Mikko Hyppönen has spent most of his career fighting enemies you can’t see. For more than 35 years, the Finnish cybersecurity researcher has analyzed thousands of malware variants, watched viruses evolve from floppy disk infections to global ransomware campaigns, and become one of the most recognizable voices in the industry. But lately, he’s been fighting a different kind of invisible threat: drones.
It’s a jarring pivot, on the surface. Yet there’s a logic to it that says something revealing about both how far cybersecurity has come, and how the nature of digital warfare continues to shape the battles we fight.
The Tetris Problem
Hyppönen describes cybersecurity work as a kind of perpetual Tetris game. Your successes disappear. Your failures accumulate. “When you do your job perfectly, the end result is that nothing happens,” he explained during a keynote at Black Hat in 2025. That invisibility is the reward and the curse of defensive work.
For decades, Hyppönen was perfectly content with that invisibility. He joined F-Secure, which grew out of the Finnish company Data Fellows, in the early days when antivirus was still a niche concern. Back then, virus writers were often hobbyists, driven by curiosity or the thrill of seeing their code spread across the world. The ILOVEYOU worm in 2000, which Hyppönen and his colleagues were the first to discover, infected over 10 million Windows computers and crippled email systems globally. It was destructive, yes, but it was also written by someone who wanted the world to know their creation existed.
Those days are long gone. “The age of viruses is firmly behind us,” Hyppönen said. Modern malware is built by professionals: cybercriminals, state-sponsored hackers, and mercenary spyware developers who operate in the shadows. They don’t want attention. They want profit, intelligence, or geopolitical leverage. The industry responded by professionalizing, hardening devices until an iPhone became one of the most secure computing machines ever built, and pushing the cost of exploits into the millions of dollars.
By most measures, cybersecurity has won. The industry is now worth an estimated $250 billion. Threats still exist, sure, but the asymmetry that once favored attackers has shifted. That’s a job well done.
When the Enemy Has Wings
But Hyppönen isn’t satisfied resting on those laurels. In mid-2025, he joined Sensofusion, a Helsinki-based company developing anti-drone systems, as chief research officer. The move seems radical until you consider where he’s from and what he’s been watching.
Finland shares a border with Russia. Hyppönen’s grandfathers both fought the Russians. He serves in the military reserves. And like much of the world, he’s been watching Ukraine transform warfare into something defined by unmanned aerial vehicles. Drones have become the primary weapon in that conflict, and the primary killer. For someone who has spent his career defending against threats emanating from across that border, the pivot makes personal sense.
“I spent a big part of my career fighting against Russian malware attacks,” he said. “Now I’m fighting Russian drone attacks.”
What’s striking is how similar the fight actually is.
Same Enemy, New Battlefield
The parallels between malware defense and drone defense run deeper than intuition. To detect malware, cybersecurity researchers build signatures: patterns that identify what is malicious and what isn’t. They flag it. They block it. They move on to the next threat.
Drone defense works similarly. Sensofusion’s technology detects drones by recording their radio frequencies, analyzing the IQ samples, identifying the control protocols, and building signatures to detect unknown variants. If you find a vulnerability in that protocol, you can attack it. You can jam the signal. You can crash the drone.
“In many ways, these protocol level attacks are much, much easier in the drone world because the first step is the last step,” Hyppönen explained. “If you find a vulnerability, you’re done.” There’s no complexity, no obfuscation layers, no polymorphic shifting. Find the weakness, exploit it, game over.
That simplicity feels almost refreshing compared to the cat-and-mouse games of modern cybersecurity. But make no mistake: it’s still a cat-and-mouse game. The enemy learns. They adapt. They build new drones with new protocols. And the cycle repeats.
Why Now Matters
There’s another reason Hyppönen’s timing feels significant. After two decades of steady progress in hardening consumer devices, the cybersecurity industry faces a question: what’s left to defend? Phones are secure. Browsers are secure. The low-hanging fruit is gone. Meanwhile, an entirely new technology sector has emerged with almost no security infrastructure.
Drones represent uncharted territory. The cybersecurity aspects of drone warfare remain “almost uncharted territory,” as Hyppönen put it. That’s where impact can be made. That’s where someone with 35 years of experience fighting invisible threats can actually shape how a whole industry approaches defense from day one, rather than retrofitting security after the fact.
It’s not just about Ukraine, though Ukraine matters to him personally. It’s about recognizing where the next frontier of digital warfare lies. If cybersecurity is Technology, then drone defense is Technology in its infancy. The tools haven’t been weaponized yet. The defenses haven’t calcified. Someone starting now could actually build something that endures.
The Continuity of Conflict
What’s perhaps most telling is that this doesn’t feel like a departure for Hyppönen. It feels like a continuation. He’s still analyzing how threats propagate. He’s still building detection mechanisms. He’s still racing against an adversary that’s learning, adapting, and getting smarter.
The only difference is that now, the threat has wings, and the stakes feel more immediate. When you live two hours from an enemy’s border, drone defense isn’t theoretical.
The question isn’t whether Hyppönen can succeed at this. It’s whether the industry will move fast enough to treat drone security the way it should have treated cybersecurity from the beginning: as a critical problem to solve before it becomes a crisis.
