Today, as part of The Hieno! “What is Finnish-ness” series celebrating Suomi 100 in 2017, we have the huge privilege of featuring F-Secure’s Chief Research Officer Mikko Hypponen. F-Secure Corporation is a Finnish cyber security and privacy company based in Helsinki, Finland. The company has 20 country offices and a presence in more than 100 countries.
Last month, Mikko Hypponen made the Closing Keynote for the Singapore Fintech Festival 2017 in Singapore. He has also lectured at the universities of Stanford, Oxford and Cambridge and has delivered the most watched computer security talk on the internet. Personally, I love the various TED talks made by Mikko Hypponen! You can definitely consider watching “How the NSA betrayed the world’s trust — time to act” and “The three types of online attacks“.
Enjoy this interview! 🙂
WW: Hello Mikko! Can you tell us more about yourself and what you are currently doing?
Mikko Hypponen: Hello Wan Wei!
I’m a geek, a programmer and a reverse engineer. I’d been doing technical stuff all my life. I’d started programming at the age of 13, and sold my first program when I was 16. I started studying Computer Science and Programming when I was 19.
I joined a small Finnish start-up called “Data Fellows” in 1991. In that company, I was employee number 6. It started growing, and eventually became big enough to be listed on the Helsinki Stock Exchange. After listing on the Stock Exchange, the company changed its name from Data Fellows to F-Secure.
Last June was my 25th year at F-Secure.
WW: Wow! Onnea onnea!
Mikko Hypponen: Thank you. 25 years working for the same company!
Which explains why I am the worst person to seek career advice from, because typically when you change company, you get a raise. *Laughs*
Yet, it’s been 25 years and I’d never have had a boring day at work. I think there are few people who can claim that.
I have had a wild ride in this company, seeing how it progressed from a small start-up to a global player. I’d been fortunate to work in a field that has completely changed in these years. When I started we were analysing viruses in floppy disks.
And today, we are now fighting internet-borne attacks, which are not coming from teenage boys but coming from organised crime groups,terrorists, foreign intelligence agencies and foreign nation-states.
This job is exciting because we have a concrete enemy that we are fighting. We are trying to protect people’s security and privacy from online attackers. And when we do our jobs, we feel good because we are helping people solve problems that they don’t know how to solve on their own.
WW: Wow, your job is very meaningful indeed! Thank you for sharing. Can you tell us a little more about how Finland can lead the world in the area of cyber security, or is it already leading the world?
Mikko Hypponen: Finland has unique opportunities, especially when it comes to protecting against nation-state attacks.
Especially companies who are worried about foreign nation-states have a hard time finding good solutions. You can take a look at where the different security companies are coming from—most of them are coming from the United States, China or Russia. These are exactly the countries that are the sources of the nation-state attacks.
Take for instance a German defence contractor who are building military solutions—it would be a typical target for espionage. The company would be worried about spies and cyber-attacks from China, Russia or USA.
Do they want to buy a Chinese security product? Maybe not.
Do they want to buy a Russian security product? Probably not, too.
Do they want to use a security product from the USA? Perhaps not, too.
Therefore, it is a very good position to be– for a security vendor coming from Finland. This is because we are seen as an impartial, neutral player. Nobody is really worried about attacks coming from the Finnish government. Finland is also seen as independent– we are not even in NATO.
And when you add up things like… Finland is one of the least corrupted countries on this planet and we have the best press freedom– All these are very good supporting factors for security companies offering security solutions worldwide.
WW: What is the one thing you think Finland can do better, in the area of cybersecurity?
Mikko Hypponen: That would be education. You can look at all the security problems we have in the world, and divide them into two different groups.
We have technical problems and then we have people problems.
Technical problems can be thought of as vulnerabilities, caused when programmers who made the program make mistakes. There might be a bug in the program, and the bug might become a vulnerability that can be exploited. Technical mistakes can be fixed—for we will just need to fix the bug, which then results in the vulnerability being fixed. And then we can ask our users to update their software or operating system, just like how you update your iPhone OS regularly.
And then we have the people problems. We cannot fix people problems by asking them to install updates. People clicking on places where they shouldn’t be clicking, people trusting attachments, people choosing poor passwords or using the same passwords everywhere.
We can fix the technical problems by fixing the bugs, but people problems can only be fixed by education.
WW: Does education on cyber security help, though? People just have itchy hands and hearts, don’t they?
Mikko Hypponen: It is hard. And this is why we need to repeat things over and over again. This is not just a problem for Finland—it is a global problem.
And this is the one thing Finland can do better, we can start security education from as young as possible, from early school years. We can teach young students how to use backups, the basics of cyber security and privacy, how to choose passwords, things like that.
We are doing it already, but we can be doing it more.
WW: What are the three things you appreciate most about Finland, as a Finn?
Point Number One: peace and quiet. I guess this is the mental state of Finns—we prefer to be alone.
We are comfortable being quiet. We prefer being a little further away from other people as possible. Maybe this is a stereotype, but I do appreciate walking in the forests and listening to the birds—and that’s it.
And point number one is related to Point Number Two: Accessibility.
Well, Finland is a place with excellent infrastructure and we do not have a lot of people. For example, I live in the middle of nowhere in the countryside–you can think of it as though I have no neighbors. I cannot see them and neither can I hear them. I go to my yard, and there are deers and moose and foxes.
So when I drive from Helsinki to my home, it takes me around 20 minutes. You cannot do that in a city like Tokyo. After driving for 20 minutes, you’d still be in the center of Tokyo!
Point Number Three: Heavy metal music. This is what I appreciate most about Finland. Finland has more heavy metal band per capita than any other country in the world. And I appreciate that. That is personally very important to me.
WW: Can you tell us some of the misconceptions about Finland and Finns that are far from the truth?
Mikko Hypponen: I think all the stereotypes are true.
Mikko Hypponen: I think the stereotypes describe Finns exactly like they are!
Finns don’t speak, Finns are very introverted, we drink too much and we live in the middle of nowhere.
Yeah I think these stereotypes are all true!
WW: But you are quite a good speaker!
Mikko Hypponen: Yeah, but I am not normal.
The stereotypes are true–that is pretty much how it is.
So there is nothing for me to correct.
WW: Can you tell us one thing about cyber security in Finland that most people might not know?
Mikko Hypponen: Most people probably do not know that the reason that we have fairly large computer security industry in Finland compared to many other countries in Europe is because of our history.
This history already starts from the Second World War, over 60-70 years ago.
After the war, research into cryptography and encryption systems was restricted in most European countries. Academic research and sharing information about encryption systems were banned.
But not in Finland. We were free to research, develop and export those systems then.
Because of this strong academic research foundation, we were then able to build a great computer security industry today in a healthy manner.
F-Secure is the largest cyber security company in Finland, but we have many security companies in this country. They range from small start-ups to larger companies and we have a range of expertise here in Finland.
WW: Nowadays there are many data centres being built in Finland. Do you think Finland can gain a competitive advantage from stricter privacy laws?
Mikko Hypponen: We do have very good legislation on privacy, probably one of the best in the world. This legislation grants privacy rights not just to our citizens—it also grants privacy rights to foreigners, which I don’t think is a law that exists anywhere else in the world.
The way our privacy law reads is as follow: we define a set of privacy rules and rights we have. However, there is nowhere that mentions that this law applies to only Finnish people. Rather, the law says that it applies to “mankind”.
Therefore, if you are a person from New Zealand who stores your data in a data centre in Finland, your data gains the same privacy rights as Finns do. Therefore regulations as such do give us an advantage.
In addition, one of the most costly part of maintaining a data centre is cooling, you know? For instance, Google’s data centre is in Hamina, which is right by the Baltic Sea and they do the cooling with the Baltic Sea.
Another consideration in picking a location for data centres is the prevalence of natural disaster such as Earthquakes—we want to avoid them. We don’t have earthquakes in Finland—we have a very solid ground here. In addition, Finland has excellent connectivity, especially also to the Far East and Russia.
In sum: the legislation is good, the environment is good the cooling works and we have no earthquakes. Therefore Finland is a pretty good place to build data centres in!
WW: I’m sure many young Finns in the IT field regard you as a role model. Do you have any tips for young people who want to have a great professional career as you do?
Mikko Hypponen: My tip—If you want to be successful in your field, you have to pick your niche.
You should not aim to become a general expert. It is much more valuable to be one of the world’s best in some narrow niche.
So pick a niche. Pick some narrow field of expertise. Within computer security, you can pick a niche from reverse engineering or secure development practices or penetration testing, for example. So focus on that, and then you become very good in that.
Therefore, figure out what you like, are good at, and then go all in for that narrow field of expertise.
And if you want to grow, you need to learn. If you need to learn, you need teachers and mentors.
Therefore, find mentors to help you—people who have done it before, or who have done something similar before.
WW: Finland will be celebrating its 100th year-old birthday next year! What is the one birthday wish you have for Finland?
Mikko Hypponen: I wish wisdom to our leaders so that they are able to lead us to the next 100th years of independence.
You see, we always have to be careful because of our geopolitical position.We must never forget that we have 1500 km of border with an unpredictable superpower, Russia. Yet we have proven that we are able to live peacefully with Russia.
We don’t know anything about the year 100 years from now, and I hope that we will be independent forever. And for that we need wise leaders. Our current leaders are good leaders—they are wise people and are not making any stupid moves.
I hope we will still be independent 100 years from now. We want to be free and able to do whatever we want.
The Hieno! is the official partner of the Finland 100 independence programme: What is “Finnish-ness”? endorsed by the Prime Minister’s Office. Photos by Niko N. We hope you have enjoyed reading this interview as much as we did! Do follow Mikko Hypponen on twitter @mikko too! ^^