Cyber Security Sauna

Cyber security has never been a hotter field to get into, but how do you gain the skills needed for landing a job? There are various paths to a cyber security career, from a formal university education to being a self-taught hacker. In this episode we hear from our guest about cyber security education from both a student and teacher perspective. Jesse Rasimus is a graduate of F-Secure's Cyber Security Academy who is now employed with F-Secure, and Tom Van de Wiele is an F-Secure consultant who also teaches infosec. They discuss university versus practical training, starting out in the field, dealing with imposter syndrome, and the cyber security careers of the future. Links: Episode 33 transcript

Cyber war is a term we often hear tossed about, but is it just science fiction, or is it really happening? How worried should we be about the potential governmental offensive use of cyber power, and what constitutes a cyber weapon? Mikko Hypponen, Chief Research Officer of F-Secure, joins us this episode to discuss governmental APT actors, why words matter when it comes to cyber war, and why cyber weapons are the perfect weapons. Links: Episode 20 transcript

In this episode, veteran hacker and red teamer Tom Van de Wiele answers questions from our listeners. Tom covers the ethics of ethical hacking, how to prioritize solving the myriad of security issues companies face, why he includes a banana in his hacking kit, the importance of communication skills in his job, and much more. A great listen both for those already in the industry and those wanting to break in. Links: Episode 29 transcript Episode 2 - Breaking into Infosec: Advice from an Ethical Hacker 21 tips for getting started in ethical hacking

The cloud has changed the way we do business and the way we develop and deploy software and infrastructure. What are the security benefits of moving to the cloud, and what are the special concerns? What should companies do to ensure their cloud stays secure? Janne is joined by Laura Kankaala and Antti Vaha-Sipila of F-Secure to talk about what it means to be cloud native, why breaches happen in the cloud and much more. Links: Episode 21 transcript

When people look for logos or symbols that emanate security, they often choose a lock. Sure, we know locks can be picked. But what would the world look like if attackers could just walk in without breaking their stride? After years of research, two F-Secure researchers have discovered that by exploiting design flaws in an electronic hotel lock system used in tens of thousands of hotels worldwide, they could create a master key to open any room in the building. In this episode, F-Secure’s Tomi Tuominen and Timo Hirvonen share their story, plus they get real with the unvarnished truth about hacking. The road wasn't easy, but these guys proved that after countless dead ends you can still come out on top.  Links:  Episode 7 blog post and transcript Hotel lock hack webpage & FAQ Hotel lock hack presentation at Infiltrate 2018

With the disclosure of Meltdown and Spectre early this year, hardware security has come into focus. What are the special challenges of securing hardware versus software? What about securing high-risk industries like aviation and automotive? In this fascinating episode, Andrea Barisani, head of hardware security at F-Secure, shares why we should be thankful for Meltdown, why security problems do not equal safety problems, the one piece of advice he would give hardware manufacturers, and much more. Links: Episode 5 blog post

Operational security is about turning the tables, looking at things from an attacker's point of view, and identifying how your own actions are making you vulnerable. Listen as Erka Koivunen, CISO of F-Secure, gets us up to speed on opsec: selecting your appropriate threat model, why you should never trust the office network, and tips for "spring cleaning" your opsec (potato chips and nail polish are recommended tools). And don't miss his favorite story of an epic corporate opsec fail. Links: Episode 6 blog post & transcript If you travel with your laptop, you probably should travel with nail polish Common Sense security tips from Erka

Phishing is one of today's biggest cyber security issues, a go-to tactic for threat actors. It's simple and effective, and perhaps that's why it has become such a source of frustration for companies. Kayleigh O'Donovan of MWR Infosecurity's Phishd team joins the show to talk about how phishers play with your emotions to get you to click, how to spot a phishing email, how phishing simulation can help companies reduce their click rates, and more.  Links:  Episode 25 transcript

The internet seems to be changing from being a relatively unrestricted space into something more regulated. More countries are implementing policies that restrict or filter the way their citizens experience the online world. Is the internet we know and love breaking up into many internets along geographical lines? Is true internet freedom a thing of the past? F-Secure's Tom Van de Wiele joins Janne to talk about digitally controlling regimes, bypassing those controls, and why consuming a healthy information diet is important for all of us. Links: Episode 31 transcript

The Internet of Things promises futuristic smart homes, energy savings and efficiencies, and improvements to health and well-being. But the IoT still has a long way to go before we can safely enjoy these benefits - currently, it threatens our security and privacy. Steve Lord, a 20-year industry veteran and director at Mandalorian, joins the show to talk about the IoT, from smart cars and TVs to Amazon Alexa and Apple Health. You'll learn why companies love your data, the biggest misconception about the IoT, and the one thing you can do to stay secure if you own a smart device. Links: Episode 4 blog post You Actually Own Your Device, and Other Myths About the IoT F-Secure Report: Pinning Down the IoT Corey Doctorow, The Coming War on General Computation

They say that the best defense is a good offense, as football fans or anyone that’s played a game of Risk might agree. But how does this idea look when you apply it to cyber security? F-Secure Principal Security Consultant Tom Van de Wiele joins this episode of Cyber Security Sauna to talk about offensive and defensive approaches to cyber security, and how defenders can use these strategies to protect their systems, operations and data. Links: Episode 19 transcript F-Secure Incident Response Report

Passwords. You plug them into your accounts and the services you use at work, you try little tricks to make them more unique, but have you ever wondered what a hacker thinks of your passwords? For episode 13, ethical hacker Jan Wikholm joins us to talk about passwords – how he cracks them in his job at F-Secure, the tricks hackers know you're using, and what you should do to keep your credentials safe. Jan also fills us in on hashing, how he does brute forcing, how companies should protect their users' passwords, and how to create a secure password you can actually still remember. Links: Episode 13 transcript

How can companies know if their security investments are actually working? Getting attacked is the ultimate test, but hiring a red team is a less disruptive way to find out. These guys rely on technical chops, acting skills and pure creativity to engage in an all-out attack on a company’s defenses. Joining us this episode is Tom Van de Wiele, Principal Security Consultant at F-Secure, to talk about how red teaming can help companies improve their security posture, his tricks for hustling his way into a company, and why the coffee machine is a red teamer's best friend while on a job (but not for the caffeine). Be warned: You’ll never look at strangers around your office the same way again. Links: Episode 12 transcript Video - The Value of Red Teaming, with Tom Van de Wiele

Cyber security is relevant for everyone. Not everyone realizes it though, and not everyone understands what those in the infosec industry take for granted. How should security-minded individuals communicate with friends, relatives, colleagues and the general public about this important topic? What are the misconceptions regular folks often have about infosec, and what could we in the industry be doing better? Security consultant Laura Kankaala joins Janne to discuss. Links: Episode 30 transcript

Disinformation. Fake news. Social media manipulation. Lately another dark side of the internet has come into focus - its use as a tool for deception. Technologies like machine learning and artificial intelligence are being employed to play hoaxes and mislead on purpose. Seeing is no longer believing - and moving forward, it's only going to get harder to distinguish facts from falsehoods.  Andy Patel from F-Secure's Artificial Intelligence Center of Excellence has been studying this phenomenon. He joins Janne in this episode to share what he's learned about Twitter bots, deepfakes, voice cloning and the tools that make it all possible. Do concerns about these technologies outweigh the benefits, and how will they affect society? Links: Episode 11 transcript Andy's Twitter research

Supply chain attacks are on the increase, with attackers abusing the trust we place in vendors and software. Why are these attacks growing, and what can companies do about them? Jyrki Huhta, senior security consultant at F-Secure, joins the show to share his thoughts on these devastating attacks and why "trust but verify" should be the motto for preventing them. Links: Episode 28 transcript

The summer holiday season is upon us, and people are looking forward to trading their daily workplace grind for a new adventure. Traveling is always exciting, but it takes you out of your comfort zone, and that gives thieves and criminals opportunities to exploit you. F-Secure principal security consultant Tom Van de Wiele is back to tell us how we can keep our devices and data safe while enjoying a fabulous vacation. Are the kids safe from strangers when playing Minecraft on the hotel WiFi? Is it OK to use Bluetooth in your rental car? What are the most common vacation scams to watch out for? Don't miss this episode, complete with Tom's checklist for what to pack. Links: Episode 9 transcript How You Can Travel Like an Ethical Hacker: Do's and Don'ts

Over the past few years, ransomware stole headlines as the biggest malware threat to worry about. Consumers and businesses alike were being hit and forced to shell out money to retrieve their files. But the cybers never stand still, and neither does malware. Nowadays ransomware is being eclipsed by new trends. F-Secure Labs researchers Paivi Tynninen and Jarkko Turkulainen join us to explain why ransomware is on the decline, and what’s taking its place. Listen for the story on cryptojacking and the current world of cybercrime. Links: Episode 10 transcript 2016 study: Evaluating the Customer Journey of Crypto-Ransomware

Following in the footsteps of GDPR, the US is seeing more progressive data privacy laws coming down, with the new California Consumer Privacy Act leading the charge. What does the CCPA mean for consumers and for companies? What can the US learn from GDPR? F-Secure's Timo Laaksonen, previously head of F-Secure's consumer business in North America, and Hannes Saarinen, F-Secure's data protection officer join this episode to discuss the new law and compare and contrast it with GDPR. Links: Episode 32 transcript TechCrunch: Silicon Valley is terrified of California's privacy law

If you're looking for love nowadays, you'll likely turn to an online dating app. But what do these apps mean for your security? What privacy concessions are you making when you swipe? How does your online behavior impact your real life? Sean Sullivan joins Janne this episode to discuss the balancing act of maintaining your privacy while finding a match, avoiding romance scams and the tradeoffs you're making when using Tinder and apps like it. Links:  Episode 18 transcript FBI Internet Crime Complaint Center (IC3) AARP Scams & Fraud page DTR podcast - Mixed Signals episode