My name is Jouni Mikkola, a security inspired fellow from Finland. This blog will be hosting mainly Threat Hunting, Threat Intelligence and Incident response related topics. It started as a threat hunting blog thus the name but since then I have been exploring other topics so I decided to change this page.
I have been working in Cybersecurity for over 5 years. All the time that I have been in the field I have worked within the blue team – mainly DFIR and Threat Hunting. I have had some assignments in SOC too, although my experience isn’t that extensive in the SOC roles. Most of my time has been within a Finnish Cybersecurity company known as Nixu- however I joined Deloitte as a manager – responsible for DFIR & TH related tasks. My stay at Deloitte was a little short and now I am at Accenture, being responsible for the DFIR business within the Nordics. I have been in IT for almost 20 years, the first 10 I spent with consulting Microsoft related server products – like Office 365, Exchange, OCS-Lync-Skpe, ADFS, AD and many others.
After moving towards the DFIR world I have also been conducting quite a lot of threat hunts. Most of my experience is from host/endpoint based threat hunting, usually revolving around EDR technologies, with some additions from the SIEM’s. My personal opinion is, that host based data is the best data when it comes to threat hunting also I do also appreciate the possibilities that network based threat hunting can open. I have been moving more to a leadership position but I still have a place in my heart for all things technical. Now during my work I might be more about excel and PowerPoint but the blog is a great place to tinker with technical side of things too.
There will be no scheduled updates to the blog and it will be worked on when time allows. Now that I have been doing this for a while, it seems that my time and ideas varies a lot.