With over two decades in tech and the last 16 at F-Secure, a global consumer cybersecurity leader, Dmitri Vellikok has developed partnerships with service providers, network hardware manufacturers, and Wi-Fi ecosystem players. He has consulted top service providers on new ways to protect their customers from security threats while driving new products from inception to successful market launches. Currently, he serves as VP of Embedded Security Business at F-Secure, where he has developed the widest SDK and API portfolio of scam protection and other consumer cybersecurity components for service providers so they can easily bring cybersecurity functionalities into their existing applications. Dmitri frequently speaks at industry events like the Mobile World Congress, Broadband Forum, and Global-Anti Scam Alliance.
Can you share a bit about your professional journey and what led you to your current role as VP of Embedded Security Business at F-Secure?
My professional journey really began in the early 2000s when I was doing a lot of consulting work focusing on servers, computers, and websites. During this time, I had a few friends who were pursuing jobs as white-hat hackers for large corporations — where you get to ethically infiltrate companies’ security systems to identify any vulnerabilities or security issues. I found the idea that companies would invest in hiring hacking experts to help bulletproof their cybersecurity fascinating and it planted a seed of interest within me.
A few years later, while working for IBM, that seed would blossom when I got a call from the F-Secure team to work on these exact issues that I’ve been fascinated by. It felt like a dream. I took the opportunity and ran with it. Since then, I’ve had various roles at the company, starting from technical sales, and then moving to global business development and product management. About 10 years ago, I moved to the U.S. to run technical sales in North America. From there, I moved into a leadership position, which is where I am now.
F-Secure has a long history in the cybersecurity space. What do you think sets F-Secure apart in such a competitive industry?
Despite this being a competitive industry, we see that as an asset rather than a hindrance because we are a partner-first company. Therefore, everything we build goes to market primarily through our valued partners in telecommunications, financial services, and other industries. If we look at our partner product portfolio, there are two segments. First, we have our own built-in solutions, endpoint security, router security, and network-based security, which are provided as our applications. Partners can personalize these pre-built apps to their brand and offer them to their subscriber base, which is an easy go-to-market model. The second is our wide collection of SDKs and APIs. Partners can pick and choose which SDKs and APIs they want to embed into their own application, creating a security offering unique to both their GTM model and the needs of their customers.
F-Secure is widely considered the gold standard for B2B2C consumer cyber security solutions in the operator market. A major competitive advantage is that all our products and solutions work together. Regardless of what products the partners or the end users take from us, they’re all part of the same platform and the same customer entity. It’s also very easy for our partners to take them into use because we’re doing a lot of the heavy lifting when it comes to the integrations and IT work that goes into deploying these types of solutions and putting them to the market. A lot of our work only starts once the solution goes live because then we provide a lot of help to our partners on how to position the solution, how to sell it better, and what kind of messaging to push to the end users. This white-glove service towards our valued partners helps us stand out, and in turn, helps our partners succeed in protecting their customers.
F-Secure has recently emphasized partnerships to tackle cybersecurity challenges. How does collaboration with partners enhance the effectiveness of your security solutions?
Collaboration is key. We share many insights with our partners, particularly when it comes to new threats. If we find new vulnerabilities or trends, it’s important to be transparent about these discoveries to create more market awareness and knowledge amongst our partners. This way, everybody can protect their customers better. Vice versa, we expect similar behavior from our partners as well and receive plenty of insights back from them. It’s a mutually beneficial partnership to determine threat detection. We also base many of our partnerships on the use of the best-in-class technology to ensure that we always leverage the latest technology to tackle the threats. Taking a collaborative approach gives us more options to create better solutions to protect the customers.
Cybercrime is evolving rapidly. Based on your team’s expertise, what are some of the biggest scam threats predicted for 2025, as highlighted in F-Secure’s recent report?
The biggest threats we see are the increase in quantity and sophistication of various scam messages — specifically scam messages that are coming from SMS channels, email channels, and what we call “over-the-top channels” such as Facebook Messenger and WhatsApp. This is the main area of investment we are scrutinizing for scam detection. When we dig deeper into the details of these scams, the biggest trends revolve around investment and financial scams. Bad actors are using multiple channels to attack single individuals through a blended approach, meaning they reach out through these various channels in a short period of time, from email to social media, to make these interactions seem legitimate to the target.
The sophistication of these scams also comes in the way of stolen biometric data. Unlike passwords and PIN codes, biometric data such as facial recognition, fingerprints, and voice prints cannot be easily changed once compromised. Once stolen, this information can be used to create deepfakes to create false narratives that lead to reputation harm for businesses and individuals — potentially increasing the occurrence and strength of extortion and blackmail efforts. While we aren’t seeing deepfakes yet on a large scale, AI technology makes these possibilities more prominent and complex, therefore making them harder to identify for the average user.
What role does AI play in both the advancement of cyber threats and the development of solutions to counteract them?
AI is a double-edged sword when it comes to cyber threats. Bad actors leverage AI to develop their solutions faster and higher quality, giving them the false appearance of credibility and trustworthiness. The ability to digest large amounts of data and mimic the language, appearance, and profile of folks gives scammers an unprecedented edge in the technological revolution. However, we can also analyze, detect, report, and respond to these scam attempts using AI and machine learning tools. Over time, the models learn what the real threats are and can identify and respond to them faster. Additionally, the latest developments in generative AI help us communicate these threats to the end user more easily, allowing us to break down complicated processes and discoveries in a way that users can more easily comprehend.
What are the main concerns you’re hearing from customers and partners when it comes to cybersecurity, and how is F-Secure helping them address those concerns?
The common concern we hear directly from customers through our research is that cyber threats are targeting monetary transactions. The digital age has increased the sophistication of transactional payments through shopping, banking, and payment platforms. While convenience is at an all-time high, these platforms have also become a source of vulnerability for customers. Whenever money is moving back and forth between two parties, scammers can disrupt and take advantage of transactions. We foresaw this trend years ago. We’ve been able to get ahead of the curve because we’ve introduced solutions around shopping protection and banking protection which keep consumers safe no matter which payment methods they use. Bad actors will always go where the money is so we knew from the very beginning that safeguarding these transactions would deter many scam attempts.
In what ways does F-Secure’s approach balance proactive threat prevention with reactive threat response?
Our approach is to effectively see proactivity and reactivity as two simultaneous, synergistic processes. In consumer security, threat protection and threat response are interlinked. When we find a threat, we immediately react by doing everything we can to mitigate the threat for the end user. If for some reason we can’t mitigate it, we’ll proactively communicate it to the user as soon as it happens. In the latter case, we are mitigating the potential damage or subsequent threats and attacks that might target the same user in the future. In general, we mitigate suspicious actions as fast as possible either by eliminating them altogether or by communicating with the user.
What are your top predictions for the cybersecurity landscape in the next five years, and how is F-Secure preparing to meet those challenges?
Our collective team recently announced a few big ones we feel are worth noting. The list includes predictions such as cheap, easy AI tools being deployed in sophisticated cyber-attacks. Also, we believe that AI and deepfake audio will make phone scams a lot more dangerous and there will likely be a rise in Bitcoin investment scams. Additionally, we will likely see the social media giants and shopping magnates adopt newer business practices to bypass regulators. This will especially be visible in the domain of children.
Finally, what excites you most about the future of embedded security and its potential impact on businesses and consumers alike?
When it comes to embedded security for both consumers and businesses, we’re not providing a one-size-fits-all solution. Our partners are able to tailor their proposition to respond to the needs of their own unique customer basis.
For example, if our partner’s research shows that their customers’ primary challenges are around scam protection through SMS messages, we can deploy the protections for that specific threat directly into the applications that the customers are already using and receiving from their service providers. This leads to better utilization of the security solution in general because the customer is getting it from a service they already have and are actively using rather than having to install another application or take a proactive action on their own to get the protection up and running.
At the same time, it’s also more relevant for them because they are part of the customer base that was concerned about this specific threat previously. We’re bringing the solution closer to the customer in order to get better utilization. In the end, the customers are more protected and happier as a result because they get what they ask for. This same principle applies to businesses. We provide embedded solutions in the existing applications that they are already using.