UPM’s Chief Architect of IT Workspace Services Shishir Tripathi and Senior IT Platform Owner Caroline Brownless emphasize that cybersecurity has taken on a critical role over the past five to ten years.
“The number of cyberattacks worldwide has surged dramatically, accompanied by a corresponding rise in regulations,” Shishir notes.
“Five years ago, cybersecurity wasn’t even on my radar – it wasn’t part of my role. Today, cybersecurity is everyone’s responsibility, right down to the user level. That’s a major shift,” Caroline explains.
Today, cybersecurity is everyone’s responsibility, right down to the user level. That’s a major shift.
Caroline and Shishir have deepened their cybersecurity competences in Aalto EE’s Diploma in Cyber Security program.
“I plan to build a strong foundation in cybersecurity. I decided to start with a wide-ranging, yet relatively short program – one that can be finished in a few months – to gain a good sense of where to go next. Aalto EE’s program felt like just the ticket,” Caroline remarks.
“When Caroline mentioned she was attending, I immediately decided to join. Staying ahead of emerging trends is essential for keeping our systems and data secure. This program provided an excellent opportunity to see how different aspects of cybersecurity are evolving,” says Shishir.
Cybersecurity is not a one-time task
Caroline points out that as both she and Shishir work in UPM’s end-user services, maintaining cybersecurity is an ongoing priority:
“We need to design everything to be secure by default, and then ensure systems are continually updated to keep operations running smoothly. Cybersecurity isn’t a one-time task, it’s an ongoing process,” she emphasizes.
“Our field is vast, and we are on the frontline. Working in end-user services can be very rewarding: we get to drive innovation, look at where the world is heading, and ensure we keep up to pace – but one misstep and there are 20,000 end-users here at UPM who are affected,” Shishir says.
Shishir explains that in his role, cybersecurity compliance is also a constant consideration.
“I’m at the center of architectural decisions, which means I’m deeply involved in discussions with the CISO office. Every new requirement that comes in needs to be evaluated. Each time, I have to ask: is our system compliant with the latest regulation, and if not, what steps do we need to take to ensure compliance?” Shishir describes.
Real-life cases offered sobering examples
The Diploma in Cyber Security program provided a balanced mix of theory and practical application. For Caroline and Shishir, the case studies were a particular highlight.
“Each case emphasized different aspects of cybersecurity, helping us gain a holistic understanding of the current landscape. Real-life cases shared by guest speakers were especially impactful, as they detailed the aftermath of cyber incidents,” Caroline says.
“They were the kind of crises you never want to face firsthand. The more you can learn from others to avoid similar situations in your own organization, the better. The real-life cases served as a stark reminder of how even minor vulnerabilities can lead to severe consequences,” Shishir underlines.
One of the program’s key takeaways was its emphasis on risk management.
Each case emphasized different aspects of cybersecurity, helping us gain a holistic understanding of the current landscape.
“No matter how robust your system is, there’s always room for improvement. I think that’s true for every organization. The program introduced effective risk management frameworks and ideas on how to better structure processes,” Caroline says.
“Supply chain risk in cybersecurity came up particularly strongly during the course. This is a very relevant topic for us, and we received beneficial ideas on how we can be even better at managing potential vulnerabilities in the supply chain,” she adds.
The program also offered perspective into Finnish national cybersecurity. Caroline, whose first degree is in international relations, found this particularly interesting.
“It was fascinating to learn how much work is happening behind the scenes to ensure that society can continue to function in the event of a crisis. Although I’ve lived in Finland for a long time, the course gave me a completely new perspective on Finnish society and its approach to preparedness,” Caroline says.
A rewarding learning environment and a beneficial cybersecurity project
Caroline and Shishir found the collaborative learning environment at Aalto EE rewarding.
“During the program, we were both involved in a massive project at work. The program felt like a lifeline. Each month, we got to step away for a few days, meet interesting people and dive into engaging topics. It was invigorating – I always returned to work feeling like I had been on a mini-holiday,” Caroline says.
As part of the program, participants conducted cybersecurity maturity assessments for their own organizations. Caroline and Shishir focused on UPM’s IRT processes, conducting internal interviews to assess both strengths and areas for improvement.
“We based our assessment on the CSIRT Maturity Framework developed by the European Union Agency for Cybersecurity. The project gave a useful opportunity to take the theoretical concepts we discussed in class and see how our IRT applies them in real-world scenarios,” Shishir describes.
If you want to stay on top of emerging trends and see what’s happening in cybersecurity right now, this program is an excellent choice.
“The project also allowed us to network internally, particularly with the CISO office and experts managing UPM’s IRT processes. We ended up having very good discussions, and I believe the process owners plan to revisit certain topics that emerged from our assessment,” he mentions.
Both Caroline and Shishir affirm that they are happy to endorse the Diploma in Cyber Security program.
“If you want to stay on top of emerging trends and see what’s happening in cybersecurity right now, this program is an excellent choice. It also provides a great refresher of cybersecurity principles and best practices,” says Shishir.
“We’re pleased to recommend participating – in fact, we already have. We’ve started marketing the program within our own organization at UPM. I believe there’s a good chance that colleagues of ours will be participating in future programs,” Caroline concludes.