Mikko Hyppönen moves confidently on stage, his distinct dark blonde ponytail complementing an impeccable teal suit. A seasoned speaker, he’s driving home a crucial point to a gathering of hackers and security researchers at a major industry meet-up.
“I often refer to this as ‘cybersecurity Tetris’,” he remarks with a serious tone. He explains the classic game’s rules: complete a line, and it vanishes, letting remaining bricks form a new line.
“Successes vanish, but failures accumulate,” he says at Black Hat in Las Vegas, 2025. “In cybersecurity, our work is invisible…when perfect, nothing happens.”
Yet, Hyppönen’s contributions aren’t invisible. A veteran in cybersecurity, he has been battling malware for over 35 years. In the late 1980s, terms like “malware” weren’t common; instead, people spoke of “viruses” or “trojans.” The internet was rare, and some viruses spread via floppy disks.
Since then, he estimates having analyzed thousands of malware types. His global speaking engagements have established him as a respected voice in cybersecurity.
While still keen on safeguarding against malware, he’s now also focused on protecting against drones.
Living near Finland’s Russian border, Hyppönen, motivated by Russia’s 2022 Ukraine invasion, believes he can effectively combat drones.
For him, the longstanding cybersecurity challenges remain, but the industry has advanced significantly over two decades. An iPhone, for example, is highly secure. However, drone warfare’s cybersecurity aspects are largely unexplored territory.
From viruses and worms to malware and spyware…
Hyppönen entered cybersecurity by hacking video games in the 1980s. His passion was ignited by reverse engineering to bypass anti-piracy on a Commodore 64. He learned coding through adventure game development, and honed reverse engineering while examining malware at Finnish company Data Fellows, later known as F-Secure.
He has witnessed malware’s evolution firsthand.
In early years, virus creators acted out of passion and curiosity, not financial gain like today’s ransomware-driven attacks. Cryptocurrency and data marketplaces were non-existent.
Form.A, a prevalent early 1990s virus, spread via floppy disks. It didn’t destroy; it simply displayed a message. Yet, it reached places like the South Pole.
Hyppönen recounted the 2000 ILOVEYOU virus he and his team first discovered. It spread via email, overwriting files and self-propagating to contacts. It infected over 10 million Windows computers.
Malware has evolved. It’s no longer a hobby; self-replicating malware attracts defenders capable of quick neutralization and potential author identification.
“The age of viruses is behind us,” Hyppönen states.
Self-spreading worms are rare now. Notable exceptions include North Korea’s 2017 WannaCry ransomware and Russia’s NotPetya campaign, which disrupted Ukraine. Nowadays, malware is the domain of criminals, spies, and spyware developers for government hacking, who prefer staying hidden.
The cybersecurity industry is now valued at $250 billion. Necessity has professionalized it against rising malware threats. Defenders transitioned from free software to commercial offerings, says Hyppönen.
Devices like iPhones and browsers have become harder to hack. Hyppönen argues costly exploits limit usage to well-resourced entities, such as governments, rather than cybercriminals. It’s a consumer win and a cybersecurity success.
From fighting spies and criminals… to countering drones
In mid-2025, Hyppönen shifted to a new kind of defense as the chief research officer at Sensofusion, a Helsinki-based anti-drone system developer for law enforcement and military.
He cites the Ukraine war, defined by drones, as motivation. As a Finnish citizen in the military reserves, with a family history of opposing Russia, he understands the threat across the border.
“The situation is crucial to me,” he says. “Fighting drones today and tomorrow is meaningful. We stand with humans against machines, which feels sci-fi, but it’s our reality.”
Though cybersecurity and drones seem worlds apart, Hyppönen sees parallels in combating malware and drones. Cybersecurity uses signatures to identify and block malware. Against drones, the approach involves jamming and recognizing control frequencies.
Detecting drones involves identifying radio frequencies, or IQ samples.
“We identify the protocol and create signatures for unknown drones,” he explains.
Detecting the protocol and control frequencies, you can launch cyberattacks, causing system malfunctions and crashes. “Protocol level attacks are simpler in drones because once you find a vulnerability, you’ve succeeded,” he adds.
The strategy for fighting malware and drones remains unchanged in Hyppönen’s life. The cat-and-mouse game of improving defenses and adversaries adapting is the same. The enemy’s identity, however, hasn’t changed.
“I fought Russian malware for much of my career,” he says. “Now it’s Russian drones.”