CIAT Resource Library

Highlights From Questionnaire with Ekra Koivunen, Finnish Cybersecurity Veteran.

Erka is a veteran in cyber security. With over 10 years working in the industry with the finnish government, he is currently an adviser for F-Secure, a top European cyber security company. Erka recently did an “Ask Me Anything” questionnaire on Reddit

Here is a recap of some of the most intuitive questions on cyber security:

From a personal level, what sort of things can we do, other than installing anti-virus software, to make sure our data remains secure? As a secondary point, what’s your go to anti-virus software to use, again, on a personal level?

“In anything you do in terms of protecting yourself online, please remember that it is increasingly difficult to distinguish between your professional and personal presence. So, if your job requires you to be mindful of what you share online and how to keep hackers out, please be as vigilant in your personal capacity as well. Otherwise you may end up becoming the low-hanging fruit that the attackers exploit in order to get after your employer, its customers or its partners.
Now, having established that, this is what I always do with my personal stuff:

  • Everything starts with fresh install. The bloatware just sickens me.
  • I patch, harden and lock-down all my gear so that there is as little as possible attack surface to go after
  • I use full disk encryption together with strong password protection
  • I backup, backup my backups and locate the backups of my backuped backups somewhere else than my home (did I already say about encrypting your backups)
  • I keep a record of my family’s gear, encryption keys and backups; nobody remembers this by heart
  • I am wary of what networks I connect my devices with
  • I am conservative on who I let to our home networks. Nobody get in the inner parts of the network.”

When working in cyber security industry like you are, do you feel like being out of the general public knowledge or otherwise being “off from the radar” would be beneficial for some positions in the industry?

“The off-the-grid approach is actually what the classified systems are designed around. For instance, a system classified as SECRET cannot be connected to public networks such as internet.
And this is where the spies enter the game: if you truly hold secrets that mean anything to somebody else, they will go after your secrets regardless of how you defend them. You will find that it is really difficult to operate off-the-grid. For economical and human behavioral reasons you want to limit the amount of off-the-grid data and transactions to absolute minimum (of course all the time relating to the value of the secrets that you protect). Otherwise people start to get “innovative” and end up inviting the spies in.”

Recently, our company faced a ransomware attack. Would have any suggestion of how to prevent it and manage it once the wolf is in the henhouse ?

“Cosmin and Vangelis from ENISA already provided excellent advice. I have yet one more thing to add: regardless of your Anti-Virus product, now would be the moment to take a close look at the configuration and enable the more advanced behavioral detection mechanisms. In our products these go by the names DeepGuard and Advanced Process Monitoring. These detection engines are your last line of defense, make good use of them!”

Featured Image Source: Reddit

Subscribe To Our Blog

Get the latest updated information on courses, degree programs and more…

Suggested Articles

CIAT Secures Coveted Top Spot in the San Diego Tribune's Annual Workplace Survey
(Nov. 28th, 2023) – California Institute of Arts and Technology (CIAT) proudly announces its exceptional recognition as a leading workplace ... Read more
How is Data Managed in the Cloud?
Managing cloud data is an essential responsibility for organizations. A comprehensive cloud data management strategy combines people, processes, and technology ... Read more
What Education Options Are Available While Going Through a Tech Layoff?
Some of the largest tech giants in the world, including Google, Microsoft, Amazon,, and Intel, continue to announce layoffs. ... Read more
What is SOC 2 Compliance?
Compared to other compliance requirements, SOC 2 is voluntary. Established by the American Institute of CPAs (AUCPA), the SOC 2 ... Read more


Talk to an Advisor

Request an appointment with one of our IT expert Admissions Advisors for personalized guidance on building your education plan. You’ll be able to book an appointment instantly for a time that fits your schedule. 

Enrollment Deadline - July 24, 2023!

Oops! We could not locate your form.

*By submitting this form, you are giving your express written consent for California Institute of Arts & Technology to contact you regarding our educational programs and services using email, telephone or text – including our use of automated technology for calls and periodic texts to any wireless number you provide. Message and data rates may apply. This consent is not required to purchase goods or services and you may always call us directly at 877-559-3621. You can opt-out at any time by calling us or responding STOP to any text message.