Mikko Hyppönen is moving back and forth on the stage, with his distinct dark blonde ponytail cascading over a pristine teal suit. An experienced speaker, he aims to convey a significant message to an audience filled with hackers and security researchers at a global annual gathering of the industry.

“I frequently refer to this as ‘cybersecurity Tetris’,” he states to the audience with a grave expression, outlining the rules of the classic video game. Completing an entire line of blocks causes that row to disappear, allowing the remaining ones to drop into a new line.

“Your victories vanish, whereas your setbacks accumulate,” he communicates to the audience during his keynote at Black Hat in Las Vegas in 2025. “The difficulty we encounter as cybersecurity professionals is that our efforts remain unseen… when you execute your tasks flawlessly, the ultimate outcome is that nothing occurs.”

Nonetheless, Hyppönen’s contributions have certainly been noticeable. As one of the cybersecurity field’s most enduring figures, he has dedicated over 35 years to combating malware. When he began in the late 1980s, the term “malware” was not yet commonly used; the terms predominantly employed were computer “virus” or “trojans.” The internet was still a privilege for a select few, with some viruses relying on infecting computers via floppy disks. 

Since that time, Hyppönen estimates he has scrutinized thousands of various types of malware. Thanks to his regular presentations at global conferences, he has emerged as one of the most identifiable figures and esteemed voices within the cybersecurity sector.

While Hyppönen has devoted much of his life to preventing malware from entering prohibited areas, he is now engaged in a somewhat similar endeavor, albeit with a different focus: His current task is to safeguard individuals from drones. 

Hyppönen, a Finnish national, mentioned during a recent interview that he resides about two hours from Finland’s border with Russia. An increasingly antagonistic Russia and its 2022 full-scale invasion of Ukraine, where the majority of casualties are reportedly due to drone attacks, have led Hyppönen to believe he can make a significant impact by addressing drone threats.

For Hyppönen, it is also crucial to acknowledge that while enduring challenges in the cybersecurity realm persist—malware remains a constant threat, and new issues loom on the horizon—the industry has achieved remarkable advancements over the past twenty years. He cited the iPhone as an example of an exceptionally secure device. In contrast, the cybersecurity elements of drone warfare still represent largely uncharted territory.

From viruses and worms to malware and spyware…

Hyppönen’s entry into cybersecurity began with hacking video games during the 1980s. His passion for the field arose from reverse engineering software to find a way to bypass anti-piracy measures on a Commodore 64 home computer. He honed his coding skills by creating adventure games, and refined his reverse engineering talents by investigating malware at his first job with Finnish company Data Fellows, which later became the well-known antivirus provider F-Secure. 

Since then, Hyppönen has been at the forefront of the battle against malware, observing its transformation.

In the early days, virus creators often wrote their malicious code purely out of enthusiasm and curiosity to explore the limits of coding. While some instances of cyberespionage were present, hackers had yet to realize monetization strategies for hacking akin to those seen today, such as ransomware attacks. There was no cryptocurrency facilitating extortion or a black market for stolen data.

Form.A, for instance, was among the most prevalent viruses in the early 1990s, which spread by floppy disk. A variation of that virus did not cause damage—often merely displaying a message on the user’s screen. Yet, this virus traversed the globe, including making it to research stations at the South Pole, as Hyppönen noted.

Hyppönen recalled the notorious ILOVEYOU virus, first identified by him and his colleagues in 2000. ILOVEYOU was a worm, meaning it propagated automatically from one computer to another. It arrived through email as a text file, supposedly a romantic letter. If the recipient opened it, it would overwrite and damage some files on their computer, and then distribute itself to all their contacts. 

This virus infected over 10 million Windows computers globally.

The landscape of malware has drastically changed since then. Hardly anyone develops malware purely as a hobby anymore, and crafting self-replicating harmful software practically guarantees quick detection by cybersecurity experts equipped to neutralize it and possibly apprehend its creator.

According to Hyppönen, nobody engages in it for the thrill any longer. “The era of viruses is firmly in the past,” he stated. 

Instances of self-replicating worms are now rare—except for a few notable cases, such as the damaging WannaCry ransomware attack attributed to North Korea in 2017 and the NotPetya widespread hacking campaign launched by Russia later that year, which severely impacted the Ukrainian internet and power infrastructure. Currently, malware is predominantly utilized by cybercriminals, espionage agents, and mercenary spyware developers who create exploits for state-sponsored hacking and surveillance. These entities typically operate clandestinely, aiming to conceal their tools to maintain their operations and evade cybersecurity defenders or law enforcement. 

Another notable change is that the estimated worth of the cybersecurity industry has reached $250 billion. The field has professionalized, partly as a necessity, in reaction to the rise in malware assaults. Defenders transitioned from offering their software without cost to monetizing it through paid services or products, noted Hyppönen. 

Computers and newer innovations such as smartphones, which started gaining traction in the early 2000s, have become significantly more challenging to hack. If the resources required to exploit an iPhone or the Chrome browser amount to six figures or even several million dollars, Hyppönen argued, this makes an exploit prohibitively expensive, limiting accessibility to only well-funded entities, like governments, rather than financially motivated cybercriminals. This is a considerable victory for consumers and a testament to the achievements of the cybersecurity sector.

From fighting spies and criminals… to countering drones

In mid-2025, Hyppönen transitioned from cybersecurity to a different realm of defense work. He took on the role of chief research officer at Sensofusion, a Helsinki-based firm that creates a drone defense system for law enforcement and military agencies. 

Hyppönen expressed that his enthusiasm for entering this emerging field was influenced by the developments in Ukraine, a conflict characterized by drone warfare. As a Finnish citizen with military reserve duties (“I can’t disclose my role, but I can share that they don’t equip me with a rifle as I am far more dangerous with a keyboard,” he shared), and with two grandfathers who battled the Russians, Hyppönen is keenly aware of the adversary just beyond his nation’s frontier.

“The situation holds significant importance for me,” he stated. “It feels far more relevant to work against drones, covering not just the current drones we see, but also those of the future,” he emphasized. “We are positioned alongside humans confronting machines, which may seem somewhat science fiction-like, yet that is precisely what we do.”

While the fields of cybersecurity and drone defense may appear worlds apart, Hyppönen notes evident similarities between countering malware and countering drones. To tackle malware, cybersecurity firms have developed mechanisms known as signatures to recognize which software is malware and which is not, and subsequently detect and neutralize it. In the context of drones, Hyppönen elaborated that defenses involve crafting systems capable of locating and jamming drone radio signals while recognizing the frequencies controlling the unmanned vehicles. 

Hyppönen explained that it is feasible to identify and monitor drones by capturing their radio frequencies, referred to as their IQ samples. 

“We extract the protocol from that information and develop signatures for detecting unidentified drones,” he described. 

He further elucidated that if the protocol and frequencies controlling the drone are identified, it is possible to initiate cyberattacks against it. This could cause the drone’s system to fail, crashing it to the ground. “In many respects, these protocol-level attacks are much more straightforward in the drone realm because the initial step is also the concluding step,” Hyppönen emphasized. “If a vulnerability is found, you’re finished.”

The parallels in strategies employed in combating malware and confronting drones are not the only aspects of his life that remain unchanged. The perpetual cat-and-mouse dynamic of deriving methods to counter a threat, while the adversary adapts and formulates new strategies to bypass defenses continuously, applies equally to the domain of drones. Additionally, there’s the identity of the adversary.  

“I have devoted a substantial portion of my career to resisting Russian malware strikes,” he stated. “Now I am standing against Russian drone strikes.”