Episodes
There’s many different ways to collaborate on infosec problems. There’s no shortage of associations, conferences, and other frameworks that organizations can use to find others to work with. And there’s a healthy supply of security companies to choose from. But do any of these offer concrete benefits to organizations? Will organizations somehow achieve better outcomes by working with others? Or is it more complicated than that? Today, we’re joined by UK-based Julia Ward, WithSecure’s...
Published 04/05/22
Published 04/05/22
Non-profit organizations play a crucial role in our well-being. In many parts of the world, they’re a major source of education, health care, social services, and more. And while they’re not in it for the money, they remain a target for cyber attacks, just like other organizations. Why is this case? What can and should be done about this? In this episode, Adrien Ogee, Chief Operating Officer for the CyberPeace Institute, a non-governmental organization that helps defend the security, dignity,...
Published 02/28/22
With 2021 now behind us, it’s time to revisit the highs and lows of the past 12 months, and look ahead to what we can expect in the months ahead. To mark the year’s end, we recorded a special two-part episode of Cyber Security Sauna. F-Secure’s Chief Research Officer Mikko Hypponen, Security Consultant Adriana Verhagen, and AI researcher Andy Patel join episode 64 to share their key takeaways from 2021, and thoughts on important issues we’ll face in 2022 and beyond. In this episode:...
Published 01/24/22
2021 is drawing to a close, and it’s time to look back on the events of the past year. At the same time we look ahead to the brand new year to come. Welcome to part one of a special two-part episode of Cyber Security Sauna. In this episode we’re joined by F-Secure’s Chief Research Officer Mikko Hypponen, Security Consultant Adriana Verhagen, and AI researcher Andy Patel, to hear their key takeaways from 2021, and thoughts on important issues we’ll face in 2022 and beyond. In this episode:...
Published 12/29/21
The remotely exploitable Log4j zero day vulnerability discovered just a few days ago has been called one of the most serious vulnerabilities to date. So what is it all about, and what does it mean for organizations? How is it being exploited? What are the risks, and what can you do if you're waiting for a patch? F-Secure CISO Erka Koivunen joins Janne to break down the issue, and explains why this vulnerability should be a wakeup call for security practitioners and developers.
Published 12/14/21
The topic of application security has never been more important. So how are companies approaching appsec? What should companies do to ensure appsec gets the attention it needs? Antti Tuomi, who works in Japan, and Antti Vaha-Sipila (known as AVS), from Finland, join the show to share their thoughts on changes in application security, shifting left, supporting developers, "level boss testing," and much more.
Published 11/24/21
Biometric authentication systems have the potential to take the place of passwords. But there are a lot of considerations before taking these systems into use. When should they be used, and how? What are the risks, and when should biometrics be approached with skepticism? Vic Harkness and Tom Van de Wiele discuss the advantages and disadvantages of biometric authentication systems, some of the wackiest ways our bodies can be measured, and why layered security still works best.
Published 11/02/21
Cyber crime is a constantly evolving game. As soon as new technology is introduced, attackers start figuring out how to exploit it for malicious purposes. No one understands this better than F-Secure Chief Technology Officer Christine Bejerasco. Christine joins Janne to discuss the changing world of cyber crime, and how companies can avoid having their new technologies exploited by taking a secure-by-design approach. 
Published 10/11/21
When it comes to getting into cybersecurity, the skills can be learned, and it's all about hard work and dedication. Our guest this episode, incident response consultant Eliza Bolton, successfully transitioned to cybersecurity from the nursing profession. Also joining is Matt Lawrence, F-Secure's head of IR. Matt and Eliza discuss tackling the cyber skills shortage, why diverse teams are more adaptable, and why Eliza’s background as a nursing assistant is an asset in the world of incident...
Published 09/20/21
After data breaches and ransomware attacks, we often hear that customer information was leaked to the dark web. This obviously can have serious implications for both companies and individuals, but for many of us, the dark web is as mysterious as it sounds. So what is the dark web all about, and what's happening there? How does it affect companies and regular people? F-Secure's Laura Kankaala and Elias Koivula join the show to help to help demystify the topic.
Published 08/17/21
Ransomware payment amounts have skyrocketed over the past year. As threat actors keep getting richer, they have more resources to fuel their operations. Many people argue that the way to discourage ransomware is to implement an outright ban on ransom payments. Is this suggestion idealistic or realistic? How would such a ban affect companies, and what are the alternatives? Päivi Tynninen of the Finnish National Cybersecurity Center and Jordan LaRose of F-Secure join us to share their views.
Published 07/15/21
AI and machine learning are shaping our online experience, from product recommendations, to customer support chatbots, to virtual assistants like Siri and Alexa. These are powerful tools for enabling business - but powerful doesn't mean perfect. F-Secure data scientist Samuel Marchal and security consultant Jason Johnson join Janne for this episode to talk about some of the security issues with machine learning and how to address them.
Published 06/23/21
The fallout from a ransomware attack is every organization's worst nightmare. But it doesn't necessarily have to be, if you can respond to an attack effectively. As our guests explain, there are things companies can be doing in advance to ensure a proactive response to ransomware, and to reduce the impact to the company. Incident response experts Jordan LaRose and Matt Lawrence of F-Secure join the show to discuss.
Published 05/27/21
The role of a chief information security officer demands technical knowledge, but it also requires soft skills of leading and influencing. So how can CISOs get their security message across to boards, the business, employees and the security team? Joining Janne are two CISOs, Erka Koivunen of F-Secure and Chani Simms, co-founder of Meta Defence Labs and founder of SHe CISO Exec community, to discuss communication and the role of emotional intelligence in promoting a culture of security at...
Published 04/28/21
Cloud computing was one of the last decade's most transformative technologies. It helped organizations launch exciting new applications and services, as well as innovate the way they operate. But moving critical parts of IT infrastructure and operations outside of organizations' perimeters has significant security implications. The cloud is definitely here to stay, so security consultants Laura Kankaala and Nick Jones join Janne to talk about the cloud security challenges organizations face.  
Published 04/06/21
Phishing is the number one vector leading to data breaches. It's an easy, effective way for attackers to trick users into giving up credentials or running malicious code. While organizations cannot stop motivated attackers from trying to phish their employees, they can make it harder to succeed. F-Secure's director of consulting, Riaan Naudé, joins the show to talk about how companies can combat phishing by addressing the earlier stages of the intrusion kill chain.
Published 03/11/21
Infosec conferences give cybersecurity professionals a chance to network, hear the latest research, exchange ideas, and demo hacks and new tools. But how do you decide which ones to attend? How can you get the most out of your experience? Are they worth your time and money? What's it like to be a presenter, or even an organizer? Janne speaks to Noora Hammar of the Nordic security event Disobey and the HelSec Association; and F-Secure's Tomi Tuominen, founder of the T2 infosec conference.
Published 02/18/21
We thought locking up data and demanding a fee to decrypt it was bad. But ransomware criminals have stooped even lower and now, threats of public data exposure on top of ransom demands are routine. What's next? Where's ransomware 2.0 going in 2021? F-Secure's chief research officer Mikko Hypponen joins us to give his take. Also in this episode: Ransomware's evolution, why it's mainly a Windows problem, the impact of remote work, how ransomware's industrialization affects the threat landscape,...
Published 01/19/21
2020 has been a year no one predicted. COVID-19 made remote work the norm and shook up the attack landscape. Through it all, breaches and ransomware attacks continued to plague organizations. In this episode we're looking back at some of the trends that defined the cyber world in 2020 with F-Secure's Tom Van de Wiele and Nick Jones. Also in this episode: The supply chain attack on SolarWinds; update on the cyber skills shortage; 2020's effect on VPN, Zero Trust, and cloud; the 2020 US...
Published 12/30/20
With the holidays accelerating online shopping, more online transactions means more reasons to be careful about fraud like identity theft and account takeover. ID theft claims millions of victims per year, but how does it happen and how can you avoid being a victim? Olli Bliss of F-Secure joins the show with answers. Also in this episode: How attackers get your data, how they crack passwords and break into accounts, what's happening to your data on the dark web, the new trend in credit card...
Published 12/09/20
Is iOS really more secure than Android? What are the pros and cons of biometric authentication? How can you know which apps are safe? In this episode we dive into a range of mobile security issues. Who better to answer our questions than a couple of mobile experts? F-Secure's Ken Gannon and Ben Knutson join the show to discuss app permissions, company mobile device management, mobile hygiene tips, signs your phone's been hacked and more. Plus, is your Facebook app listening in on you, or not?
Published 11/12/20
You know about malware, ransomware, spyware. But there's an increasing concern about stalkerware, a creepy breed of apps that allow someone else to digitally monitor you. What is stalkerware all about and how can you recognize it? Who plants it and why, and who are its victims? Joining the show are Eva Galperin, director of cyber security at the Electronic Frontier Foundation who also helped found the Coalition Against Stalkerware, and Anthony Melgarejo, threat researcher at F-Secure.
Published 10/05/20
It's a year like none we've ever experienced. COVID-19's effects have reverberated around the world, and around cyberspace. What's happened in the threat landscape while we've been preoccupied with the pandemic? How have attackers adapted to the new normal? Christine Bejerasco and Calvin Gan of F-Secure's Tactical Defense Unit join us to discuss the latest email and phishing threats, how threat actors are taking advantage of remote work, and why a ransomware infection may be just the tip of...
Published 09/17/20
There is no one set path to a cybersecurity career, and today's guests have arrived in the field in very different ways. Logan Whitmire comes from a military background and Derek Stoeckenius has a degree in psychology. They share what sparked their interest in infosec, their journey to their current roles, and how their unique backgrounds influenced the way they approach their work. Also: Tips on getting into the field, and what they might have done differently.
Published 08/24/20