CyberWire Daily - What Happened to Hacker Culture? [Threat Vector]
Episode Date: October 13, 2025While the N2K team is observing Indigenous Peoples' Day, we thought you'd enjoy this episode of the Threat Vector podcast from our N2K Cyberwire network partner, Palo Alto Networks. New episodes of ...Threat Vector release each Thursday. We hope you will explore their catalog and subscribe to the show. Join David Moulton, Senior Director of Thought Leadership for Unit 42, as he sits down with Kyle Wilhoit,Technical Director of Threat Research at Unit 42, for an intimate conversation about the evolution of hacker culture and cybersecurity. From picking up 2600: The Hacker Quarterly magazines at Barnes & Noble and building beige boxes to leading threat research at Palo Alto Networks, Kyle shares his personal journey into the security community. This conversation explores how AI and automation are lowering barriers for attackers, the professionalization of cybersecurity, and what's been lost and gained in the industry's maturation. Kyle offers practical advice for newcomers who don't fit the traditional mold, emphasizing the importance of curiosity, soft skills, and intellectual humility. Kyle Wilhoit is a seasoned cybersecurity researcher, with more than 15 years of experience studying cybercrime and nation-state threats. He's a frequent speaker at global conferences like Black Hat, FIRST, and SecTor, and has authored two industry-respected books: Hacking Exposed Industrial Control Systems and Operationalizing Threat Intelligence. As a long-standing member of the Black Hat US Review Board and an adjunct instructor, Kyle is deeply involved in shaping both cutting-edge research and the next generation of cybersecurity professionals. Connect with Kyle on LinkedIn Previous appearances on Threat Vector: Inside DeepSeek’s Security Flaws (Mar 31, 2025) https://www.paloaltonetworks.com/resources/podcasts/threat-vector-inside-deepseeks-security-flaws War Room Best Practices (Nov 07, 2024)https://www.paloaltonetworks.com/resources/podcasts/threat-vector-war-room-best-practices Cybersecurity in the AI Era: Insights from Unit 42's Kyle Wilhoit, Director of Threat Research (Jan 11, 2024)https://www.paloaltonetworks.com/resources/podcasts/threat-vector-cybersecurity-in-the-ai-era-insights-from-unit-42s-kyle-wilhoit-director-of-threat-research Learn more about Unit 42's threat research at https://unit42.paloaltonetworks.com/. Related episodes: For more conversations about AI's impact on cybersecurity, career development in security, and insights from Unit 42 researchers, explore past episodes at https://www.paloaltonetworks.com/podcasts/threat-vector. Join the conversation on our social media channels: Website: http://www.paloaltonetworks.com/ Threat Research: https://unit42.paloaltonetworks.com/ Facebook: https://www.facebook.com/LifeatPaloAltoNetworks/ LinkedIn: https://www.linkedin.com/company/palo-alto-networks/ YouTube: @paloaltonetworks Twitter: https://twitter.com/PaloAltoNtwks About Threat Vector Threat Vector, Palo Alto Networks podcast, is your premier destination for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. http://paloaltonetworks.com Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Welcome to Threat Vector, the Palo Alto Networks podcast, where we discuss pressing cybersecurity threats and resilience and uncover insights into the latest industry trends.
I'm your host, David Moulton, Senior Director of Thought Leadership for Unit 42.
Curious. Constantly curious. That is, that is.
that is to me
what is the foundation of a
quote unquote hacker, whatever you want to call it
and that can be an attacker or a hacker
but at the end of the day, they're going to be
curious to some degree, right? And I
think being endlessly curious is
something that can only benefit you
within constraints
but being curious.
Today's episode is a little different.
Instead of diving straight into the latest threat intelligence or attack techniques,
we're pulling back the curtain to get to know the person behind the research.
I'm speaking with Kyle Wilhoit, director of threat research here at Unit 42, and this is his story.
Kyle's journey from a curious kid picking up hacker magazines at Barnes & Noble to leading some of the world's most sophisticated threat research is one that reflects the evolution of our entire industry.
He's been a Black Hat board review member for over seven years, mentors the next generation of cybersecurity professionals, and has that rare combination of technical depth and genuine curiosity that makes him so effective at what he does.
Today we're going to talk about Kyle's personal path into cybersecurity, how hacker culture has evolved in what it really takes to stay curious and innovative in a field that never stops changing.
Kyle, when we last spoke on Threat Factor, you gave us a grounded, no fud, if in case you don't know what that means, fear, uncertainty, and doubt, view of how AI is and isn't.
transforming the threat landscape.
I was back on episode 13.
Today's topic is a little bit more personal.
Let's rewind.
Do you remember the first time you felt like you belonged
in the hacker community or the security community?
And take me back and tell me what you remember about that moment.
Yeah, there's actually two.
There's a personal one and a professional one.
The personal side is actually back in the day,
and I'm aging myself here,
There's an old magazine called 2,600, which I used to pick up at Barnes & Noble at the time.
Up in St. Louis, Missouri, I had to travel with my parents to go pick it up every month.
And the first time that I felt like that was reading that and actually getting the plans for something called a beige box
and creating a beige box by walking to my local radio shack and building it myself in my own house and testing it, et cetera.
So that's kind of from a personal perspective.
And at that time, I think I was probably 14 at that age.
So from a professional perspective, I would say it was honestly the first time I came out to Black Hat and DefCon professionally.
Brand new security engineer working for a couple different companies.
And I finally got out to the point where they were going to invest the money to send me to Black Hat and Defcom.
And Black Hat was interesting, obviously, the first time you're exposed to it, it's pretty impressive and pretty kind of overwhelming to a degree.
And DefCon was even more that way.
So, you know, those were kind of the two real big kind of pioneering moments that I can remember back professionally and personally on when I kind of felt like, you know, I belong to the quote unquote culture or whatever you want to call it.
Yeah, that's cool.
You know, when you were talking about going to Barnes & Noble to pick up the magazine to learn about a thing, going to go into Radio Shack and parts, man, that takes me back.
I used to love to go to Barnes & Noble,
smell the print, look at magazines that I couldn't afford to buy,
you know, try to figure out what in the design
and computer magazines were kind of be the one that I would part with my cash.
And, you know, that part of our world has changed a little bit.
I don't know what today's aspiring, and I'm going to say hacker,
and I mean that in the good sense of the word,
You know, how they get into, maybe it's Reddit,
maybe there's different communities that they're in.
I don't think there's like a Barnes & Noble shelf full of
the most cutting-edge articles to go read.
Who knows?
I haven't actually looked.
Maybe they do.
Well, speaking of hacker,
maybe we should define that word up front.
To you, what does hacker culture mean?
And how has that evolved over the years?
Yeah.
It's a really good question, one that I haven't really ever been asked, to be honest,
and one that I haven't reflected on personally, probably, for as long as I've been in the industry.
But I'd say that it's evolved over the years, right?
So early on, meaning like whenever I first started to get into quote-unquote hacking,
and I mean hardware hacking from my perspective.
That's how I entered kind of going into this and video game cracking back in the day.
And from my perspective, the kind of core tenets of a hacker back in that time was freely available information,
traded or otherwise, meaning depending upon the level of information, you might trade for that,
or you might just freely get that.
Hands-on imperative, meaning the ability to actually go out in write scripts, write code, execute code,
perform actual, you know, quote-unquote hacks, for lack of a better term,
even though that's a really bad term to use for that.
I think there was also, generally speaking, and I think a lot of folks that are of that age group,
you know, from that kind of community, there was also a mistrust of the authority, generally.
speaking, right? I mean, you could see that throughout
DefCon constantly to spot the Fed back in the
day, all the different contests that were running that way.
And then also
from kind of a component perspective, like judging
on skill, meaning you would judge other hackers
based on their skill. And by their
skill alone, meaning
didn't matter who they were, where they came from, et cetera.
All you cared about was what they were capable of doing
with a computer, or by bending
technology and kind of stressing
what was possible with technology.
That's evolved, though.
And from my perspective, that's evolved into where
modern times where hacker culture is kind of deeply intertwined with mainstream tech
industry to some degree. And heck, I saw this just walking, walking to this hotel to do this
interview, meaning I was seeing t-shirts with hacker written on the front of that. And is that a
positive or a negative? Because in some communities, it could be considered a negative. You could
be talking about a true black hat hacker. In some communities, the tech industry adopts that as
a hacker mentality, something, someone that stresses those boundaries, someone pushes those
boundaries. So from my perspective, I wish it was as easy as saying, hey, hacker means
X, Y, and Z. But realistically, it's a modern, multifaceted phenomenon with a lot of baggage
tied to that term, frankly. And that's kind of the way that I view it collectively kind
of over the years, that it's shifted and modified and kind of, you know, has just changed to some
degree. Yeah. Language sometimes does that. It depends on when it was said, what the context,
who was saying it.
And I've run into a lot of folks in the industry
who consider themselves hackers, badge of honor,
and are furious when people use that as a way of describing an attacker.
Somebody who just set out to do something malicious or harmful.
And I've figured out over the years that I've been part of this industry,
part of this community, to start using attacker.
and hacker.
And I think of a hacker
as somebody who's able to get technology
to do things that it wasn't intended to do.
Exactly.
And that's interesting.
That's fun.
You're setting out to just push those boundaries.
And sometimes you run into something
where you're like, oh, I wasn't supposed to have access to this
or I can't believe this.
It allowed me to do something.
And then it's that question of like,
what do you do with that new information?
information, that new capability. And if you're, you know, on the good guy side, if you will,
you start to report that as a vulnerability or weakness or something that was unexpected. And
obviously, if you're malicious, you exploit it. And I think that that's where the language
struggles to say, like, how do you take the same exact behaviors and the intent in the mind
of the person doing it, then defines whether it's a good or a bad thing. Yeah. I'm curious if
there is a moment or a person that helps shape your views on what a hacker is or should be.
Yeah, both personally and professionally, again, personally my brother. He is an engineering
mindset and individual that literally wants to understand how everything works. And that literally
means taking things apart. I can remember as a child seeing him take things apart,
trying to understand how they function. And that rubbed off on me over the years to then make me,
curious on how things function.
And I think that that's fundamental to the quote-unquote hacker mindset, right?
Someone that's endlessly curious.
And I think that that ties into why my brother impacted me from that way.
From a professional perspective, there's a few folks.
Martin Rosler and Ben April from Trend Micro.
Those are two of my leaders back at Trend Micro.
And they really kind of taught me to constantly ask what if, meaning what if I could do this?
What if we go out and approach this problem?
What If, meaning almost daydreaming research in a way.
And it was really, really good to work alongside both of those individuals in terms of, you know, kind of teaching and thinking through that mindset, both really skilled in that area.
So I'd say personally and professionally, that's kind of, you know, some of the more impactful folks that really impacted me from that mindset specifically.
I really love that what if phrase because that puts you into a both an imaginative and then a future.
state where you're going like, oh, well, what if that was true? What if I could do that? And
sometimes the thing that's blocking you from making the leap on an innovation is just your own
mind saying, well, that's not possible. Exactly. But if you flip it around and you go,
what if, and then it unlocks these possibilities. Exactly. And that's what Ben and Martin really kind of
didn't train us. They led us to that, right, in a way, meaning, hey, think up a hypothesis and
execute on that. See if it comes to fruition, if not.
If the data proves that your hypothesis is wrong, it's still the conclusion at the end of the day,
and that's still data and it's still a story to tell, right?
So at the end of the day, yeah, they kind of help shape my mindset in that.
Kyle, I won't admit my age and or out yours here, but I think we came from a similar time frame.
We both went to radio shake.
That's fair.
We both went to Barnes and all.
I'm losing my hair.
Yeah.
That's fair.
But I think there was a moment where education said failure's not an option.
You've got to always succeed.
And sometimes asking a dangerous question like what if might lead you to a hypothesis of things you couldn't do.
So you didn't want to be a person who did a thing that didn't work.
And yet, I think that there's a moment where you reframe what you just talked about.
Yeah, you have a hypothesis.
You run it down.
It doesn't work.
You still learn something.
Absolutely.
that's key yeah all right we'll we'll jump back in a little bit this is this is a fascinating piece of the conversation
and want to go back to our last conversation now we talked about AI and how it's changing attacker tactics
and this time I want to ask you how is the rise of new tech AI automation changed hacker identity and culture
I think the number one factor or the number one thing that I see is
barrier to entry for these types of criminals and these types of nation-state adversaries.
What I mean is automation, generative AI, whatever you want to call it, is facilitating and
fueling cybercrime at a rate that we haven't seen, as well as fueling nation-state espionage
rate we haven't seen in the past. I think that that type of technology is only going to continue
to increase speed in which these attackers are coming to scale and how fast they're coming to,
you know, go out and actually perform initial attacks, et cetera. So I think that that's the number
one thing that we're seeing is just the lower barrier to entry. I think the other thing is,
is outside of having that lower barrier to entry for these attackers, I think also what we're
starting to see is the evolution of attackers starting to use things like LLMs and generative
AI to do more advanced techniques. I mean, heck, we just saw a blog recently written that
Russian state sponsor group is actually using an LLM, Gemini, if I'm not mistaken, to go out
and actually assist it in writing actual malware that function. So what that really leads to is
Again, that lower barrier to entry,
attackers are able to use and manipulate LLMs,
jailbreak them in some capacity,
manipulate the guardrails, whatever that is,
and ultimately get the LLM to do things that it wants,
that the attacker wants, rather.
I think those are the kind of two big shifts that I'm seeing.
You've seen the industry shift from hobbyist forums
to billion-dollar enterprises.
What do you think has been lost in the professionalization of cybersecurity?
It's funny you ask this, because I can actually kind of think of myself to some degree, right?
Because I was kind of a quote-unquote hacker in the old school sense of the word
and then migrated over into the corporate world.
So I kind of can look at this from my own perspective.
And I think one of those areas is the loss of just open and free information sharing, right?
I think that's one of the reasons that I pursued intelligence, because a lot of intelligence work is ultimately sharing information.
And I truly believe that I think the power, you know, threat intelligence is sharing.
But I think that the concepts and, you know, kind of migrating more to, you know, that professionalization of cybersecurity,
I think that that's directly related to, you know, some of the decline of open information sharing.
I think also the focus for many in the cybersecurity industry has shifted from inherent curiosity,
what it used to be back early, early on, to marketable skills.
And I'm not saying that's wrong and I'm not saying that's right.
I think that's just part of what we're starting to see kind of change in the industry, right?
I think there are some benefits, though, right?
With every downside there is a benefit, meaning, you know, with that professionalization,
you also see innovation in development
that you likely wouldn't have seen in the past,
meaning we're seeing rapid growth in innovation
across all industries.
I think also professionalization
and quality control on software
and hardware that's being produced
is also something that's directly
a benefit of that professionalization.
So I don't want to make it sound like it's all doom and gloom
because it's not.
It's just the maturation of the field
and the professionalization of that field
and there's goods and bads with everything, right?
And that's the way I view.
That's just a couple positives, a couple negatives, I guess.
Yeah, I think that that maturation has been required because of the landscape,
because of the changes and the opportunity for profit or espionage.
And the hobbyists can't keep up with that.
No, it's hard for me to keep up with it.
And I'm a professional.
Right.
But I think that there is a sense of like maybe looking back at a simpler time.
and maybe longing for it.
Yeah.
You know, some of the pieces of it were there.
But, you know, you can't unring the bell.
That's where we're going.
That's true.
I want you to talk a little bit more about some of the benefits that you don't think get enough credit.
You mean with the professionalization of cybersecurity?
That's right.
I think innovation is probably one of the largest benefits.
I don't think that the same amount of R&D dollars would be spent in innovative categories and innovation in general without that
professionalization, frankly. So I think that that's one of the direct benefits. One of the direct
impactors in a positive way is that innovation. You know, we can talk and continue to go on
about, you know, the professionalization and quality control of the software and hardware that's
created as well. But I think that, you know, all of that stuff is just net benefits.
You've been on the Black Hat U.S. Review Board for over seven years.
Yeah, yeah, a long time.
what do you think black hat and conferences like it should really be doing to foster
mentorship and curiosity yeah so you know we've seen a lot of this just you know i don't want
to speak for black hat specifically but in this case some of the events that i'm involved in
you know the past few years have really been impactful in this area we offer several opportunities
to just do meet and greets with board members as an example where we just set up a table
we put our names on little placards and we stand there and we talk and just kind of
just use as a networking opportunity for anybody that comes in to talk.
That's the kind of thing that I think really makes an impact because it allows you to get
one-on-one with individuals.
I'm also a college instructor as well.
And having that one-to-one time to be able to provide that mentorship, I think, is something
that's really key, especially now in today's kind of cybersecurity industry.
I think it's imperative to be able to try to find somebody that can kind of help mentor you
because there's so many different avenues to take in the industry now.
It's not as simple as it used to be back whenever I got into the industry.
It was much more linear back then.
So, you know, setting up those opportunities to be able to mentor
and have those one-on-one connections
is something that I continue to see Black Hat doing and stepping up into.
And that's an area that I continue to volunteer for on the board
because, again, I think that that's really where you see a good benefit
is that one-on-one connection.
So let's talk about that next generation.
You mentioned a minute ago that you're an instructor.
I'm wondering what advice you'd give to students
or new professionals that are, quote, unquote,
trying to break into security,
especially those that don't feel that they fit the mold.
Okay. I like it.
I'd say there's three things that I constantly give
in terms of recommendations for my students.
The first is master the fundamentals.
And by the fundamentals, I'm referring to
you know, networking, networking topology, understand how RFC 1918 space works, understand how to
configure network devices, et cetera. Do the same from a coding perspective, if possible, right? So master
fundamentals that you can apply directly to your role. Because at the end of the day,
that's going to be, you know, what you can do technically is going to be the foundation of what you can
go from. I would say, also get your hands dirty as much as possible. Create your own lab back
whenever I was first getting started, I created my own lab in my basement and literally bought
parts off eBay, racked and stacked stuff, configured it, learned how, and that's where I
practically learned how to network devices together and have them communicate, all that stuff.
And then the final piece is what I would consider kind of a bit different, and that's embracing
soft skills. Something that is oftentimes lost in our industry is the ability to effectively
and concisely communicate, like being able to break down complex topics down to simple, bite-sized
formats that people can understand. And individuals can really succeed in this field that have that
capability to communicate in that way. And that's something that I really try to stress to my
students is you can be the most technical individual in the world. And that's amazing. But can you
communicate what you know effectively? And if that answer is no, then obviously there's some places
that you can work on from a soft skills perspective. So that's kind of one of those areas that I
really try to stress on students. Don't just take technical proficiency.
as the end-all-be-all, because soft skills can really round out that skill set as an individual in this industry.
I think that facts don't change people's minds.
Stories do, and what I'm hearing is if you're able to concisely and effectively communicate,
people will understand the risk.
They'll understand that there's a problem worth solving.
If you just tell them the facts, they don't have the context.
So have you run across any effective ways of training on the soft skills, whether there's
storytelling or something else?
Yeah, that's a really good question.
And something that hits close to home because in intelligence work with threat intelligence
and threat research, if you can't communicate what you're finding, you cannot communicate
the risk that you're identifying.
So from my perspective, there's two things that I try to recommend.
First is public speaking.
And I make all of my students, and they can all attest to this.
I'm sure some of them that are listening are probably shouting.
very moment about me requiring them to do concise public speaking. So that's the first piece.
Get used to and comfortable in a setting speaking where you are unidirectionally speaking,
where it's not, you know, you are speaking to an audience. It's a different format than if you're
an instructor and it's, you know, bidirectional where you're receiving input and giving back.
The second piece is Toastmasters. In fact, here at Unit 42, we have a Toastmasters Club also,
and it works out really good to cut your teeth with how to effectively communicate.
Because they'll have you communicating about topics that you may not be familiar with, which is always a fun kind of exercise, you know, to kind of come off as an expert on a topic that you may not know anything about.
And I think those soft skills that you're talking about, being able to stand up and talk about a topic and or to move a room of people from one position to another, right?
That's a great presentation.
That's a great toastmaster's outcome.
Those are skills that aren't just great for an aspiring cyber security professional, a hacker.
They're great for any type of career that you're going to be in.
And I look at resources like Duarte's resonate.
It's a great book that shows you how to tell a story and to move from what is to what could be.
And the jump between those two concepts is data or emotional hook, these kinds of things that our brains come on.
and then you bring it back down like at what could be and then you're like but here's what is and then you land at this idea of a new bliss and you can see great speakers in all kinds of different contexts in industries able to do that and sometimes i feel like we're a technical field full of technical facts and we're going to give those facts to people and if the receiver of said facts doesn't have the ability to translate them into their oh no moment they went oh
I have no idea what that guy just said.
I have no idea. You lose impact.
Yeah. And then you're not effective as a security leader.
Yep. Bingo.
I want to talk about you for a second.
Okay.
How do you maintain your sense of curiosity,
make time for experimentation in a high-pressure role like you have here at Unit 42?
The first is that question that I said early on.
What if?
I literally ask myself that multiple times daily still in my current role.
And that was as a people leader, as a technical leader, as everything in between.
As a researcher, I still ask that question.
So the what if question applies across the board.
And a perfect example is, what if, as an example, what if I automate this task, right?
That right there can speak volumes in terms of being able to get time back, which leads me to the next thing, which is schedule curiosity.
I know that sounds weird, but schedule time for that what-if question, schedule time to hypothesize
research and then execute on that research. I still do that. Even 15 years doing research, I still do
that. Because at the end of the day, you have to be constrained in your time and you have to
understand that you only have a certain amount of time to do those things. So the what-if question
will ultimately, hopefully lead you to that capability of scheduling that curiosity. And then the
final piece is embrace intellectual humility this is something that i think a lot of folks in our
industry are not great at doing in some cases um and embracing being um when you don't know something
it readily admit that say i don't know but i'm committed to finding out what that answer is
and i'll have an answer back to you within 24 hours that's says a lot about someone versus just
making up an answer that is a shocking level of confidence when you run across somebody who can admit
I don't know, but I do know how to figure this out.
Exactly.
The smartest and most brilliant people I've ever worked with and met
are the first ones to say they do not know.
Yeah.
And that's an important thing that I constantly remember.
Even today, I mean, I still have healthy imposter syndrome, even to today.
Like, I have imposter syndrome constantly.
And I think it's because making sure you have a healthy dose of that intellectual humility to some degree.
In tech, I think we all do.
It's a necessary feeling because we're making up a lot of things and making new things all the time.
There isn't a moment where you're going, well, I've mastered this skill.
I'm a, you know, everything that needs to be known about filling the skill.
I don't want to go and, you know, pick on weaving or being a blacksmith or whatever.
I'm sure that there is innovation in those spaces.
Yeah, of course.
But like, there is a moment where you're going, yeah, we've never done this before.
Yeah.
How do we do this?
Yeah.
I've never seen that before.
No, there is anyone else.
What do we do?
Yeah.
So I'm curious how you encourage that same level of commitment to being creative and curious with your team.
I mean, it comes down to literally scheduling that time, meaning scheduling research time,
put the time in your calendar block as research time and dedicate the time to that research,
ensuring that there's, you know, a purpose for the research and there's a deliverable outcome, ideally, right?
Meaning you're not just researching to research.
you have an outcome or a purpose or a deliverable, ideally at the end.
Are you familiar with the pickle jar story?
No.
So this professor walks into class and he has a big pickle jar,
like the ones that, you know, you get at Costco or whatever.
And he asked the class to tell him when the pickle jar is full.
And he puts in a big chunk of stone and then he puts in one more big rock,
and it's up to the top.
And, you know, the class is like, yeah, that you're not going to get any more big rocks in there.
and he goes well hang on and so then he gets out a handful of smaller rocks and he starts to
shove those in there and they like find little crevices and you know they're like okay we kind of
see where you're going here he goes is it full yeah and they're like well yeah you can't fit any of these
like smaller medium rocks in and he gets out pebbles does the same thing again and he gets out
sand and they're finally like okay we get it it's full and he goes hang on and he gets out a big pitcher
of water and he pours that in
And it fills in every little bit of the pickle jar.
And he goes, what would have happened if I would have started with small things like the water,
the sand, the small pebbles, the medium rocks, what I've ever been able to get the big rocks in?
And of course, not.
And he goes, start life with the big rocks.
Because if you don't schedule those in as the things that you're going to go for first,
life has a way of filling in with a bunch of nonsense tasks, little sand, little rocks.
I love it.
Yeah, I like it.
Because you could look at your week.
your month year, whatever you're looking at is your time horizon and go, what's the thing I
want to accomplish? What's the most important thing? And then, as you put it, curiosity, research
with intent needs to be scheduled so that you don't look at your calendar and go, oh, I don't have any
time this week. Exactly. Because too many of those weeks stack up. Exactly. And then you've done
nothing. Dingo. Looking ahead, what kind of hacker culture do you want to see in the next, call it
five or 10 years.
Oh, okay.
Well, I would say I would like to see a culture that is overwhelmingly perceived as a force
for good in innovation, basically linking creative problem solving and the advancement of
secure technology, all combined into that term.
I would love to see the negative connotation attached with the term to be separated off and
kind of originated back to its original term is what I'd really like to see. Do I see that
happening? I don't think so, but we'll have to see. Well, look, a boy can dream. That's true.
What's one step that our listeners, every one of us could take to start to move towards that
idealized future culture that we should have? Do what I do, correct family and friends.
So when they say, hey, have you heard about that new hacker that's doing X, Y, and Z, or using, you know,
those types of terms, I correct them and have them try to use correct terminology.
So my friends and family are tired of hearing that, but, yeah.
Well, I believe that it is possible.
Kyle, you've had a career that bridges research, mentorship, teaching, and public speaking.
What values have stayed constant for you throughout at all?
And which ones are you still evolving?
So relentless curiosity.
You've heard me mention curiosity a lot throughout our conversation.
and having that relentless curiosity is huge.
I think having unyielding integrity also
with the research that you produce
because the data will speak for itself,
it's accurate or not.
So having integrity with the research you're conducting,
with the data that you're doing behind the scenes,
et cetera is extremely important.
Knowledge is a shared resource.
And what I mean is,
you know, I fundamentally believe that knowledge gains, it gains value when it's shared.
And in this case, hoarding information for personal advantage is a dead end. I see that.
And that's something that I try to kind of continually, you know, think through and kind of, you know,
make sure that I'm cognizant of. Some of the things that are still evolving, that's a difficult question.
and it's something that requires me
to kind of think a little bit about
myself, but what I would say is
the first thing that I struggled with
was patience with problems migrating
to patience with people.
So meaning I had all the patience in the world
for problems that existed in data,
problems that existed in the technical realm.
But whenever I became a people leader,
I was not attuned to understanding
the patience with the people aspect.
So that was something that was constantly evolving, constantly shifting, and something that I had to acutely be aware of to some degree.
I think also I used to always focus on technical purity versus pragmatic impact.
So meaning, you know, do you, what is, the technical purest route is one way.
Or you can go option B, get there faster.
It's not going to be pure maybe, might have some inefficiencies or maybe some things that,
might not be perfect, but it still gets the job done.
So that's something that I'm still evolving
and kind of shifting my mindset from being a technical purist
in the purest sense of the word.
And I think also migrating from a right to speak
to a responsibility to listen also.
So meaning, you know, you have a responsibility to listen,
not necessarily to speak in all settings, right?
So knowing when to speak, how to speak, et cetera,
is something else that I'm constantly aware of
and is constantly evolving to some degree.
So I don't know if that answer your question, though.
It does.
Okay.
And I'm right there with your brother.
Kyle, where can listeners reach out to you or find some of your writing?
Yeah.
So I'm pretty active on LinkedIn.
And then also pretty active on the Unit 42 blog as well.
So I'm blogging there pretty routinely and updating my LinkedIn pretty
continually with everything from new job postings all the way down to research that the teams are
conducting. So, yeah. I'll go ahead and make sure that those are in our show notes.
Kyle, thank you for coming in. Yeah, thank you. And during the hot seat,
while we get to know, Kyle Will Hoyt, a little bit better. This has been an absolute pleasure
of a conversation. Likewise. Thanks, David. Really good time.
That's it for today. If you like what you heard,
subscribe wherever you listen and leave us a review on Apple Podcast or Spotify. Your reviews
and feedback really do help us understand what you want to hear about. If you want to contact me
directly about the show, email me at Threat Factor at Palo Alto Networks.com. I want to thank our
executive producer, Michael Heller, our content and production teams, which include Kenny Miller,
Joe Benacourt, and Virginia Tran. Original music and mixed by Elliot Peltzman. We'll be back next week.
stay secure, stay vigilant.
Goodbye for now.
Thank you.
I'm