian Beacraft, Founder and Chief Futurist of Signal and Cipher, and Tom Van de Wiele, Principal Technology and T...2023-09-2013 minCyber Security Sauna079|(Mind the) Detection and Response GapThe time that an attacker spends on a network before attempting to achieve their objective is decreasing rapidly, making many organizations’ typical detection and response solutions ineffective. Speed is the key, but unfortunately the gap between detection and response is growing. In this episode, we are joined by WithSecure’s Threat Hunter Jojo O'Gorman and Principle Incident Response Consultant Mehmet Surmeli to discuss what we can do to solve these challenges. Read more >> https://www.withsecure.com/en/expertise/resources/how-to-identify-your-response-gaps?utm_source=libsyn&utm_medium=podcast&utm_campaign=gl-pr-response-gap-tool Check out our Response Gap Asse...2023-07-1731 minCyber Security SaunaWhat we get wrong (and right) about APTsAdvanced persistent threats, or APTs, are generally seen as a sort of apex predator in the cyber threat landscape. And while they’re certainly noteworthy, their reputation can distort what makes them unique, and what they may have in common with other adversaries. In this episode, we’re joined by Senior Threat Intelligence Analyst Stephen Robinson, and Security Consultant Richard Suls, to shed some light on APTs and how we can protect ourselves against them. Read more:https://labs.withsecure.com/publications/no-pineapple-dprk-targeting-of-medical-research-and-technology-sector 2023-05-0840 minCyber Security SaunaWinning with outcome-based securitySecurity protects organizations from cyber attacks. However, studies show that limiting your understanding of security to this basic premise can hinder protection efforts or even other business goals. Instead of spending more and more on security to simply keep things running, maybe it’s time for a different approach. In this episode, we are joined by WithSecure Chief Information Security Officer Christine Bejerasco, and guest speaker Laura Koetzle, Vice President and Group Director at Forrester to discuss a strategy called outcome-based security.2023-04-0441 min
Cyber Security Sauna Japanエピソード #6: クラウド環境とサーバーレス環境のセキュリティ、『WithSecureカスタマーアンバサダー』についてサウナのようにホットなセキュリティトレンド、テクノロジー、インサイトをお届けするポッドキャスト『Cyber SecurityサウナJapan』。第6回目ではゲストスピーカーとして北海道テレビ放送の三浦一樹さんをお迎えして、クラウド環境/サーバーレス環境のサイバーセキュリティについて語っていただきます。また、『WithSecureカスタマーアンバサダー』にご就任いただいた三浦さんのクラウドコミュニティでの取り組みに関してもお話しいただきます。2023-03-1215 minCyber Security SaunaDo you even patch bro?Vulnerabilities and security gaps are increasingly being identified in software and applications daily. Attackers are often quick to act when any vulnerabilities are made known - even within minutes. You may have heard of the term patching in cyber security, but what is it exactly, and how does it figure into an organization's security posture? WithSecure security consultants Katie Inns and Antti Laatikainen join us to discuss all things patching.2023-03-0738 minCyber Security Sauna2023 - Looking ForwardIn our last episode, we were joined by cyber security advisor Paul Brucciani and WithSecure Intelligence Researcher Andy Patel to discuss some notable 2022 infosec developments. Now that 2022 is in the rear-view mirror, all eyes are turning to the year ahead. What should we expect? Is there some disaster on the horizon for which we need to prepare? Conversely, are there any positive devlopments that we can look forward to? We're once again joined by Paul and Andy to discuss some of the trends we should look out for in 2023. 2023-02-0122 minCyber Security Sauna2022 Wrap-UpAs the year draws to a close, it’s time for us to review and reflect on notable infosec events and trends from 2022, and also what might happen in 2023. In this episode we’re joined by cyber security advisor Paul Brucciani and WithSecure Intelligence Researcher Andy Patel to hear their thoughts on the impact of Russia’s invasion of Ukraine on cyber security, what they think about the changes at Twitter, and other significant developments from the last 12 months. 2023-01-0122 minCyber Security SaunaDeepfakin it: AI content in cyber attacksUntil recently, AI-generated synthetic content has been more commonly used for gaming and art creation, where the tech is still relatively new, and pixel perfection is unnecessary. However, with the tech rapidly advancing in complexity and speed, it's probably only a matter of time before it's genuinely challenging to determine if something is fake or not. Unfortunately, this increase in technology will also provide many avenues for disinformation and other assorted nefariousness. Digital artist and YouTuber Nerdy Rodent and WithSecure Researcher Andy Patel join is to discuss how the technology is developing and its possible implications, good...2022-12-0522 minCyber Security SaunaCyber Security Sauna: Breaking Views – The Vastaamo caseIn this Cyber Security Sauna special edition podcast, we cover new developments in the data breach of Finnish Psychotherapy provider Vastaamo in 2020. This case has recently hit the news again, with the Finnish authorities arresting a suspect in absentia. The suspect in the breach and subsequent leaking of patient data is a 25-year-old Finnish citizen. Officials believe he is at large somewhere in Europe. Neglect by Vastaamo system administrators prior to the incident has also been called out by officials and cyber security experts. Cyber Security Sauna host Janne Kauhanen is joined by WithSecure™ CRO Mikk...2022-11-0931 minCyber Security SaunaCrowdsourcing Security with Bug BountiesBug bounties (also known as vulnerability reward programs) crowdsource security expertise to address vulnerabilities in products or services before attackers exploit them. Many companies have adopted reward programs and sometimes offer hefty rewards for finding vulnerabilities. It's a great way for white hat hackers to make some money and showcase their talents for a possible job, and for companies to improve their security. In this episode, we’re joined by Intigriti’s Head of Hackers, Inti De Ceukelaire, a bug bounty expert that connects organizations with the ethical hacking community, and WithSecure’s Chief Information Security Officer Erka K...2022-11-0242 minCyber Security SaunaCyber conflicts, Corporations and Collateral damageGeo-political conflicts are increasingly being played out in cyberspace, and organizations, whether they are aware or not, are often caught in the crossfire. Janne Taalas and Johannes Laaksonen from CMI - Martti Ahtisaari Peace Foundation and WithSecure™ Chief Technology Officer Christine Bejerasco joined us to discuss how we can resolve these conflicts and try to make cyberspace a safer place for everyone. CMI – Martti Ahtisaari Peace Foundation 2022-10-0331 minCyber Security SaunaSPHERE SESSION | Matthew Rosenquist on why value is the cybersecurity blindspotCISO and cybersecurity Strategist, Matthew Rosenquist, joined us in our cyber sauna recording booth at SPHERE22, the world's first co-security unconference, for a discussion on why we should aim to maximise value in cybersecurity.2022-09-1313 minCyber Security SaunaThe other TTPs: Tools, technologies, and peopleIn this episode, we’re joined by Frank Fransen, Senior Scientist in Cyber Security at TNO, and Technical Coordinator of the EU’s SOCCRATES project, which is developing a new cybersecurity-oriented decision-making platform, and John Rogers, Global Head of Incident Response for WithSecure™, to discuss the role automation can and should play in cyber defenses. SOCCRATES website https://www.soccrates.eu/ SOCCRATES final event: ‘Innovation for Next Generation SOCs’ is on 19 October 2022ools, technologies, and people SOCCRATES final event: ‘Innovation for Next Generation SOCs’ - Soccrates SOCCRATES Vision Paper https://www.soccrates...2022-09-0725 minCyber Security SaunaSPHERE SESSION | Sari Stenfors on AI, humanness and positive futuresSerial entrepreneur, scientist and futurist, Sari Stenfors, joined us in our cyber sauna recording booth at SPHERE22, the world's first co-security unconference, for a discussion on the importance of looking to the future with a positive mindset.2022-08-1909 minCyber Security SaunaSPHERE SESSION | Risto Siilasmaa on trust as the building block for businessesChairman and Founder of F-Secure & WithSecure, Risto Siilasmaa, joined us in our cyber sauna recording booth at SPHERE22, the world's first co-security unconference, for a discussion on why trust is the foundation upon which successful and meaningful business partnerships are formed.2022-08-0909 minCyber Security SaunaSPHERE SESSION | Christine Bejerasco on the development of ransomwareWithSecure CTO, Christine Bejerasco, joined us in our cyber sauna recording booth at SPHERE22, the world's first co-security unconference, for a discussion on how she has seen the development of ransomware families throughout her career.2022-07-2908 minCyber Security SaunaHow Mikko Hypponen learned to stop worrying and love the internetMikko Hyppönen is one of the world's most renowned cyber security experts and has investigated cybercrime for over 25 years. From the days of naughty, nuisance, but ultimately harmless viruses to the very serious cyber threats society faces today, he's seen it all. In addition to his many accomplishments, he is also an author, and he dropped in to discuss the English-language release of his book "If It's Smart, It's Vulnerable".2022-07-1432 minCyber Security SaunaSPHERE SESSION | Simone Giertz on building useless thingsSwedish inventor and world-famous YouTuber, Simone Giertz joined us in our cyber sauna recording booth at SPHERE22, the world's first co-security unconference, for a discussion about building useless things, and if they are actually useless...2022-07-1111 minCyber Security SaunaSPHERE SESSION | Carole Cadwalladr on threats to democracyTED speaker and Pulitzer-nominated journalist Carole Cadwalladr joined us in our cyber sauna recording booth at SPHERE22, the world's first co-security unconference, for a discussion about threats to democracy.2022-06-3010 minCyber Security SaunaSPHERE SESSION | Philip Ingram on nation-state threatsSpymaster-turned-journalist Philip Ingram joined us in our cyber sauna recording booth at SPHERE22, the world's first co-security unconference, for a quick chat about nation-state threats. 2022-06-1313 minCyber Security SaunaCo-security: collaboration, cooperation and cyber securityThere’s many different ways to collaborate on infosec problems. There’s no shortage of associations, conferences, and other frameworks that organizations can use to find others to work with. And there’s a healthy supply of security companies to choose from. But do any of these offer concrete benefits to organizations? Will organizations somehow achieve better outcomes by working with others? Or is it more complicated than that? Today, we’re joined by UK-based Julia Ward, WithSecure’s Principal Client & Markets Liaison, and Tom Van de Wiele from Denmark, a former red teamer and current Principal Threats and Technology...2022-04-0532 min
HerrasmieshakkeritAlgoritmien maailma, vieraana Jaakko Lehtinen | 0x1bKoneoppiminen ja tekoäly muokkaavat maailmaamme nopeammin kuin koskaan aiemmin ja tästä syystä kutsuimme kartanolle professori Jaakko Lehtisen, joka edustaa näissä maailman kärkeä. Keskustelimme projekteista joiden parissa hän työskentelee ja siitä kuinka tekoälyn tuottamia väärennöksiä, kuten syväväärennöksiä, voidaan tunnistaa. Äänijulkaisun lähdeluettelo: Vieras: Jaakko Lehtinen https://users.aalto.fi/~lehtinj7/ Microsoft ja Fortum rakentaa suomeen datakeskusalueen https://www.fortum.fi/media/2022/03/microsoft-ja-fortum-yhteistyohon-microsoft-rakentaa-suomeen-datakeskusalueen-josta-tuotetaan-paastotonta-kaukolampoa-fortumin-asiakkaille-paakaupunkiseudulla WithSecure Oyj https://withsecure.com This X does not exist https://thisxdoesnotexist.com/ Johdatus supe...2022-04-0555 minCyber Security SaunaSecurity for non-profit organizationsNon-profit organizations play a crucial role in our well-being. In many parts of the world, they’re a major source of education, health care, social services, and more. And while they’re not in it for the money, they remain a target for cyber attacks, just like other organizations. Why is this case? What can and should be done about this? In this episode, Adrien Ogee, Chief Operating Officer for the CyberPeace Institute, a non-governmental organization that helps defend the security, dignity, and equity of people in cyber space; and Heikki Stark, a security consultant with F-Secure who recently won...2022-02-2836 minCyber Security Sauna2021, 2022 and beyond - Part 2With 2021 now behind us, it’s time to revisit the highs and lows of the past 12 months, and look ahead to what we can expect in the months ahead. To mark the year’s end, we recorded a special two-part episode of Cyber Security Sauna. F-Secure’s Chief Research Officer Mikko Hypponen, Security Consultant Adriana Verhagen, and AI researcher Andy Patel join episode 64 to share their key takeaways from 2021, and thoughts on important issues we’ll face in 2022 and beyond. In this episode: regulating social media networks, cloudification, AI-powered attacks, security in an age of unlimited computing power, NFTs, and more.2022-01-2449 minCyber Security Sauna2021, 2022 and beyond - Part 12021 is drawing to a close, and it’s time to look back on the events of the past year. At the same time we look ahead to the brand new year to come. Welcome to part one of a special two-part episode of Cyber Security Sauna. In this episode we’re joined by F-Secure’s Chief Research Officer Mikko Hypponen, Security Consultant Adriana Verhagen, and AI researcher Andy Patel, to hear their key takeaways from 2021, and thoughts on important issues we’ll face in 2022 and beyond. In this episode: cyber security and the board, how companies are doing at integrating...2021-12-2951 minCyber Security SaunaLog4j Zero Day: What It Means for Your OrgThe remotely exploitable Log4j zero day vulnerability disclosed just a few days ago has been called one of the most serious vulnerabilities to date. So what is it all about, and what does it mean for organizations? How is it being exploited? What are the risks, and what can you do if you're waiting for a patch? F-Secure CISO Erka Koivunen joins Janne to break down the issue, and explains why this vulnerability should be a wakeup call for security practitioners and developers. Links: Episode 62 transcript How attackers are trying to exploit...2021-12-1417 minCyber Security SaunaAppSec, According to Two Guys Named AnttiThe topic of application security has never been more important. So how are companies approaching appsec? What should companies do to ensure appsec gets the attention it needs? Antti Tuomi, who works in Japan, and Antti Vaha-Sipila (known as AVS), from Finland, join the show to share their thoughts on changes in application security, shifting left, supporting developers, "level boss testing," and much more. Links: Episode 61 transcript2021-11-2442 minCyber Security SaunaBiometrics: Privacy, Problems and PossibilitiesBiometrics have gotten a lot of attention in recent years. Biometric authentication systems have the potential to take the place of passwords, streamlining the user login experience. But there are a lot of considerations before taking these systems into use. When should they be used, and how? What are the risks, and when should biometrics be approached with skepticism? Security expert Vic Harkness and red teamer Tom Van de Wiele join Janne to talk about the advantages and disadvantages of biometric authentication systems, some of the wackiest ways our bodies can be measured, and why layered security still works be...2021-11-0237 minCyber Security SaunaKeeping Your Latest Tech from Becoming the Latest ThreatCyber crime is a constantly evolving game. As soon as new technology is introduced, attackers start figuring out how to exploit it for malicious purposes. No one understands this better than F-Secure Chief Technology Officer Christine Bejerasco. Christine joins Janne to discuss the changing world of cyber crime, and how companies can avoid having their new technologies exploited by taking a secure-by-design approach. Links: Episode 59 transcript2021-10-1135 minCyber Security SaunaPaths to Infosec: From ER to IRData breaches and other security incidents have become a frequent, severe problem for organizations. But with incident responders in short supply, there are fewer professionals available to help organizations in their hour of need. We're joined this episode by F-Secure incident response consultant Eliza Bolton, who successfully transitioned to cybersecurity from the nursing profession, and F-Secure's head of incident response, Matt Lawrence. Matt and Eliza share their views on tackling the cyber skills shortage, why diverse teams are more adaptable, and why Eliza’s background as a nursing assistant is an asset in the world of incident response. L...2021-09-2028 minCyber Security SaunaDark Web: The Good, the Bad, and the UglyAfter data breaches and ransomware attacks, we often hear that customer information was leaked to the dark web. This obviously can have serious implications for both companies and individuals, but for many of us, the dark web is as mysterious as it sounds. So what is the dark web all about, and what's happening there? How does it affect companies and regular people? F-Secure's Laura Kankaala and Elias Koivula join the show to help to help demystify the topic. Links: Episode 57 transcript2021-08-1731 minCyber Security SaunaTo Ban or Not to Ban? Ransomware Payment RegulationRansomware payment amounts have skyrocketed over the past year. As threat actors keep getting richer, they have more resources to fuel their operations. Many people argue that the way to discourage ransomware is to implement an outright ban on ransom payments. Is this suggestion idealistic or realistic? How would such a ban affect companies, and what are the alternatives? Päivi Tynninen of the Finnish National Cybersecurity Center and Jordan LaRose of F-Secure join us to share their views. Links: Episode 56 transcript2021-07-1535 minCyber Security SaunaWhen AI Goes AwryAI and machine learning are shaping our online experience, from product recommendations, to customer support chatbots, to virtual assistants like Siri and Alexa. These are powerful tools for enabling business - but powerful doesn't mean perfect. F-Secure data scientist Samuel Marchal and security consultant Jason Johnson join Janne for this episode to talk about some of the security issues with machine learning and how to address them. Links: Episode 55 transcript2021-06-2335 minCyber Security SaunaRansomware Incident Response and the Role of ReadinessThe fallout from a ransomware attack is every organization's worst nightmare. But it doesn't necessarily have to be, if you can respond to an attack effectively. As our guests explain, there are things companies can be doing in advance to ensure a proactive response to ransomware when it happens, and to reduce the impact to the company. Incident response experts Jordan LaRose and Matt Lawrence of F-Secure join the show to discuss. Links: Episode 54 transcript Whitepaper - Incident Readiness: Preparing a Proactive Response to Attacks Webinar recording - Preparing for Success...2021-05-2737 minCyber Security SaunaHow to Secure Networks and Influence PeopleThe role of a chief information security officer demands technical knowledge, but it also requires soft skills of leading and influencing - especially over the past year as cybersecurity has grown in visibility for companies. So how can CISOs get their security message across to boards, the business, employees and the security team? Joining Janne are two CISOs, Erka Koivunen of F-Secure and Chani Simms, co-founder and managing director of Meta Defence Labs and founder of SHe CISO Exec community, to discuss communication and the role of emotional intelligence in promoting a culture of security at every level. 2021-04-2833 minCyber Security SaunaChallenges in Cloud SecurityCloud computing was one of the last decade's most transformative technologies. It helped organizations launch exciting new applications and services, as well as innovate the way they operate. However, moving critical parts of IT infrastructure and operations outside of organizations' perimeters has significant security implications. The cloud is definitely here to stay, so security consultants Laura Kankaala and Nick Jones join Janne to talk about the cloud security challenges organizations are facing and will continue to face. Links: Episode 52 transcript2021-04-0641 minCyber Security SaunaLooking at Phishing Through the Intrusion Kill ChainPhishing is the number one vector leading to data breaches. It's an easy, effective way for attackers to trick users into giving up credentials or running malicious code. While organizations cannot stop motivated attackers from trying to phish their employees, they can make it harder to succeed. F-Secure's director of consulting, Riaan Naudé, calls this building the path of most resistance. Riaan joins the show to talk about how companies can do just that by addressing the earlier stages of the intrusion kill chain. Also in this episode: The most important metric of phishing simulation, why feedback is important, a...2021-03-1135 minCyber Security SaunaGetting the Most out of Infosec ConferencesInfosec conferences give cybersecurity professionals a chance to network, hear the latest research, exchange ideas, and demo hacks and new tools. But with so many conferences, how do you decide which ones to attend? How can you get the most out of your experience? Are they worth your time and money? What's it like to be a presenter, or even an organizer? Janne speaks to Noora Hammar, head of comms for the Nordic security event Disobey and vice-chairwoman for HelSec Association; and F-Secure's Tomi Tuominen, founder of the T2 infosec conference. Links: Episode 50 transcript Ghos...2021-02-1834 minCyber Security SaunaRansomware 2.0, with Mikko HypponenWe thought locking up data and demanding a ransom to decrypt it was bad. But ransomware criminals have stooped even lower and now, threats of public data exposure on top of multimillion-dollar ransoms are routine tactics. What's next? Where's ransomware going in 2021? Joining us to give his take is F-Secure's chief research officer and CISO MAG's Cybersecurity Person of the Year 2020, Mikko Hypponen. Also in this episode: Ransomware's evolution, why it's mainly a Windows problem, the impact of remote work, how ransomware's industrialization affects the threat landscape, and more. Links: Episode 49 transcript2021-01-1932 minCyber Security SaunaThe Year in Cyber: 20202020 has been a year no one predicted. COVID-19 made remote work the norm and shook up the attack landscape. Through it all, breaches and ransomware attacks continued to plague organizations. In this episode we're looking back at some of the trends that defined the cyber world in 2020 with F-Secure's Tom Van de Wiele and Nick Jones. Also in this episode: The supply chain attack on SolarWinds; update on the cyber skills shortage; 2020's effect on VPN, Zero Trust, and cloud; the 2020 US elections and more. Links: Episode 48 transcript2020-12-3035 minCyber Security SaunaThe Tangled Web of ID TheftWith the holiday season upon us, the already accelerated pace of online shopping is picking up even more. And more online transactions means more reasons to be careful about protecting your data from fraud like identity theft and account takeover. ID theft claims millions of victims per year, but how does it happen and how can you avoid being a victim in a world where everything's online? Olli Bliss of F-Secure joins the show with answers. Also in this episode: How attackers get your data, how they crack passwords and break into accounts, what's happening to your data on...2020-12-0939 minCyber Security Sauna10 Burning Mobile Security Questions, AnsweredIs iOS really more secure than Android, and why? What are the pros and cons of biometric authentication? How can you know which apps are safe to use, anyway? In this episode we dive into a range of mobile security issues. Who better to answer our questions than a couple of mobile experts? F-Secure's Ken Gannon and Ben Knutson join the show to discuss app permissions, company mobile device management, mobile hygiene tips, signs your phone's been hacked and more. Plus, is your Facebook app listening in on you, or not? Links: Episode 46 transcript 2020-11-1234 minCyber Security SaunaThe Most Frightening Thing About Stalkerware, with Eva GalperinYou know about malware, ransomware, spyware. But there's an increasing concern about stalkerware, a creepy breed of apps that allow someone else to digitally monitor you. What is stalkerware all about and how can you recognize it? Who plants it and why, and who are its victims? Joining the show are Eva Galperin, director of cyber security at the Electronic Frontier Foundation who also helped found the Coalition Against Stalkerware, and Anthony Melgarejo, threat researcher in F-Secure's Tactical Defense Unit. Links: Episode 45 transcript Coalition Against Stalkerware Operation Safe Escape ...2020-10-0525 minCyber Security Sauna2020 in Cyber Threats, So Far: COVID-19's Effects, Ransomware's Latest TricksIt's a year like none we've ever experienced. COVID-19's effects have reverberated around the world, and around cyberspace. What's been happening in the threat landscape while we were all preoccupied with the pandemic? How have cyber attackers adapted to the new normal, and how are they exploiting COVID-19? Christine Bejerasco and Calvin Gan, of F-Secure's Tactical Defense Unit, join us to discuss. In this episode: How threat actors are taking advantage of remote work; email and phishing threats; infostealers that profile company networks; and why a ransomware infection may be just the tip of the iceberg. ...2020-09-1730 minCyber Security SaunaPaths to Infosec: Military Vs. PsychologyThere is no one set path to a cybersecurity career, and today's guests have arrived in the field in very different ways. Logan Whitmire comes from a military background and Derek Stoeckenius has a degree in psychology. In this episode, they share what sparked their interest in infosec, their journey to their current roles, and how their unique backgrounds influenced the way they approach their work. Also: Tips on getting into the field, and what they might have done differently if they could go back. Links: Episode 43 transcript2020-08-2422 minCyber Security SaunaThe Encryption Debate Rages OnEncryption plays a critical role in protecting our data from hackers and theft. But at the same time, it presents a challenge for law enforcement when it comes to their work catching dangerous criminals and terrorists. What are the possible options at the end of the encryption debate, and are any of them actually viable? How can we protect our data while still enabling law enforcement to do their jobs? Erka Koivunen, CISO of F-Secure, joins us to discuss the encryption "sweet spot" that we've currently found, why some parties want to change it, and why there are no e...2020-07-3030 minCyber Security SaunaThe Ethics of Red TeamingRed team testing is somewhat intrusive by nature, as it involves breaking into companies - albeit at their request - to help them improve their security. Red teamers must bluff their way past receptionists and hack into employee computers, things that would put anyone else in a lot of trouble. At what point do red teaming activities cross the line into being unethical, or even criminal? F-Secure's veteran red teamer Tom Van de Wiele stopped by to share what a red teamer is not willing to do in the name of security, why cyber security experts need a sense...2020-06-2935 minCyber Security SaunaCan Contact Tracing Apps Preserve Your Privacy?Contact tracing is a key strategy for preventing the spread of COVID-19, and smartphone-assisted contract tracing automates a laborious process. But contact tracing technologies face criticism from privacy advocates concerned about the potential for abuse. F-Secure privacy expert and global technical director Tomi Tuominen argues that the issue is a process problem, not a technology problem. Janne speaks with Tomi about contact tracing, how apps should fit into a bigger healthcare picture, and how privacy-preserving contact tracing technology should work. Links: Episode 40 transcript Tracking COVID tracing apps in different countries, MIT Technology Review2020-05-2727 minCyber Security SaunaDeconstructing the Dukes: A Researcher's Retrospective of APT29APT29, aka Cozy Bear or the Dukes, is a cyber espionage group whose misdeeds include famously hacking into the DNC servers in the run-up to the 2016 US election. Now, as the subject of MITRE's latest ATT&CK Evaluation, the group is in focus again. The Dukes are familiar to F-Secure's Artturi Lehtio, who extensively researched them in 2015. But hindsight is 20/20, and Artturi joins the show to discuss how his views on the group have changed since his research. Also in this episode: How APT groups behave after being burned and why the Dukes are different; why calling t...2020-05-0634 minCyber Security SaunaMikko Hypponen on Zoom, COVID-19 Threats, and Working During a PandemicIt's the topic on everyone's minds: The new state of our world amid and after a global pandemic. Mikko Hypponen, F-Secure's Chief Research Officer, joins Janne to discuss a host of COVID-19-related security topics. In this episode: Avoiding Zoom bombers, new concerns for IT environments, COVID-19 hoaxes and spam, ransomware and hospitals, APT activity, privacy concerns of coronavirus tracking apps, and how the infosec community can help. Links: Episode 38 transcript Webinar: Mikko Hypponen - Cyber Security and COVID-192020-04-1622 minCyber Security SaunaCOVID-19 and Your Company's Security: The CISO SpeaksIn infosec we're used to news about digital virus infections and outbreaks. But the new coronavirus is turning the real world upside down. In many countries, it's changing the way of life for the foreseeable future, and it's already having effects in business security too. Erka Koivunen, CISO at F-Secure, joins the show to talk about the impact of this pandemic on organizations when it comes to cyber security and the shift to a remote workforce. Links: Episode 37 transcript Coronavirus Email Attacks Evolving as Outbreak Spreads Hackers are Targeting Hospitals Crippled by C...2020-03-2421 minCyber Security SaunaFrom Stuxnet to WannaCry to Coinhive, The Past Decade Was All Over The Place2020 marks the start of a new decade. But it's also worth taking a look back at where we've come from and what has changed in infosec. F-Secure's Christine Bejerasco joins the show to review the highlights of the last ten years - from nation state malware to ransomware to Snowden and more - and to discuss how far we have, or maybe haven't, come. Links: Episode 36 transcript2020-03-1635 minCyber Security SaunaThreat Hunting & Why It's All About PeopleThreat hunting has become a buzzword in the industry of late. But what is it all about? Why should companies consider using threat hunting as a part of their security strategy? Connor Morley, threat hunter with F-Secure, stops by to discuss how his craft helps companies take a proactive approach to security. Links: Episode 35 transcript Whitepaper: Demystifying Threat Hunting Whitepaper: KillSuit Research2020-02-1939 minCyber Security SaunaBalancing AI: Privacy, Misuse, Ethics and the FutureWhile AI and machine learning are enabling definite advances in the digital world, these technologies are also raising privacy and ethical concerns. What does AI mean for personal privacy, and is it being exploited unethically? Are these concerns being addressed, or will AI spell disaster for society? Bernd Stahl is coordinator of the EU's SHERPA project, a consortium that investigates the impact of AI on ethics and human rights. Bernd joins Janne to discuss the delicate balance of AI - its advantages and disadvantages, potential misuses and how AI may improve life and create opportunity for some, while others...2020-01-2932 minCyber Security SaunaCyber Security Education from Student and Teacher PerspectivesCyber security has never been a hotter field to get into, but how do you gain the skills needed for landing a job? There are various paths to a cyber security career, from a formal university education to being a self-taught hacker. In this episode we hear from our guest about cyber security education from both a student and teacher perspective. Jesse Rasimus is a graduate of F-Secure's Cyber Security Academy who is now employed with F-Secure, and Tom Van de Wiele is an F-Secure consultant who also teaches infosec. They discuss university versus practical training, starting out in...2020-01-0839 minCyber Security SaunaHow California's New Privacy Law Strikes Where the Pain IsFollowing in the footsteps of GDPR, the US is seeing more progressive data privacy laws coming down, with the new California Consumer Privacy Act leading the charge. What does the CCPA mean for consumers and for companies? What can the US learn from GDPR? F-Secure's Timo Laaksonen, previously head of F-Secure's consumer business in North America, and Hannes Saarinen, F-Secure's data protection officer join this episode to discuss the new law and compare and contrast it with GDPR. Links: Episode 32 transcript TechCrunch: Silicon Valley is terrified of California's privacy law2019-12-0436 minCyber Security SaunaIs True Internet Freedom a Thing of the Past?The internet seems to be changing from being a relatively unrestricted space into something more regulated. More countries are implementing policies that restrict or filter the way their citizens experience the online world. Is the internet we know and love breaking up into many internets along geographical lines? Is true internet freedom a thing of the past? F-Secure's Tom Van de Wiele joins Janne to talk about digitally controlling regimes, bypassing those controls, and why consuming a healthy information diet is important for all of us. Links: Episode 31 transcript2019-11-1231 minCyber Security SaunaTalking Infosec to Non-Infosec FolksCyber security is relevant for everyone. Not everyone realizes it though, and not everyone understands what those in the infosec industry take for granted. How should security-minded individuals communicate with friends, relatives, colleagues and the general public about this important topic? What are the misconceptions regular folks often have about infosec, and what could we in the industry be doing better? Security consultant Laura Kankaala joins Janne to discuss. Links: Episode 30 transcript2019-10-2232 minCyber Security SaunaAsk a Hacker: Red Teamer Answers Listener QuestionsIn this episode, veteran hacker and red teamer Tom Van de Wiele answers questions from our listeners. Tom covers the ethics of ethical hacking, how to prioritize solving the myriad of security issues companies face, why he includes a banana in his hacking kit, the importance of communication skills in his job, and much more. A great listen both for those already in the industry and those wanting to break in. Links: Episode 29 transcript Episode 2 - Breaking into Infosec: Advice from an Ethical Hacker 21 tips for getting started in ethical hacking2019-09-2533 minCyber Security SaunaWhen the Well is Poisoned: The Devastation of Supply Chain AttacksSupply chain attacks are on the increase, with attackers abusing the trust we place in vendors and software. Why are these attacks growing, and what can companies do about them? Jyrki Huhta, senior security consultant at F-Secure, joins the show to share his thoughts on these devastating attacks and why "trust but verify" should be the motto for preventing them. Links: Episode 28 transcript2019-08-2933 minCyber Security SaunaThe Connected Home Meets the IoT Tire FireThe modern home is continually getting more connected. But as much as we love our virtual assistants, smart thermostats and cloud-enabled security cameras, are we really aware of the risks they invite into our homes? And how can we enjoy the latest digital technologies without compromising security and privacy? F-Secure's Tom Gaffney joins Janne to discuss why and how IoT makes us vulnerable, how we can protect ourselves, and what IoT device makers should be doing. Links: Episode 27 transcript The Age of Surveillance Capitalism review2019-08-0333 minCyber Security SaunaSafe Browsing & Secure Web Development"Don't go to shady websites" was the advice people were given back in the day. But now it's not always possible to tell when you're in danger, as even reputable websites can be compromised. So how can you know if a website is legitimate and trustworthy to use? And from the developer's view, how can you design a website to be secure? F-Secure's Christine Bejerasco and Laura Kankaala join us to answer these questions. Listen in for expert tips and tricks for safe browsing, and for designing websites with security in mind. Links: Episode 26 transcript2019-07-0439 minCyber Security SaunaThe Psychology of PhishingPhishing is one of today's biggest cyber security issues, a go-to tactic for threat actors. It's simple and effective, and perhaps that's why it has become such a source of frustration for companies. Kayleigh O'Donovan of MWR Infosecurity's Phishd team joins the show to talk about how phishers play with your emotions to get you to click, how to spot a phishing email, how phishing simulation can help companies reduce their click rates, and more. Links: Episode 25 transcript2019-06-1236 minCyber Security SaunaGDPR Update: One Year LaterOne year ago, the EU General Data Protection Regulation (GDPR) came into effect, fundamentally changing the way businesses handle data. The GDPR forced companies to scramble to comply or face penalties. A year later, what has the GDPR's impact been and how are businesses handling it? Where should companies go from here? Joining the show are F-Secure's Hannes Saarinen, privacy officer, and Eric Andersen, who works with companies on GDPR compliance. We last spoke with them in May of 2018, and they're back to give us a one-year update. Links: Episode 24 transcript DLA Piper...2019-05-1537 minCyber Security SaunaElectronic Voting & Why it's So Hard to Get RightCyber security is always a hot topic during election seasons, and various elections are being held in Europe and around the world this spring. As digitally enabled as the world is, shouldn't we all be voting electronically by now, or via the internet? F-Secure's Tomi Tuominen and Antti Vähä-Sipilä join us to discuss the complexities of e-voting, why it's such a challenging issue, and when it makes sense to use e-voting systems. Links: Episode 23 transcript OSCE Handbook for the Observation of New Voting Technologies Council of Europe Adopts New Reco...2019-04-2337 minCyber Security SaunaPro-Brexit Twitter Views Amplified by the Global Far RightThe pro-leave side of the Brexit debate is getting support from far-right Twitter users based outside the UK. After investigating 24 million Brexit-related tweets, that's the conclusion Andy Patel, researcher from F-Secure's Artificial Intelligence Center of Excellence, has arrived at. In this episode, Patel discusses his research, the spread of misinformation, and how social media can often be just an echo chamber for people who share the same views. Links: Episode 22 transcript Analysis of Brexit-centric Twitter Activity Brexit-related Twitter mischief supported by global far right BBC - Foreign far-right Twitter...2019-04-0228 minCyber Security SaunaThe Cloud: Security Benefits, Risks & Why You Should Use ItThe cloud has changed the way we do business and the way we develop and deploy software and infrastructure. What are the security benefits of moving to the cloud, and what are the special concerns? What should companies do to ensure their cloud stays secure? Janne is joined by Laura Kankaala and Antti Vaha-Sipila of F-Secure to talk about what it means to be cloud native, why breaches happen in the cloud and much more. Links: Episode 21 transcript2019-03-1430 minCyber Security SaunaDefining Cyber Warfare, with Mikko HypponenCyber war is a term we often hear tossed about, but is it just science fiction, or is it really happening? How worried should we be about the potential governmental offensive use of cyber power, and what constitutes a cyber weapon? Mikko Hypponen, Chief Research Officer of F-Secure, joins us this episode to discuss governmental APT actors, why words matter when it comes to cyber war, and why cyber weapons are the perfect weapons. Links: Episode 20 transcript2019-02-1146 minCyber Security SaunaThe Best Defense is Good Offensive SecurityThey say that the best defense is a good offense, as football fans or anyone that’s played a game of Risk might agree. But how does this idea look when you apply it to cyber security? F-Secure Principal Security Consultant Tom Van de Wiele joins this episode of Cyber Security Sauna to talk about offensive and defensive approaches to cyber security, and how defenders can use these strategies to protect their systems, operations and data. Links: Episode 19 transcript F-Secure Incident Response Report 2019-01-2326 minCyber Security SaunaOnline Dating and Trading Data for Love (It's Complicated)If you're looking for love nowadays, you'll likely turn to an online dating app. But what do these apps mean for your security? What privacy concessions are you making when you swipe? How does your online behavior impact your real life? Sean Sullivan joins Janne this episode to discuss the balancing act of maintaining your privacy while finding a match, avoiding romance scams and the tradeoffs you're making when using Tinder and apps like it. Links: Episode 18 transcript FBI Internet Crime Complaint Center (IC3) AARP Scams & Fraud page DTR p...2018-12-2639 minCyber Security SaunaYear in Cyber: Forecasting 2019, Recapping 20182018 is winding to a close and the new year is just around the corner. What's in store for 2019 in cyber security? In this episode, five experts talk about exactly that, and discuss notable trends of 2018. From mobile phishing to AI trends, supply chain attacks, IoT, data privacy and more, our roundtable keeps you abreast of the trends. Joining the show are Adam Sheehan of MWR Infosecurity, and Laura Kankaala, Tom Van de Wiele, Artturi Lehtiö, and Andy Patel, all of F-Secure. Links Episode 17 transcript Facebook Hack Exposes an Internet-Wide Failure - Single Sign-On re...2018-12-1038 minCyber Security SaunaEndpoint Protection & BeyondEndpoint protection has been the trusted backbone of many companies' security. But with stories about data breaches and successful cyber attacks constantly in the news, people are beginning to think endpoint security is dead. Whether or not you agree, you might be wondering if there's any truth to this statement. F-Secure's Principal Security Consultant Antti Tuomi joins us this episode to talk about endpoint protection, its strengths and limitations, and when detection and response is needed. Links Episode 16 transcript2018-11-1919 minCyber Security SaunaElection Security, US Midterm Edition: The Big PictureDemocracy in the digital age is a wonderful yet wild beast. When it comes to electing our leaders nowadays, we're faced with questions about how to escape the influence of malicious actors. With the US midterm elections just around the corner, F-Secure security adviser Sean Sullivan joins us this episode to explain the complexities of the US election system to a European. Sean covers campaign misinformation, why security is not as simple as going back to all paper ballots, and how the hacker mindset can help. Links: Episode 15 transcript (including campaign videos) Vox: T...2018-10-2935 minCyber Security SaunaReinventing the Cold Boot Attack: Modern Laptop VersionShould your laptop ever get stolen and fall into the wrong hands, you would probably be comfortable in the knowledge that the data on it is protected by full disk encryption. But what if a malicious adversary could get around that encryption and access the data anyway? F-Secure's Olle Segerdahl and Pasi Saarinen have discovered a flaw that allows attackers to do just that, and it affects almost all modern corporate laptops - probably yours too. Olle and Pasi join us today to talk about bypassing the mitigations vendors have put in place against cold boot attacks, and what comp...2018-10-0831 minCyber Security SaunaPasswords: A Hacker's Take on Cracking & Protecting Your CredsPasswords. You plug them into your accounts and the services you use at work, you try little tricks to make them more unique, but have you ever wondered what a hacker thinks of your passwords? For episode 13, ethical hacker Jan Wikholm joins us to talk about passwords – how he cracks them in his job at F-Secure, the tricks hackers know you're using, and what you should do to keep your credentials safe. Jan also fills us in on hashing, how he does brute forcing, how companies should protect their users' passwords, and how to create a secure password you ca...2018-09-1444 minCyber Security SaunaAdventures in Red TeamingHow can companies know if their security investments are actually working? Getting attacked is the ultimate test, but hiring a red team is a less disruptive way to find out. These guys rely on technical chops, acting skills and pure creativity to engage in an all-out attack on a company’s defenses. Joining us this episode is Tom Van de Wiele, Principal Security Consultant at F-Secure, to talk about how red teaming can help companies improve their security posture, his tricks for hustling his way into a company, and why the coffee machine is a red teamer's be...2018-08-2332 minCyber Security SaunaThe Rise of AI and Deliberate DeceptionDisinformation. Fake news. Social media manipulation. Lately another dark side of the internet has come into focus - its use as a tool for deception. Technologies like machine learning and artificial intelligence are being employed to play hoaxes and mislead on purpose. Seeing is no longer believing - and moving forward, it's only going to get harder to distinguish facts from falsehoods. Andy Patel from F-Secure's Artificial Intelligence Center of Excellence has been studying this phenomenon. He joins Janne in this episode to share what he's learned about Twitter bots, deepfakes, voice cloning and the tools that m...2018-08-0231 minCyber Security SaunaRansomware Out, Cryptojacking In? Latest Cybercrime TrendsOver the past few years, ransomware stole headlines as the biggest malware threat to worry about. Consumers and businesses alike were being hit and forced to shell out money to retrieve their files. But the cybers never stand still, and neither does malware. Nowadays ransomware is being eclipsed by new trends. F-Secure Labs researchers Paivi Tynninen and Jarkko Turkulainen join us to explain why ransomware is on the decline, and what’s taking its place. Listen for the story on cryptojacking and the current world of cybercrime. Links: Episode 10 transcript 2016 study: Evaluating the Cu...2018-07-1022 minCyber Security SaunaTop OpSec Tips for Vacation TravelThe summer holiday season is upon us, and people are looking forward to trading their daily workplace grind for a new adventure. Traveling is always exciting, but it takes you out of your comfort zone, and that gives thieves and criminals opportunities to exploit you. F-Secure principal security consultant Tom Van de Wiele is back to tell us how we can keep our devices and data safe while enjoying a fabulous vacation. Are the kids safe from strangers when playing Minecraft on the hotel WiFi? Is it OK to use Bluetooth in your rental car? What are the most co...2018-06-2114 minCyber Security SaunaGDPR is Live. What Now?After months and months of anticipation, the May 25 deadline has passed and the GDPR is finally in effect. Companies around the world are being held to strict new standards for protecting the data of EU citizens. So what now? How well-prepared are most companies, and what about organizations who still aren't compliant? We're joined by F-Secure's Erik Andersen, who's spent the past few years helping organizations prepare for GDPR, and Hannes Saarinen, Privacy Officer at F-Secure, to get the rundown on GDPR myths and misconceptions, what to expect going forward, and the big idea some companies who object to G...2018-05-3125 minCyber Security SaunaPopping Hotel Locks...and Hard Truths of HackingWhen people look for logos or symbols that emanate security, they often choose a lock. Sure, we know locks can be picked. But what would the world look like if attackers could just walk in without breaking their stride? After years of research, two F-Secure researchers have discovered that by exploiting design flaws in an electronic hotel lock system used in tens of thousands of hotels worldwide, they could create a master key to open any room in the building. In this episode, F-Secure’s Tomi Tuominen and Timo Hirvonen share their story, plus they get real with the un...2018-05-0918 minCyber Security SaunaSpring Cleaning for OpsecOperational security is about turning the tables, looking at things from an attacker's point of view, and identifying how your own actions are making you vulnerable. Listen as Erka Koivunen, CISO of F-Secure, gets us up to speed on opsec: selecting your appropriate threat model, why you should never trust the office network, and tips for "spring cleaning" your opsec (potato chips and nail polish are recommended tools). And don't miss his favorite story of an epic corporate opsec fail. Links: Episode 6 blog post & transcript If you travel with your laptop, you probably sh...2018-04-2724 minCyber Security SaunaDemystifying Hardware Security, with Andrea BarisaniWith the disclosure of Meltdown and Spectre early this year, hardware security has come into focus. What are the special challenges of securing hardware versus software? What about securing high-risk industries like aviation and automotive? In this fascinating episode, Andrea Barisani, head of hardware security at F-Secure, shares why we should be thankful for Meltdown, why security problems do not equal safety problems, the one piece of advice he would give hardware manufacturers, and much more. Links: Episode 5 blog post2018-03-2939 minCyber Security SaunaSecurity, Privacy and the IoT, with Steve LordThe Internet of Things promises futuristic smart homes, energy savings and efficiencies, and improvements to health and well-being. But the IoT still has a long way to go before we can safely enjoy these benefits - currently, it threatens our security and privacy. Steve Lord, a 20-year industry veteran and director at Mandalorian, joins the show to talk about the IoT, from smart cars and TVs to Amazon Alexa and Apple Health. You'll learn why companies love your data, the biggest misconception about the IoT, and the one thing you can do to stay secure if you own a...2018-03-0833 minCyber Security SaunaData Breaches: Bridging the GapData breaches. They're every organization's worst fear. Why are companies so ill-prepared, and what are companies missing in their approach to data breaches? Host Janne Kauhanen is joined by Marko Buuri, Principal Risk Management Consultant at F-Secure, and Tuomo Makkonen, Principal Security Consultant, to give you the lowdown on breaches and what you need to know. Links: Episode 3 blog post2018-02-1317 minCyber Security SaunaBreaking Into Infosec: Advice from an Ethical HackerBetween zero day news flashes and stunt hacking reports, there are a lot of false conceptions about what it's like to be an infosec professional. So what should you focus on to get into the world of infosec testing or to become a security consultant? What background do you need? How valuable are conferences and certifications? These are just a few of the questions our guest Tom Van de Wiele answers to help you on your way in this rewarding field. Tom is a principal security consultant at F-Secure with 15 years of infosec experience. He specializes in re...2017-12-2126 minCyber Security SaunaAntivirus in the Hot Seat, with Mikko HypponenThe recent allegations against Russian antivirus vendor Kaspersky have prompted wider questions about antivirus in general - how it operates and what sort of data it collects from customer machines. In the first episode of Cyber Security Sauna, F-Secure's chief research officer Mikko Hypponen joins host Janne Kauhanen to answer these questions. You'll also hear his thoughts on Kaspersky and why it's important to trust your vendor. Links: Episode 1 blog post Episode 1 transcript FAQ: Everything You Wanted to Know About AV Data Transmission But Were Afraid to Ask F-Secure...2017-11-3018 min