David Moulton (13:35)

Hi, I'm David Moulton, host of the Threat Vector Podcast where we break down cybersecurity threats, resilience and the industry trends that matter most. Here's a quick preview of my interview with Kyle Wilhoyt, Technical Director of threat research at unit 42. We rewind the clock and ask if we've lost something essential in cybersecurity's evolution. Kyle shared how as a 14 year old kid reading the Hacker Quarterly and building his beige box, he felt like he belonged. We explore how that same mindset is being challenged today by automation, AI and billion dollar enterprises. If you've ever wrestled with imposter syndrome, wondered how to stay curious in a high pressure role, or felt a tension between purity and pragmatism, this episode is for you. How has the rise of new tech AI automation changed hacker identity and culture?

Dave Bittner (14:31)

I think the number one factor or the Number one thing that I see is lower barrier to entry for these types of criminals and these types of nation state adversaries. What I mean is automation, generative AI, whatever you want to call it, is facilitating and fueling cybercrime at a rate that we haven't seen, as well as fueling nation state espionage at a rate we haven't seen in the past. I think that that type of technology is only going to continue to increase speed in which these attackers are coming to scale and how fast they're coming to go out and actually perform initial attacks, et cetera. So I think that that's the number one thing that we're seeing is just a lower barrier to entry. I think the other thing is outside of having that lower barrier to entry for these attackers, I think also what we're starting to see is the evolution of attackers starting to use things like LLMs and generative AI to do more advanced techniques. I mean, heck, we just saw a blog recently written that Russian state sponsored group was actually using an LLM Gemini, if I'm not mistaken, to go out and actually assist it in writing actual malware that functioned. So what that really leads to is again, that lower barrier to entry attackers are able to use and manipulate LLMs, jailbreak them in some capacity, manipulate the guardrails, whatever that is, and ultimately get the LLM to do things that it wants, that the attacker wants rather. I think those are the kind of two big shifts that I'm seeing.

David Moulton (15:54)

You've seen the industry shift from hobbyist forums to billion dollar enterprises. What do you think has been lost in the professionalization of cybersecurity?

Dave Bittner (16:10)

It's funny you ask this because I can actually kind of think of myself to some degree, right, Because I was kind of a quote unquote hacker in the old school sense of the word, and then migrated over into the corporate world. So I kind of can look at this from my own perspective and I think one of those areas is the loss of just open and free information sharing. I think that's one of the reasons that I pursued intelligence, because a lot of intelligence work is ultimately sharing information. And I truly believe that. I think the power of threat intelligence is sharing, but I think that the concepts and kind of migrating more to that professionalization of cybersecurity. I think that that's directly related to some of the decline of open information sharing. I think also the focus for many in the cybersecurity industry has shifted from inherent curiosity, what it used to be back early, early on, to marketable skills And I'm not saying that's wrong, and I'm not saying that's right. I think that's just part of what we're starting to see kind of change in the industry. Right. I think there are some benefits though.

David Moulton (17:20)

Right.

Dave Bittner (17:21)

With every downside, there is a benefit. Meaning with that professionalization, you also see innovation and development that you likely wouldn't have seen in the past. Meaning we're seeing rapid growth in Innov across all industries. I think also professionalization and quality control on software and hardware that's being produced is also something that's directly a benefit of that professionalization. So I don't want to make it sound like it's all doom and gloom, because it's not. It's just the maturation of the field and the professionalization of that field. And there's goods and bads with everything. Right. And that's the way I view it. That's just a couple positives, couple negatives, I guess.

David Moulton (17:59)

Yeah. I think that maturation has been required because of the landscape, because of the changes and the opportunity for profit or espionage. And the hobbyists can't keep up with that.

Dave Bittner (18:15)

No, it's hard for me to keep up with it. And I'm a professional.

David Moulton (18:18)

Right. But I think that there is a sense of maybe looking back at a simpler time and maybe longing for it. You know, some of the pieces of it were there, but, you know, you can't unring the bell. That's where we're. That's where we're going.

Dave Bittner (18:34)

That's true.

David Moulton (18:36)

I want to talk about you for a second.

Dave Bittner (18:38)

Okay.

David Moulton (18:39)

How do you maintain your sense of curiosity? Make time for experimentation in a high pressure role like you have here at unit 42?

Dave Bittner (18:52)

The first is that question that I said early on. What if? I literally asked myself that multiple times daily, still in my current role, and that was as a people leader, as a technical leader, as everything in between. As a researcher, I still ask that question. So the what if question applies across the board. And a perfect example is what if as an example, what if I automate this task?

Podcast Host / Announcer (19:15)

Right.

Dave Bittner (19:16)

That right there can speak volumes in terms of being able to get time back. Which leads me to the next thing, which is schedule curiosity. I know that sounds weird, but schedule time for that what if question. Schedule time to hypothesize research and then execute on that research. I still do that. Even 15 years doing research, I still do that. Because at the end of the day, you have to be constrained in your time and you have to understand that you only have a certain amount of time to do those things. So the what if Question will ultimately hopefully lead you to that capability of scheduling that curiosity. And then the final piece is embrace intellectual humility. This is something that I think a lot of folks in our industry are not great at doing in some cases, and embracing being when you don't know something and readily admit that, say I don't know, but I'm committed to finding out what that answer is and I'll have an answer back to you within 24 hours. That says a lot about someone versus just making up an an.

David Moulton (20:22)

Thanks for sticking around to hear what's coming next on Threat Vector. If we piqued your interest, the full conversation is available in your Threat Vector feed now. Trust me, you'll walk away seeing hacker culture in a whole new light. New episodes every week. Subscribe now. To stay ahead.

Podcast Host / Announcer (20:54)

Be sure to check out the complete Threat Vector show wherever you get your favorite podcasts. Think your Certificate security is covered by March 2026 TLS certificate lifespans will be cut in half, meaning double today's renewals. And in 2029, certificates will expire every 47 days, demanding between 8 and 12 times the renewal volume. That's exponential complexity, operational workload and risk unless you modernize your strategy. Cyberark, proven in Identity security is your partner in certificate security. Cyberark simplifies lifecycle management with visibility, automation and control at scale. Master the 47 day shift with CyberArk scan for vulnerabilities, streamline operations, scale security. Visit cyberark.com 47day that's cyberark.com the numbers 47 day and now a word from our sponsor, ThreatLocker, the powerful Zero Trust Enterprise solution that stops ransomware in its tracks. Allow Listing is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy, ensuring apps can only access the files, registry keys, network resources, and other applications they truly need to function. Shut out cybercriminals with world class endpoint protection from ThreatLocker. And finally, it's not every day the police stumble across 5 billion pounds in Bitcoin. But that's exactly what London's Metropolitan Police bagged in the world's largest crypto seizure. At the center of it all is Jimin Chang, also known as Yadi Zhang, who pled guilty to running a scam in China that duped 128,000 victims between 2014 and 2017. She fled to the UK with false documents, tried laundering her digital fortune into property, and instead earned herself a court date along the way, her accomplice went from takeaway worker to mansion dweller before being jailed, too. Prosecutors note that criminals love crypto's cloak of invisibility, but this seven year investigation proves the blockchain isn't always the perfect hiding place. Chan's sentencing is still pending, and that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpie is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.

Dave Bittner (25:13)

And Doug Limu and I always tell you to customize your car insurance and save hundreds with Liberty Mutual, but now we want you to feel it. Cue the emu music. Limu Save yourself money today. Increase your wealth. Customize and save.

David Moulton (25:29)

We save.

Dave Bittner (25:31)

That may have been too too much feeling.

Podcast Host / Announcer (25:32)

Only pay for what you need@libertymutual.com Liberty Liberty Liberty Liberty Savings Ferry Unwritten by Liberty Mutual Insurance Company and affiliates excludes.

Dave Bittner (25:40)

Massachusetts.

Podcast Host / Announcer (25:44)

Cyber Innovation Day is the premier event for cyber startups, researchers and top VC firms building trust into tomorrow's digital world. Kick off the day with unfiltered insights and panels on securing tomorrow's technology. In the afternoon, the 8th annual DataTribe Challenge takes center stage as elite startups pitch for exposure, acceleration and funding. The Innovation Expo runs all day, connecting founders, investors and researchers around breakthroughs in cybersecurity. It all happens November 4th in Washington, D.C. discover the startups building the future of cyber. Learn more@cid.datatribe.com.