Construction is a uniquely messy security environment: joint ventures, rotating subcontractors, temporary site networks, OT and building systems, and a heavy reliance on suppliers and managed services. The leaders below stand out because they’ve operated in exactly those conditions—multi-vendor delivery, high operational pressure, and complex risk surfaces that stretch from HQ to job sites.
Jussi Rautpalo — Chief Information Security Officer, YIT
Jussi Rautpalo has been Chief Information Security Officer at YIT since October 2008, giving him unusually deep continuity in building and running security at a major construction and urban development company. His background blends network security, regulatory authority experience (including work with the Finnish Communications Regulatory Authority), and long-term responsibility for risk management in multinational environments. He’s also seasoned in building security management systems, operating security programs at scale, and handling incident response in complex multi-vendor setups—practical strengths for construction organizations that often have sprawling supplier ecosystems and constantly changing project footprints.
Sami Sumkin — Group Chief Information Security Officer, NRC Group Finland
Sami Sumkin is Group CISO at NRC Group Finland and brings more than 20 years across project management, team leadership, information security, and consulting. His stated focus areas include coaching, red teaming, leadership, and improving “the ways we work,” which matters in construction where security maturity often hinges on execution discipline across many projects and teams. The combination of program delivery experience and people leadership is a strong fit for group-level security roles in project-driven industries.
Jukka Ylitalo — Information Security Manager, Skanska
Jukka Ylitalo is Information Security Manager at Skanska (since April 2025), with earlier roles that blend IT support, service desk, and administration of security systems—exposure that maps well to how construction firms actually operate day-to-day. His skills list includes cybersecurity and cyber-physical systems, and his background suggests comfort bridging physical-site realities (access control, security operations, on-site support) with IT security management. That mix is increasingly relevant as job sites become more connected and dependent on integrated physical/digital controls.
Mikko Jylhä — Chief Information Security Officer, Hiab
Mikko Jylhä is CISO at Hiab (since November 2024) and also serves as CISO at Cargotec (from March 2024), with a long background in ICT and enterprise security leadership, including building ISO 27001 certification coverage and operating security functions at scale. While Hiab is industrial equipment rather than a pure construction contractor, the overlap is real: heavy reliance on global supply chains, connected products, and cyber-physical risk. That makes his leadership relevant for construction-adjacent ecosystems—especially firms that deploy, operate, or integrate industrial machinery and connected systems on sites.
Building Security Into Projects, Not Just Policies
In construction, cybersecurity wins when it shows up in procurement, site onboarding, vendor governance, identity and access, and incident readiness—every time a project spins up. The leaders above reflect different angles on the same requirement: making security durable across constant change, complex partners, and cyber-physical environments where outages and compromise can directly disrupt delivery.