Cyber Security Sauna

Threat hunting has become a buzzword in the industry of late. But what is it all about? Why should companies consider using threat hunting as a part of their security strategy? Connor Morley, threat hunter with F-Secure, stops by to discuss how his craft helps companies take a proactive approach to security.  Links: Episode 35 transcript Whitepaper: Demystifying Threat Hunting Whitepaper: KillSuit Research

While AI and machine learning are enabling definite advances in the digital world, these technologies are also raising privacy and ethical concerns. What does AI mean for personal privacy, and is it being exploited unethically? Are these concerns being addressed, or will AI spell disaster for society? Bernd Stahl is coordinator of the EU's SHERPA project, a consortium that investigates the impact of AI on ethics and human rights. Bernd joins Janne to discuss the delicate balance of AI - its advantages and disadvantages, potential misuses and how AI may improve life and create opportunity for some, while others may be hurt by algorithmic biases and unemployment. Links: Episode 34 transcript SHERPA Project Why Good AI Goes Bad Study: Security Issues, Dangers and Implications of Smart Information Systems

Cyber security has never been a hotter field to get into, but how do you gain the skills needed for landing a job? There are various paths to a cyber security career, from a formal university education to being a self-taught hacker. In this episode we hear from our guest about cyber security education from both a student and teacher perspective. Jesse Rasimus is a graduate of F-Secure's Cyber Security Academy who is now employed with F-Secure, and Tom Van de Wiele is an F-Secure consultant who also teaches infosec. They discuss university versus practical training, starting out in the field, dealing with imposter syndrome, and the cyber security careers of the future. Links: Episode 33 transcript

Following in the footsteps of GDPR, the US is seeing more progressive data privacy laws coming down, with the new California Consumer Privacy Act leading the charge. What does the CCPA mean for consumers and for companies? What can the US learn from GDPR? F-Secure's Timo Laaksonen, previously head of F-Secure's consumer business in North America, and Hannes Saarinen, F-Secure's data protection officer join this episode to discuss the new law and compare and contrast it with GDPR. Links: Episode 32 transcript TechCrunch: Silicon Valley is terrified of California's privacy law

The internet seems to be changing from being a relatively unrestricted space into something more regulated. More countries are implementing policies that restrict or filter the way their citizens experience the online world. Is the internet we know and love breaking up into many internets along geographical lines? Is true internet freedom a thing of the past? F-Secure's Tom Van de Wiele joins Janne to talk about digitally controlling regimes, bypassing those controls, and why consuming a healthy information diet is important for all of us. Links: Episode 31 transcript

Cyber security is relevant for everyone. Not everyone realizes it though, and not everyone understands what those in the infosec industry take for granted. How should security-minded individuals communicate with friends, relatives, colleagues and the general public about this important topic? What are the misconceptions regular folks often have about infosec, and what could we in the industry be doing better? Security consultant Laura Kankaala joins Janne to discuss. Links: Episode 30 transcript

In this episode, veteran hacker and red teamer Tom Van de Wiele answers questions from our listeners. Tom covers the ethics of ethical hacking, how to prioritize solving the myriad of security issues companies face, why he includes a banana in his hacking kit, the importance of communication skills in his job, and much more. A great listen both for those already in the industry and those wanting to break in. Links: Episode 29 transcript Episode 2 - Breaking into Infosec: Advice from an Ethical Hacker 21 tips for getting started in ethical hacking

Supply chain attacks are on the increase, with attackers abusing the trust we place in vendors and software. Why are these attacks growing, and what can companies do about them? Jyrki Huhta, senior security consultant at F-Secure, joins the show to share his thoughts on these devastating attacks and why "trust but verify" should be the motto for preventing them. Links: Episode 28 transcript

The modern home is continually getting more connected. But as much as we love our virtual assistants, smart thermostats and cloud-enabled security cameras, are we really aware of the risks they invite into our homes? And how can we enjoy the latest digital technologies without compromising security and privacy? F-Secure's Tom Gaffney joins Janne to discuss why and how IoT makes us vulnerable, how we can protect ourselves, and what IoT device makers should be doing. Links: Episode 27 transcript The Age of Surveillance Capitalism review

"Don't go to shady websites" was the advice people were given back in the day. But now it's not always possible to tell when you're in danger, as even reputable websites can be compromised. So how can you know if a website is legitimate and trustworthy to use? And from the developer's view, how can you design a website to be secure? F-Secure's Christine Bejerasco and Laura Kankaala join us to answer these questions. Listen in for expert tips and tricks for safe browsing, and for designing websites with security in mind. Links: Episode 26 transcript Whois.com Domain Lookup Wayback Machine Internet Archive

Phishing is one of today's biggest cyber security issues, a go-to tactic for threat actors. It's simple and effective, and perhaps that's why it has become such a source of frustration for companies. Kayleigh O'Donovan of MWR Infosecurity's Phishd team joins the show to talk about how phishers play with your emotions to get you to click, how to spot a phishing email, how phishing simulation can help companies reduce their click rates, and more.  Links:  Episode 25 transcript

One year ago, the EU General Data Protection Regulation (GDPR) came into effect, fundamentally changing the way businesses handle data. The GDPR forced companies to scramble to comply or face penalties. A year later, what has the GDPR's impact been and how are businesses handling it? Where should companies go from here? Joining the show are F-Secure's Hannes Saarinen, privacy officer, and Eric Andersen, who works with companies on GDPR compliance. We last spoke with them in May of 2018, and they're back to give us a one-year update. Links: Episode 24 transcript DLA Piper data breach survey  

Cyber security is always a hot topic during election seasons, and various elections are being held in Europe and around the world this spring. As digitally enabled as the world is, shouldn't we all be voting electronically by now, or via the internet? F-Secure's Tomi Tuominen and Antti Vähä-Sipilä join us to discuss the complexities of e-voting, why it's such a challenging issue, and when it makes sense to use e-voting systems.  Links: Episode 23 transcript OSCE Handbook for the Observation of New Voting Technologies Council of Europe Adopts New Recommendation on Standards for E-Voting  

The pro-leave side of the Brexit debate is getting support from far-right Twitter users based outside the UK. After investigating 24 million Brexit-related tweets, that's the conclusion Andy Patel, researcher from F-Secure's Artificial Intelligence Center of Excellence, has arrived at. In this episode, Patel discusses his research, the spread of misinformation, and how social media can often be just an echo chamber for people who share the same views. Links: Episode 22 transcript Analysis of Brexit-centric Twitter Activity Brexit-related Twitter mischief supported by global far right BBC - Foreign far-right Twitter users manipulated Brexit debate  

The cloud has changed the way we do business and the way we develop and deploy software and infrastructure. What are the security benefits of moving to the cloud, and what are the special concerns? What should companies do to ensure their cloud stays secure? Janne is joined by Laura Kankaala and Antti Vaha-Sipila of F-Secure to talk about what it means to be cloud native, why breaches happen in the cloud and much more. Links: Episode 21 transcript

Cyber war is a term we often hear tossed about, but is it just science fiction, or is it really happening? How worried should we be about the potential governmental offensive use of cyber power, and what constitutes a cyber weapon? Mikko Hypponen, Chief Research Officer of F-Secure, joins us this episode to discuss governmental APT actors, why words matter when it comes to cyber war, and why cyber weapons are the perfect weapons. Links: Episode 20 transcript

They say that the best defense is a good offense, as football fans or anyone that’s played a game of Risk might agree. But how does this idea look when you apply it to cyber security? F-Secure Principal Security Consultant Tom Van de Wiele joins this episode of Cyber Security Sauna to talk about offensive and defensive approaches to cyber security, and how defenders can use these strategies to protect their systems, operations and data. Links: Episode 19 transcript F-Secure Incident Response Report  

If you're looking for love nowadays, you'll likely turn to an online dating app. But what do these apps mean for your security? What privacy concessions are you making when you swipe? How does your online behavior impact your real life? Sean Sullivan joins Janne this episode to discuss the balancing act of maintaining your privacy while finding a match, avoiding romance scams and the tradeoffs you're making when using Tinder and apps like it. Links:  Episode 18 transcript FBI Internet Crime Complaint Center (IC3) AARP Scams & Fraud page DTR podcast - Mixed Signals episode

2018 is winding to a close and the new year is just around the corner. What's in store for 2019 in cyber security? In this episode, five experts talk about exactly that, and discuss notable trends of 2018. From mobile phishing to AI trends, supply chain attacks, IoT, data privacy and more, our roundtable keeps you abreast of the trends. Joining the show are Adam Sheehan of MWR Infosecurity, and Laura Kankaala, Tom Van de Wiele, Artturi Lehtiö, and Andy Patel, all of F-Secure. Links Episode 17 transcript Facebook Hack Exposes an Internet-Wide Failure - Single Sign-On research

Endpoint protection has been the trusted backbone of many companies' security. But with stories about data breaches and successful cyber attacks constantly in the news, people are beginning to think endpoint security is dead. Whether or not you agree, you might be wondering if there's any truth to this statement. F-Secure's Principal Security Consultant Antti Tuomi joins us this episode to talk about endpoint protection, its strengths and limitations, and when detection and response is needed. Links Episode 16 transcript