To commemorate F-Secure’s 30th year of innovation, we’re profiling 30 of our fellows from our more than 25 offices around the globe.
Nurturing an inquisitive mind makes the future look good for defenders and challenges the attackers. One F-Secure Fellow went from books to breaches.
“I’ve been interested in computers for as long as I can remember, especially cyber security,” Artturi Lehtiö says. “I was probably around ten when I managed to convince my parents to buy me a 900-page book.”
He chose Maximum Security: A Hacker’s Guide to Protecting Your Internet Site and Network for two reasons: The coolest cover in the whole store, and the intrigue factor.
It was his first memory of trying to figure out how computers could be hacked and secured. The contents might have been over his head, but this only strengthened his interest in the field.
“The photos of most of the authors were blurred, and everyone was named “Anonymous”. Maybe I thought hackers and hacking (the legal kind) sounded cool.”
Artturi’s interests expanded in the ensuing years. Choices of potential careers grew, but cyber security kept returning to the top of his list.
“I ended up studying computer science at Aalto, the biggest technical university in Finland. I wasn’t the most diligent of students and spent most of my time working on extra-curricular projects, mostly related to cyber security. They were much more interesting than the school-supplied ones.”
One particular computer science course drew consistent peer praise. Experts at F-Secure taught a special course on malware analysis every spring.
“I was trying to teach myself reverse engineering then and was more interested in finding vulnerabilities than looking at malware. It sounded like a dry topic, but I was desperate for courses that sounded even passably interesting. That’s because the Finnish State only provides a monthly study grant if you accumulate enough study credits per year,” explains Artturi.
He began to change his mind about the subject as the course progressed and started considering summer internship options. One of the lecturers mentioned he should get in touch with F-Secure.
“Fast forward a few months, and I was a fresh summer intern working in the threat intelligence team at F-Secure’s Labs,” he says.
The company then hired him full-time. He’s since switched roles a couple of times, and currently works as service technology lead for their cyber security consulting division.
Artturi’s responsibilities include coordinating everything tech the company develops for their cyber security consultants to use for delivering consulting services to customers.
“I’m also product owner for F-Secure’s Cyber Intelligence Platform used by our cyber intelligence consultants. I oversee development of the platform and try to ensure it serves the needs of our consultants now and in the future,” comments Artturi.
But this is only part of his story. He also spent years researching and tracking state-sponsored cyber espionage, searching for ways defenders could gain the upper hand in the fight against attackers.
“As defenders, you get to work every day on understanding your environment. Turn it into an advantage, know your environment better than anyone else,” he says.
Attackers always have an objective.
“They need to accomplish a variety of steps properly to succeed. These can include identifying your organization’s infrastructure, finding a vulnerable or misconfigured service, gaining access to it, and using that to pivot onto other services in your environment,” explains Artturi.
“An attack is a long process involving countless steps. Your goal as a defender is to catch attackers before they reach their goal. You only need to catch them at one of the steps to be able to win.”
Individuals don’t need to be cyber security wizards to defend themselves, though. Simple steps improve personal privacy and help protect against data harm.
“Make sure all your software stays up to date, But more importantly, use a password manager. You don’t need to stress about password leaks or worry about your accounts being compromised if you combine this with two-factor authentication wherever possible. You also don’t have to worry about remembering all your passwords,” he says.
Artturi enjoys the constant learning, teamwork, and people skills part of his job as well. And not everyone who wants to work in cyber security industry needs to be technically-minded.
“I strongly believe we’d be a lot better at cyber security if we had more non-technical people working on it. You need an open mind, an inquisitive nature, and a willingness to learn. The rest will come,” he concludes.
And check out our open positions if you want to join Artturi and the hundreds of other great fellows fighting to keep internet users safe from online threats.
Leave a comment