Mikko Hyppönen, or simply Mikko, is a Chief Research Officer at WithSecure and a public figure, speaker, podcaster and probably many other things. His most recent book ‘If it’s smart, it’s vulnerable’ was published in August 2022 and I read it in that Autumn too. I find the book same time being entertaining and informative. There’s not many people in the world that work in all aspects of cybersecurity. Might actually be none. Because even if the cybersecurity industry seems like a one specific bucket among the bigger IT bucket, we still have at least tens of smaller buckets inside the cyber bucket too. I mean, I know mostly about cloud security. More specifically, security of Microsoft Cloud products.
But it does not matter which bucket you’re in, cyber bucket or just restaurant bucket, you will find this book giving you something to think about.
My review
The book takes the reader along by starting with a classic story about Saab Turbo 9000 and what happened to it in Mikko’s hands. At an early stage of the book you understand that this book has been written in language that anyone can understand. Sure, some things, events, terms are common knowledge in the cyber bucket and rare knowledge in other buckets, but everything is explained in common terms so that you don’t fall of the wagon. I really appreciate the clever style of the book and how there is historical cyber events and knowledge involved. Throughout the book Mikko paints a bigger picture and links common technology advancements to trends in cyber attacks. As someone that mostly operates on the nitty-gritty detail level of things, this mile-high view is very refreshing and helps the reader to put world wide events in a context and helps understand cause and effect. As a Microsoft security specialist, this book is also a getaway to more broader world of cyber attack, cyber crime and technology agnostic view of the cyber industry.
I’m too young to remember the first malware, but I really enjoyed the part that went through the history of malware. Some of the malware back then were really silly and might have been nothing else, but just annoying. We can’t go back to those days, can we? I’m am old enough to remember recent attacks like Wannacry and Notpetya and it’s really nice, again, to gain the bigger picture of what happened and how it all started and went down.
Mikko has nicely dropped these interesting stories from his career which takes the reader to a journey which is like a small break from the factual substance information. The book contains some really nice insights too that might be helpful for someone in a CISO or CIO role. One such insight you can find from the chapter called “Touring the Headquarters”. For all the GRC-enthusiasts the “Online Privacy” part contains multiple good chapters that give your brain a food for thought. There’s part for the crypto guys too. I’m not deep into cryptos, but again, I still understood what I was reading and that’s the magic of this book.
To summarize a bit, I did not have many expectations for the book because I had not read any Mikko’s books in the past. Regardless of that, I don’t think there’s anything missing from the book, nor did it leave me anything else but hungry for more. The fact that someone can write 360 degrees of cyber industry in a book that makes sense to any reader is amazing. I don’t know much other sources than books that would give me this kind of wide perspective on multiple topics in the cyber bucket. And the way Mikko does it is very spot on and entertaining.
I’ve noticed that some of the more personal stories on the book have really stayed on the back of my head and I sometimes go find just those stories and read them again. It’s like Friends episodes, you can always watch the re-runs endlessly and never get tired of them!
I would recommend this book to anyone that is interested in cyber security, IT or just wants to expand their understanding of how digital threats have evolved over the years.
Keep reading, keep learning!