Mikko Hyppönen paces back and forth across the stage, his trademark dark ponytail resting against an immaculate teal suit. An experienced speaker tries to make an important point to a room full of fellow hackers and security researchers at one of the industry’s global annual meetings.
“I often call it ‘cyber security Tetris,'” he tells the audience with a serious face, tossing aside the rules of the classic video game. When you complete an entire row of bricks, the row disappears, letting the remaining bricks fall into a new row.
“So your successes disappear, while your failures pile up,” he tells the audience during his keynote address at Black Hat in Las Vegas in 2025. “The challenge we face as cybersecurity people is that our work is invisible… when you do your job perfectly, the end result is that nothing happens.”
Hyppönen’s work, however, was certainly not invisible. As one of the longest-standing players in the cybersecurity industry, it has spent more than 35 years fighting malware. When it started in the late 1980s, the term “malware” was still far from everyday language. Instead, the terms were computer “virus” or “trojans”. The Internet was still something few people had access to, and some viruses relied on infecting computers with floppy disks.
Since then, Hyppönen estimated that he has analyzed thousands of different types of malware. And thanks to his frequent speaking engagements at conferences around the world, he has become one of the most recognizable faces and respected voices in the cybersecurity community.
While Hyppönen has spent much of his life trying to prevent malware from getting into places it shouldn’t, he’s now still doing much of the same, albeit in a slightly different way: His new challenge is protecting people from drones.
Hyppönen, who is Finnish, told me during a recent interview that he lives about two hours away from Finland’s border with Russia. An increasingly hostile Russia and its 2022 full-scale invasion of Ukraine, where the majority of deaths reportedly from unmanned aerial attacks, have led Hyppönen to believe he can make a renewed impact fighting drones.
For Hyppönen, it’s also a matter of recognizing that while there are still lingering problems to be solved in the cybersecurity world — malware isn’t going anywhere and there are plenty of new problems on the horizon — the industry has made huge strides in the past two decades. An iPhone, as Hyppönen cited as an example, is an extremely secure device. The cybersecurity aspects of drone warfare, on the other hand, remain largely uncharted territory.
From viruses and worms to malware and spyware…
Hyppönen got an early start in cybersecurity by hacking video games during the 1980s. His love of cybersecurity came from reverse engineering software to find a way to remove hacking protection from a Commodore 64 home computer. He learned to code by developing adventure games and honed his reverse engineering skills by analyzing malware at his first job at Finnish company Data Fellows, which later became the well-known antivirus manufacturer F-Secure.
Since then, Hyppönen has been at the forefront of the fight against malware, monitoring its evolution.
In the early years, virus writers developed their malicious code often purely out of passion and curiosity to see what was possible with code alone. While there was some cyber espionage, hackers had not yet discovered ways to monetize hacking by today’s standards, such as ransomware attacks. There was no cryptocurrency to facilitate extortion, no criminal market for stolen data.
Form.Afor example, it was one of the most common viruses in the early 1990s, infecting computers with floppy disks. One version of this virus didn’t destroy anything — sometimes just showing a message on the person’s screen, and that was it. But the virus traveled around the world, including landing at research stations at the South Pole, Hyppönen told me.
Hyppönen recounted the infamous ILOVEYOU viruswhich he and his colleagues first discovered in 2000. ILOVEYOU was wormable, meaning it spread automatically from computer to computer. It arrived via email as a text file, it was supposed to be a love letter. If the target opened it, it would overwrite and destroy some files on the person’s computer and then send itself to all their contacts.
The virus infected over 10 million Windows computers worldwide.
Malware has changed dramatically since then. Virtually no one develops malware as a hobby, and creating self-replicating malware is practically a guarantee that it will be caught by cybersecurity defenders who can quickly neutralize it and potentially catch its author.
Nobody does it for the love of the game anymore, according to Hyppönen. “The era of viruses is firmly behind us,” he said.
We now rarely see self-propagating worms — with rare exceptions, such as the devastating WannaCry ransomware attack from North Korea in 2017 and the massive NotPetya hacking campaign launched by Russia later that year, which brought down much of the Ukrainian internet and power grid. Now, the malware is used almost exclusively by cybercriminals, spies, and mercenary spyware developers who develop government-sponsored hacking and espionage exploits. These groups usually stay in the shadows and want to keep their tools hidden in order to continue their operations and avoid cybersecurity defenders or law enforcement.
The other differences today is that the cybersecurity industry is now estimated to be worth $250 billion. The industry has professionalized, partly out of necessity, to combat the rise of malware attacks. Defenders have gone from giving away their software for free to turning it into a paid service or product, Hyppönen said.
Computers and newer inventions like smartphones, which started to take off in the early 2000s, have become much more difficult to hack. If the tools to hack an iPhone or the Chrome browser cost six figures or even a few million dollars, Hyppönen argued, that actually makes an exploit so expensive that only the wealthy, such as governments, can use them, rather than financially motivated cybercriminals. This is a huge win for consumers and for the cybersecurity industry it’s a job well done.
From fighting spies and criminals… to dealing with drones
In mid-2025, Hyppönen turned from cyber security to a different kind of defense work. He became the chief researcher at Sensofusion, a Helsinki-based company developing an anti-drone system for law enforcement and the military.
Hyppönen told me he was motivated to enter a burgeoning new industry because of what he saw happening in Ukraine, a war defined by drones. As a Finnish citizen, serving in the military reserves (“I can’t tell you what I do, but I can tell you they don’t give me a rifle because I’m much more destructive with the keyboard,” he tells me) and with two grandfathers who fought the Russians, Hyppönen is well aware of the presence of an enemy on the border just above his country.
“The situation is very, very important to me,” he tells me. “It’s more important to work on combating drones, not just the drones we see today, but the drones of tomorrow,” he said. “We’re on the side of humans against machines, which sounds a bit like science fiction, but that’s very specifically what we do.”
The cyber security and drone industries may seem different from each other, but there are clear parallels between the fight against malware and the fight against drones, according to Hyppönen. To combat malware, cybersecurity companies have come up with mechanisms, known as signatures, to determine what is and isn’t malware and then detect and block it. In the case of drones, Hyppönen explained, defenses include building systems that can detect and block radio-guided drones and by identifying frequencies used to control autonomous vehicles.
Hyppönen explained that it is possible to track and trace the drones by recording their radio frequencies, known as their IQ samples.
“We detect the protocol from there and create signatures to detect unknown drones,” he said.
He also explained that if you trace the protocol and frequencies used to control the drone, you can also try to carry out cyber attacks against it. You can cause the drone’s system to malfunction and crash the drone into the ground. “So in many ways, these protocol-level attacks are much, much easier in the drone world because the first step is the last step,” Hyppönen said. “If you find a vulnerability, you’re done.”
The anti-malware and anti-drone strategy isn’t the only thing that hasn’t changed in his life. The cat-and-mouse game of learning how to stop a threat, and then the enemy learning from it and devising new ways to overcome defenses, and so on, is the same in the world of drones. And then there is the identity of the enemy.
“I spent much of my career fighting against Russian malware attacks,” he said. “I’m now fighting Russian drone attacks.”
