Finland’s IT sector is where cloud modernization, managed services, and software delivery collide with strict security expectations—from enterprise customers to regulated environments. The leaders below stand out because they blend governance with delivery: building security programs that scale, stay usable for engineering teams, and hold up under audits, incidents, and rapid change.
Esa Nurmio — Chief Information Security Officer, Mediconsult Oy
Esa Nurmio is the Chief Information Security Officer at Mediconsult Oy (since February 2022), bringing a hands-on IT-and-security foundation built across networks, servers, and security operations. Before Mediconsult, he worked in product management at Sofecta and spent nearly seven years at Attendo Suomi as a Senior IT Specialist and team lead covering networks, servers, and security—experience that typically translates into practical security leadership: policies that match operational reality, security awareness that sticks, and controls that don’t break day-to-day IT work.
Christian Brandt — Chief Information Security Officer, twoday Finland
Christian Brandt is the Chief Information Security Officer at twoday Finland (since October 2022) and brings a rare mix of deep engineering credibility and executive ownership. Alongside his current role, he has long-run leadership as CEO of CBR Consulting and previously served as Chief Information Security Officer at Visma. Earlier, he was Chief Technology Officer at Signom and held lead programming roles at RedLynx, with roots in Nokia R&D. That blend—security leadership plus builder-level technical depth—fits modern IT services environments where credibility with engineers and executives matters equally.
Rickhard Alén — Chief Information Security Officer / Cloud Security Practice Leader, Nordcloud (IBM)
Rickhard Alén leads cloud security at Nordcloud (IBM), with accountability spanning delivery, revenue, profitability, and a sizable consulting team. He has built and launched cloud security offerings, including managed cloud security services designed to meet the expectations of regulated customers. He also brings deep familiarity with Azure, AWS, and Google Cloud, plus a governance-heavy toolkit (NIS2, ISO 27001, TISAX, NIST) and ongoing PhD research in cloud security governance. The result is a leader who can translate compliance and risk into real service design—and make it commercially workable.
Petteri Kattainen — Chief Information Security Officer, Advania Finland
Petteri Kattainen is the Chief Information Security Officer at Advania Finland (since January 2021) and has grown through architecture and cloud security roles into the top security seat. He previously served as Architect, Cloud Solutions & Security, and briefly as an Architect Team Lead, after earlier roles in IT architecture and ICT management. That trajectory signals a CISO who understands how decisions get implemented: identity, cloud foundations, reference architectures, and the trade-offs that show up once you’re operating at scale.
Vesa Ahonen — Chief Information Security Officer, Fennoa
Vesa Ahonen is the Chief Information Security Officer at Fennoa (since September 2025) and brings broad security-and-privacy leadership from earlier Director roles covering security and privacy, plus prior work as Director, CISO and Data Protection Officer at Inmics. He also has a strong operational background as Head of ICT (CIO) at Keskisuomalainen Oyj and earlier security management leadership within Metso’s corporate IT across IT security, communications technology, and ICT development. The throughline is governance plus execution: building ISMS-driven programs, driving privacy alignment, and keeping security workable across changing business and technology landscapes.
Ville Ylöstalo — Chief Information Security Officer, NAPA
Ville Ylöstalo is the Chief Information Security Officer at NAPA (since April 2022) and comes up through delivery-heavy roles: DevOps coaching, product ownership, release engineering, and long-term software engineering. That background tends to produce a security leader who can speak fluently with engineering teams about deployment pipelines, platform reliability, and how to integrate security into workflows without turning everything into a ticket queue.
Ahmad Qureshi — Chief Information Security Officer, Tietoevry
Ahmad Qureshi is the Chief Information Security Officer at Tietoevry and brings deep enterprise-scale leadership across IT strategy, transformation, and governance. His experience includes multi-country line management, budget ownership at meaningful scale, portfolio decision-making, cost optimization, and productizing cloud offerings to sales-ready status. This is the kind of CISO profile you see in large IT and services firms: balancing risk, delivery capability, and commercial outcomes—while keeping the organization aligned across multiple stakeholders and operating models.
Jyri Salomaa — Chief Information Security Officer, Otava Oy
Jyri Salomaa is the Chief Information Security Officer at Otava Oy (since June 2021) and previously led information security development at Veikkaus, with responsibility spanning incident response coordination, risk/threat/vulnerability processes, audit coordination, policies and awareness, and cross-functional security forums. He also held earlier CISO responsibilities in a corporate security setting and brings additional experience from Nokia Networks in technical support and R&D environments. That combination—operations, governance, and engineering exposure—maps well to modern IT organizations where security needs both steady operations and structured management systems.
Marko Heikkinen — Chief Information Security Officer, Netum Oy
Marko Heikkinen is the Chief Information Security Officer at Netum Oy (since February 2021) and also serves as a Senior Cybersecurity Specialist. His earlier leadership includes being a Laboratory Manager at Intel in Tampere and project management roles at Nokia, plus operational leadership roles earlier in his career. The consistent theme is operational responsibility and execution—useful in IT services environments where security maturity depends on process discipline, repeatability, and measurement.
Petteri Kumpumäki — Chief Information Security Officer, ATR Soft
Petteri Kumpumäki is the Chief Information Security Officer at ATR Soft (since March 2025) and combines security leadership with program delivery responsibilities, including leading renewal work for a production optimization system for a key energy-sector client. Before ATR Soft, he spent years at Areva in IT management and IT security leadership, covering security, documentation, and operational IT responsibilities in Finland. That background tends to produce a CISO who’s comfortable bridging regulated industrial-client expectations with day-to-day IT delivery realities.
IT Security Leadership That Has to Work in Production
Finland’s IT industry rewards CISOs who can keep security practical: controls that survive real operational pressure, governance that doesn’t slow delivery, and risk decisions that leaders can defend. The names above stand out because they’ve lived inside the systems they’re protecting—cloud platforms, DevOps pipelines, enterprise portfolios, and compliance programs—and can turn security into an enabling function rather than an obstacle.