Christmas Calendar, Day 15: A Japanese Christmas
Who are you and what do you do at F-Secure?
Hi, I’m Antti, and I’m one of the satellite members of the Cyber Security Services technical security consulting team. I moved to Japan in the beginning of the year, and get to work with some very interesting international projects, such as security testing aviation and airplane-related systems.
Other than the work stuff, I’m a huge nerd, a gamer-for-life, a music geek, a food and craft beer enthusiast, terrible at skateboarding, and trying to pick up Japanese as well as playing too many instruments at once without knowing which one to focus on. In general, I can’t help wanting to always keep learning new things and new skills – which also makes me very lucky to have a job where every week is a new interesting challenge or puzzle to solve. 🙂
What has been the most interesting project you’ve worked on at F-Secure? Tell us a bit about it.
It’s hard to choose a favorite, but candidates that instantly pop into my mind are the red teaming gigs, aviation-related projects, as well as some cases where we have acted as security advisors and testers in agile software development projects.
For the red teaming gigs, the adrenaline rush you get the first time you walk into a building with a cloned ID badge among the actual employees, and when the access key reader beeps and welcomes you in with that green light, are so cool that I still get goosebumps thinking about them. It’s also the moment when all the preparation from studying the floor plans and photoshopping ID badges truly pays off.
The aviation side is also really exciting as it’s a completely different world from your everyday web and mobile applications. Before working with these projects, I didn’t truly understand the complexity of the systems and processes that airports and airlines go through every day to take the planes off the ground and safely back down, and to bring you that in-flight Wi-Fi during your trip. It’s unbelievably interesting to be able to participate in ensuring the systems stay safe and secure, even with the new technologies that are brought in.
Finally, although being a part of the security team in an agile software development project sounds nowhere as sexy as the ones above, some of these projects have been really fulfilling and interesting. If you bring in security testing and design at the last stages of the project, right before the system goes into production, you sometimes find implementation or even design issues that are very problematic for the project. In cases where we have been able to take part in helping the development teams right from the start, we have also been able to avoid the issues early on and form a really good relationship with the team, also resulting in a good product. That’s a very fulfilling type of project that nicely balances all the other assignments where I’m breaking stuff, whether it be on the ground or in the air. 🙂
What has been the most challenging project you’ve worked on at F-Secure? Tell us a bit about it.
The most challenging project has to be the one I’m facing right now: how to form the same kinds of good relationships with companies and being able to help them bring security into their services and products over here in Japan. I hadn’t realized it before moving here, but the culture regarding security can be very different even between e.g. countries in Northern Europe, and needless to say, between Europe and Japan as well. Unfortunately, fewer companies in Japan appear to have full-time CISOs that would have the vision and authority to advance security within their organizations. Some companies might even prefer to not know about any potential vulnerabilities, if they do not have the resources to address them.
Hence, my current and most challenging project is to help these organizations reach the same “zero defects” level in security as in product development, and to help bring the Japanese kaizen (改善) mentality of continuous improvement into security. It might take a while before this project is completed, though, but I’ll try my best to see it through. 🙂
Categories