Meet the SensorFu team - Mikko Kenttälä
Welcome to SensorFu’s Spotlight! Over the coming weeks, we’re pulling back the curtain to introduce you to the experts, innovators, and problem-solvers who make SensorFu what it is.
We’re kicking things off with our CEO and co-founder, Mikko Kenttälä. With a cybersecurity journey that spans from high school hacking to industry leadership, Mikko shares the origin story of SensorFu and his vision for where the future of cyber defense is headed.
What does a typical day look like for you?
Mostly it’s a full ToDo -list. A lot of meetings, obviously, but mixed with a fair amount of hands-on problem-solving. I feel pretty lucky that I still get to stay close to the technical side and talk directly with our clients and partners all over the world. It keeps me grounded in what’s actually happening out there.
How did you get started in your career, and what led you to this company?
I’ve always been interested in technology. Back in high school, I was the guy dragging cables around for audio mixing and figuring out how to build websites, LAN-partys etc. . That curiosity naturally led me into being a sysadmin.
I got into the cyber security side of things through my older brother, Jani. He was doing research at the Oulu University Security Programming Group (OUSPG). They eventually started a spin-off called Clarified Networks. I was working at the university as a research assistant then, and I got the chance to join them. I ended up being responsible for a product called Clarified Network Analyzer.
After Codenomicon acquired us, I started doing more technical audits. Doing those engagements gave us a lot of coffee table ideas we’d see gaps in the market and think, “Someone should really build a tool for that.”
Eventually, we saw other people starting to build the things we’d talked about years prior, and we realized, “Hey, we could do this too if we just took the leap.” When Codenomicon was acquired by Synopsys, it felt like the right time.
Along with Sebastian and Ossi and some seed backing from the ScanABC folks who knew us from the Codenomicon days—we started SensorFu. We played with a few ideas, like a “hacker-in-a-box” solution, but eventually landed on checking network isolation policy. First, we introduced it in our slides, then built an MVP (Minimum Viable Product), and worked with our first pilot customers to guide us toward the official release of Beacon. It took about a year to get the first version of SensorFu Beacon out the door.
*How would you describe SensorFu company culture and how does it differ from other places you’ve worked?
It’s pretty typical for a Finnish tech startup, I think. We’re small, so everyone has to be agile and just get things done. We operate with the mindset: keep your feet on the ground and your head in the clouds.. Even when we’re dealing with big global clients, we try to stay humble. We have a lot of respect for the IT and OT engineers on the front lines. They have a hard job, and we don’t want to make it harder. That humility is part of how we operate — we keep it real.
What’s a project or achievement you’re particularly proud of?
When we started, people told us there was an “industry standard” for how a cybersecurity company should look and act. We decided to ignore some of that and do it our own way. I’m really proud that our way actually works. Seeing a client deploy Beacon and get results almost immediately—without needing a PhD in security—is the best feedback I can get. Keeping things simple is actually quite hard, but I think we managed it.
What is the one cybersecurity trend or threat that you think more people should be paying attention to right now?
In our interconnected world, everyone talks about self-sufficiency, but there are so many fragile points we just ignore because they haven’t been attacked yet. That’s changing. Attackers are finding more motivation to look at these spots. My real concern is critical infrastructure—specifically the sectors that don’t think of themselves as tech companies. They are soft targets. People in the security bubble know this, but the organizations actually at risk often don’t see it coming. Also, I’m a big believer in “getting back to basics.” If you get the fundamentals right, you stop 90% of the trouble. People underestimate the basics because, in practice, they’re actually quite annoying to implement properly. But they are the most critical factor.
Where do you see the cybersecurity landscape heading by 2030? Are we winning the race against the “bad actors”?
It’s a split reality. In some areas, we’re definitely winning. Systems are much tougher now, and we’re forcing adversaries to actually work for their dinner. But at the same time, there’s still so much “low-hanging fruit” out there. By 2030, AI -powered automated attacks (and defence) will be the norm. Attackers are already using AI to speed things up. If you put an unpatched server on the open web today, it gets hit in minutes. That’s only going to get faster. Once an attacker gets a toehold, the “lateral movement” (moving inside the network) will be handled by bots, not humans. This hits smaller manufacturing or logistics firms the hardest because they don’t have the specialized staff to fight back. That’s exactly why we built Beacon the way we did—so a regular engineer can deploy it and have a fighting chance.
What’s your favorite way to “unplug” and recharge after a day of being constantly connected?
I head to the countryside with my family. Nothing beats a proper Finnish sauna or some winter snowmobiling and practical activities to escape modern info-overdose. It’s hard not to smile when you’re riding out on the snow or enjoying the sunset in the countryside with your friends & family . Gaming is also a big one, I play PUBG (Player Unknown Battle Grounds) with a team of childhood friends.
If you weren’t working in cybersecurity, what would your “dream job” be?
SensorFu is pretty much it, but I’ve got a lot of random interests. I could have stayed in the music world doing audio mixing techie, though being a roadie is a tough life for the long haul. I’ve also always been curious about the human mind—how we think and why we do what we do. This is an especially interesting realm at the moment when AI copies some of that. Honestly, I’d probably be happy doing research in almost any field, or maybe something in world politics which is also a really relevant topic at the moment. I like to see how the big gears turn.
If you could give one piece of advice to someone just starting out in this industry what would it be? Follow what actually interests you. People always tell you to specialize, but being a generalist is perfectly fine too—that’s how I’ve always worked. The main thing is to decide if you want to be the “deep dive” specialist or if you want to see the big picture. For example, do you want to break things (technical), fix things (incident response), or write the rules (policy)? You have to be hungry for knowledge. Cybersecurity changes every day. AI can help you find answers, but it won’t understand the why for you. You need to know how systems are built before you can understand how they break. Learn the fundamentals, and everything that comes after will be much easier to pick up.
