Kyle Wilhoit

You're listening to the Cyberwire Network, powered by N2K.

Host/Producer

Before we dive into today's episode, I want to take a moment to reflect on what an incredible year it's been for Threat Vector. We've covered a lot of ground together. AI dominated many of our conversations this year, and rightfully so. The technology is reshaping both how we defend networks and how attackers operate. We pulled back the curtain on threat groups like Muddled Libra, explored the expanding attack surfaces in cloud and IoT environments, and even ventured into the fascinating world of quantum computing and what it means for the future of cybersecurity. Some of my favorite episodes featured customers sharing their real world challenges and how they talk about cyber risk to their boards. Those conversations reminded me why we do this work. It's not just about technology, it's about the people trying to protect their organ in an increasingly complex landscape. Choosing one episode to revisit as we close out the year was much tougher than I expected, but I kept coming back to a conversation that felt different from our usual fare. The episode is called what Happened to Hacker Culture? And it features Kyle Wilhoit, technical director of Threat research here at unit 42. Kyle's been a guest on the show several times and always brings sharp insights about the threat landscape, but this time I wanted to dig deeper, not into what he knows, but what makes him tick. We recorded this conversation in person at Black Hat in Vegas, which is rare for me. There's something about sitting across from someone, reading their body language, letting the conversation breathe, that just doesn't happen over video calls. The result was relaxed, genuine, and full of those unexpected moments that remind you why you love doing this work. Kyle shared stories from his early days picking up hacker magazines at Barnes and Noble about building a beige box from Radio Shack Bards, and that moment at his first defcon when he realized he'd found his people. We talked about how the professionalization of cybersecurity has brought incredible innovation, but also changed the open, freewheeling information sharing culture that many of us grew up with. And we explored what it takes to maintain curiosity and creativity when you're leading threat research teams in a high pressure environment. If you're new to threatvector, welcome, there should be something in our back catalog for you. Whether you're interested in technical deep dives, strategic conversations about risk, or stories like this one about the humans behind the headlines. And if you're a regular listener, thank you. I hope we've earned your attention each week, and I hope that this conversation resonates with you the way it did for me. Now, as we close out the year, here's my conversation with Kyle Wilhoyt, recorded at this year's blackout event in Las Vegas.

David Moulton

Welcome to Threat Vector, the Palo Alto Networks podcast, where we discuss pressing cybersecurity threats and resilience and uncover insights into.

Interviewer

The latest industry trends.

David Moulton

Trends. I'm your host, David Moulton, senior director of thought leadership for unit 42.

Kyle Wilhoit

Curious. Constantly curious. That's. That is, that is, to me, what is the foundation of a quote unquote hacker, whatever you want to call it, that can be an attacker or a hacker. But at the end of the day, they're going to be curious to some degree. Right? And I think being endlessly curious is something that can only benefit you within constraints. But being curious.

David Moulton

Today's episode is a little different. Instead of diving straight into the latest threat intelligence or attack techniques, we're pulling back the curtain to get to know the person behind the research. I'm speaking with Kyle Wilhoyt, Director of Threat research here at unit 42, and.

Interviewer

This is his story.

David Moulton

Kyle's journey from a curious kid picking up hacker magazines at Barnes and Noble to leading some of the world's most sophisticated threat research is one that reflects the evolution of our entire industry. He's been a Black Hat board review member for over seven years, mentors the next generation of cybersecurity professionals, and has that rare combination of technical depth and genuine curiosity that makes him so effective.

Host/Producer

At what he does.

David Moulton

Today we're going to talk about Kyle's personal path into cybersecurity, how hacker culture has evolved, and what it really takes to stay curious and innovative in a field that never stops changing.

Interviewer

Kyle, when we last spoke on Threat Vector, you gave us a grounded, no fud, in case you don't know what that means. Fear, uncertainty and doubt view of how AI is and isn't transforming the threat landscape. I was back on episode 13. Today's topic is a little bit more personal. Let's rewind. Do you remember the first time you felt like you belonged to in the hacker community or the security community? And take me back and tell me what you remember about that moment.

Kyle Wilhoit

Yeah, there's actually two. There's a personal one and a professional one. The personal side is actually back in the day and I'm aging myself here, but there's an old magazine called 2600, which I used to pick up at Barnes and Noble at the time up in St. Louis, Missouri. I had to travel with my parents to go Pick it up every month. And the first time that I felt like that was reading that and actually getting the plans for something called a beige box and creating a beige box by walking to my local Radio Shack and building it myself in my own house and testing it, et cetera. So that's kind of from a personal perspective and at that time I think I was probably 14 at that age. So from a professional perspective, I would say it was honestly the first time I came out to Black Hat and defcon professionally. Brand new security engineer working for a couple different companies. And I finally got out to the point where they were going to invest the money to send me to Black Hat and defcon. And Black Hat was interesting. Obviously, the first time you're exposed to it, it's pretty impressive and pretty overwhelming to a degree. And DEFCON was even more that way. So those were kind of the two real big pioneering moments that I can remember back professionally and personally on when I kind of felt like, you know, I belong to the quote unquote culture, whatever you want to call it.

Interviewer

Yeah, that's cool. When you were talking about going to Barnes and Noble to pick up the magazine to learn about a thing, going to Radio Shack and getting parts, man, that takes me back. I used to love to go to Barnes and Noble, smell the print, look at magazines that I couldn't afford to buy, you know, try to figure out what in the design and computer magazines were kind of be the one that I would, I would part with my cash and you know, that part of our world has changed a little bit. I don't know what today's aspiring and I'm gonna say hacker. And I mean that in the good sense of the word. You know, how they get into. Maybe it's Reddit, maybe there's different communities that they're in. I don't think there's like a Barnes and Noble shelf full of the most cutting edge articles to go read.

Host/Producer

But who knows?

Interviewer

I haven't actually looked.

Kyle Wilhoit

Maybe they did.

Interviewer

Well, speaking of hacker, maybe we should define that word up front to you. What does hacker culture mean and how has that evolved over the years?

Kyle Wilhoit

Yeah, that's a really good question. One that I haven't really ever been asked to be honest, and one that I haven't reflected on personally probably for as long as I've been in the industry. But I'd say that it's evolved over the years so early on. Meaning like whenever I first started to get into quote, unquote, hacking and I mean hardware hacking, from my perspective, that's how I entered kind of going into this video game cracking back in the day. And from my perspective, the kind of core tenants of a hacker back in that time was freely available information traded or otherwise, meaning depending upon the level of information, you might trade for that or you might just freely get that hands on. Imperative, meaning the ability to actually go out and write scripts, write code, execute code, you know, perform actual, you know, quote unquote hacks, for lack of a better term, even though that's a, that's a really bad term to use for that. I think there was also, generally speaking, and I think a lot of folks that are, that are of that age group, you know, from, from that kind of community, there was also a mistrust of authority, generally speaking. Right. I mean, you could see that throughout defcon constantly to spot the Fed back in the day, all the different contests that were running that way. And then also from kind of a component perspective, like judging on skill, meaning you would judge other hackers based on their skill and by their skill alone, meaning didn't matter who they were, where they came from, et cetera. All you cared about was what they were capable of doing with a computer or by bending technology and kind of stressing what was possible with technology. That's evolved though, and from my perspective, that's evolved into where modern times, where hacker culture is kind of deeply intertwined with mainstream tech industry to some degree. And, and heck, I saw this just walking to this hotel to do this interview, meaning I was seeing T shirts with hacker written on the front of that. And is that a positive or a negative? Right, because in some communities it could be considered a negative. You could be talking about a true black hat hacker. Or in some communities, the tech industry adopts that as a hacker mentality. Someone that stresses those boundaries, someone that pushes those boundaries. So from my perspective, I wish it was as easy as saying, hey, hacker means X, Y and Z. But realistically it's a modern multifaceted phenomenon with a lot of baggage tied to that term, frankly. You know, there's, and that's kind of the way that I view it collectively kind of over the years that it's shifted and modified and kind of, you know, has just changed to some degree.

Interviewer

Yeah, language sometimes does that. It depends on when it was said, what the context, who was saying it. And I've run into a lot of folks in the industry who consider themselves hackers badge of honor and are furious when people use that as a way of describing an attacker, somebody who just set out to do something malicious or harmful. And I've figured out over the years that I've been part of this industry, part of this community, to start using attacker and hacker. And I think of a hacker as somebody who's able to get technology to do things that it wasn't intended to do.

Kyle Wilhoit

Exactly.

Interviewer

And that's interesting. That's fun. You're setting out to just push those boundaries. And sometimes you run into something where you're like, oh, I wasn't supposed to have access to this, or I can't believe this allowed me to do something. And then it's that question of, what do you do with that new information, that new capability? And if you're on the good guy side, if you will, you start to report that as a vulnerability or a weakness or something that was unexpected. And obviously, if you're malicious, you exploit it. Right. And I think that that's where the language struggles to say, like, how do you take the same exact behaviors and the intent in the mind of the person doing it then defines whether it's a good or a bad thing.

Kyle Wilhoit

Yeah.

Interviewer

I'm curious if there is a moment or a person that help shape your views on what a hacker is or should be.

Kyle Wilhoit

Yeah. Both personally and professionally. Again, personally, my brother, he is an engineering mindset and individual that literally wants to understand how everything works. And that literally means taking things apart. I can remember as a child seeing him take things apart, trying to understand how they function. And that rubbed off on me over the years to then make me endlessly curious on how things function. And I think that that's fundamental to the quote, unquote, hacker mindset. Right. Someone that's endlessly curious. And I think that ties into why my brother impacted me from that way. From a professional perspective, there's a few folks, Martin Rosler and Ben April from Trend Micro, those were two of my leaders back at Trend Micro. And they really kind of taught me to constantly ask what if? Meaning what if I could do this? What if we go out and approach this problem? What if? Meaning almost daydreaming research, in a way. And it was really, really good to work alongside both of those individuals in terms of kind of teaching and thinking through that mindset, both really skilled in that area. So I'd say personally and professionally, that's kind of some of the more impactful folks that really impacted me from that mindset.

Interviewer

Specifically, I really love that what if phrase because that puts you into both an imaginative and then a future state where you're going, like, oh, well, what if that was true, what if I could do that? And sometimes the thing that's blocking you from making the leap on an innovation is just your own mind saying, well, that's not possible.

Kyle Wilhoit

Exactly.

Interviewer

But if you flip it around and you go, what if? And then it unlocks these possibilities. Exactly.

Kyle Wilhoit

And that's. Ben and Martin really kind of didn't train us. They led us to that. Right. In a way. Meaning, hey, think up a hypothesis and execute on that. See if it comes to fruition. If not, if. If the data proves that your hypothesis is wrong, it's still the conclusion at the end of the day. And that's still data and it's still a story to tell. Right. So at the end of the day. Yeah, they kind of helped shape my mindset in that.

Interviewer

So, Kyle, I won't admit my age and, or out yours here, but I think we came from a similar timeframe. We both went the right answer.

Kyle Wilhoit

That's fair. That's fair.

Interviewer

Both went to Barnes and Noble.

Kyle Wilhoit

I'm losing my hair. Yeah, that's fair.

Interviewer

But I think there was a moment where education said, failure's not an option. You've gotta always succeed. And sometimes asking a dangerous question like what if? Might lead you to a hypothesis of things you couldn't do. So you didn't wanna be a person who did a thing that didn't work. And yet I think that there's a moment where you reframe what you just talked about.

Kyle Wilhoit

Yeah.

Interviewer

You have a hypothesis, you run it down, it doesn't work. You still learn something.

Kyle Wilhoit

Absolutely.

Interviewer

That's key. Yeah. All right, we'll jump back in a little bit. This is a fascinating piece of the conversation. I want to go back to our last conversation. We talked about AI and how it's changing attacker tactics. And this time I want to ask you, how has the rise of new tech, AI, automation, changed hacker identity and culture?

Kyle Wilhoit

I think the number one factor, or the number one thing that I see is lower barrier to entry for these types of criminals in these types of nation state adversaries. What I mean is automation, generative AI, whatever you want to call it, is facilitating and fueling cybercrime at a rate that we haven't seen, as well as fueling nation state espionage in a rate we haven't seen in the past. I think that that type of technology is only going to continue to increase speed in which these attackers are coming to scale and how fast they're coming to go out and actually perform initial attacks, et cetera. So I think that that's the number one thing that we're seeing is just the lower barrier to entry. I think the other thing is outside of having that lower barrier to entry for these attackers, I think also what we're starting to see is the evolution of attackers starting to use things like LLMs and generative AI to do more advanced techniques. I mean, heck, we just saw a blog recently written that Russian state sponsored group was actually using an LLM Gemini, if I'm not mistaken, to go out and actually assist it in writing actual malware that functioned. So what that really leads to is again, that lower barrier to entry attackers are able to use and manipulate LLMs, jailbreak them in some capacity, manipulate the guardrails, whatever that is, and ultimately get the LLM to do things that it wants or that the attacker wants rather. I think those are the kind of two big shifts that I'm seeing.

Interviewer

You've seen the industry shift from hobbyist forums to billion dollar enterprises. What do you think has been lost in the professionalization of cybersecurity?

Kyle Wilhoit

It's funny you ask this because I can actually kind of think of myself to some degree, right? Because I was kind of a quote unquote hacker in the old school sense of the word, and then migrated over into the corporate world. So I kind of can look at this from my own perspective. And I think one of those areas is the loss of just open and free information sharing, right? I think that's one of the reasons that I pursued intelligence, because a lot of intelligence work is ultimately sharing information and I truly believe that. I think the power of threat intelligence is sharing, but I think that the concepts and kind of migrating more to that professionalization of cybersecurity, I think that that's directly related to some of the decline of open information sharing. I think also the focus for many in the cybersecurity industry has shifted from inherent curiosity, what it used to be, back early, early on, to marketable skills. And I'm not saying that's wrong, and I'm not saying that's right. I think that's just part of what we're starting to see change in the industry, right. I think there are some benefits though, right? With every downside there is a benefit. Meaning with that professionalization you also see innovation and development that you likely wouldn't have seen in the past, meaning we're seeing rapid growth in innovation across all industries. I think also professionalization and quality control on software and hardware that's being produced is also something that's directly a benefit of that professionalization. So I don't want to make it sound like it's all doom and gloom, because it's not. It's just the maturation of the field and the professionalization of that field. And there's goods and bads with everything.

Host/Producer

Right.

Kyle Wilhoit

And that's the way I view it. That's just a couple positives, couple negatives, I guess.

Interviewer

Yeah. I think that maturation has been required because of the landscape, because of the changes and the opportunity for profit or espionage. And the hobbyists can't keep up with that.

Kyle Wilhoit

No, it's hard for me to keep up with it. I'm a professional.

David Moulton

Right.

Interviewer

But I think that there is a sense of like, maybe looking back at a simpler time and maybe longing for it. You know, some of the pieces of it were there, but, you know, you can't unring the bell. That's where we're. That's where we're going.

Kyle Wilhoit

That's true.

Interviewer

I want you to talk a little bit more about some of the benefits that you don't think get enough credit.

Kyle Wilhoit

You mean with the professionalization of cyber security?

Interviewer

That's right.

Kyle Wilhoit

I think innovation is probably one of the largest benefits. I don't think that the same amount of R and D dollars would be spent in innovative categories and innovation in general without that professionalization, frankly. So I think that that's one of the direct benefits. One of the direct impactors in a positive way is that innovation. We can talk and continue to go on about the professionalization and quality control of the software and hardware that's created as well, but I think that all of that stuff is just met benefits.

Interviewer

You've been on the Black Hat US Review board for over seven years.

Kyle Wilhoit

Yeah, yeah. A long time.

Interviewer

What do you think Black Hat and conferences like it should really be doing to foster mentorship and curiosity?

Kyle Wilhoit

Yeah. So, you know, we've seen a lot of this just, you know, I don't want to speak for Black Hat specifically, but in this case, some of the events that I'm involved in, you know, the past few years have really been impactful in this area. We offer several opportunities to just do meet and greets with board members. As an example, where we just set up a table, we put our names on little placards, and we stand there and we talk and just kind of just use as a networking opportunity for anybody that comes in to talk. That's the kind of thing that I think really makes an impact because it allows you to get one on one with individuals. I'm also a college instructor as well, and having that one to one time to be able to provide that mentorship, I think is something that's really key. Especially now in today's kind of cybersecurity industry. I think it's imperative to be able to try to find somebody that can kind of help mentor you because there's so many different avenues to take in the industry now. It's not as simple as it used to be back whenever I got into the industry, it was much more linear back then. So setting up those opportunities to be able to mentor and have those one on one connections is something that I continue to see black hat doing and stepping up into. And that's an area that I continue to volunteer for on the board because again, I think that that's really where, where you see good benefit is that one on one connection.

Interviewer

So let's talk about that next generation. You mentioned a minute ago that you're an instructor. I'm wondering what advice you'd give to students or new professionals that are quote unquote, trying to break into security, especially those that don't feel that they fit the mold.

Kyle Wilhoit

Okay, I like it. I'd say there's three things that I constantly give in terms of recommendations for my students. The first is master the fundamentals. And by the fundamentals, I'm referring to networking. Networking, topology, understand how RC 1918 space works, understand how to configure network devices, et cetera. Do the same from a coding perspective, if possible. So master fundamentals that you can apply directly to your role. Because at the end of the day that's going to be what you can do technically is going to be the foundation of what you can go from. I would say also get your hands dirty as much as possible. Create your own lab. Back whenever I was first getting started, I created my own lab in my basement and literally bought parts off ebay, racked in the stack, stuff, configured it, learned how, and that's where I practically learned how to network devices together and have them communicate all that stuff. And then the final piece is what I would consider kind of a bit different and that's embracing soft skills. Something that is oftentimes lost in our industry is the ability to effectively and concisely communicate. Like being able to break down complex topics down into simple bite sized formats that people can understand and individuals can really succeed in this field that have that capability to communicate in that way. And that's something that I really try to stress to my students is you can be the most technical individual in the world and that's amazing. But can you communicate what you know effectively? And if that answer is no, then obviously there's some places that you can work on from a soft skills, soft skills perspective. So that's kind of one of those areas that I really try to stress on. Students don't just take technical proficiency as the end all be all because soft skills really round out, you know, that skill set. As an individual in this industry.

Interviewer

I think that facts don't change people's minds, stories do. And what I'm hearing is if you're able to concisely and effectively communicate, people will understand the risk. They'll understand that there's a problem worth solving. If you just tell them the facts, they don't have the context. So have you run across any effective or ways of training on the soft skills, whether they're storytelling or something else?

Kyle Wilhoit

Yeah, that's a really good question. And something that hits close to home because in intelligence work with threat intelligence and threat research, if you can't communicate what you're finding, you cannot communicate the risk that you're identifying. So from my perspective, there's two things that I try to recommend. First is public speaking. And I make all of my students and they can all attest to this. I'm sure some of them that are listening are probably shouting at this very moment about me requiring them to do concise public speaking. So that's the first piece. Get used to and comfortable in a setting speaking where you are unidirectionally speaking, where it's not, you know, you are speaking to an audience. It's a different format than if you're an instructor and it's, you know, bi directional where you're receiving input and giving back. The second piece is Toastmasters. In fact, Here at unit 42 we have a Toastmasters club also. And it works out really good to cut your teeth with how to effectively communicate because they'll have you communicating about topics that you may not be familiar with, which is always a fun kind of exercise to kind of come off as an expert on a topic that you may not know anything about.

Interviewer

And I think those soft skills that you're talking about being able to stand up and talk about a topic and or to move a room of people from one position to another. Right. That's a great presentation. That's a great Toastmasters outcome. Those are skills that aren't just great for an aspiring cybersecurity professional hacker, they're great for any type of career that you're going to be in. And I look at Resources like Duarte's resonate. It's a great book that shows you how to tell a story and to move from what is to what could be. And the jump between those two concepts is data, emotional hook, these kinds of things that our brains come on. And then you bring it back down like, what could be? And then you're like, but here's what is. And then you land at this idea of a new bliss. And you can see great speakers in all kinds of different contexts and industries able to do that. And sometimes I feel like we're a technical field full of technical facts, and we're going to give those facts to people. And if the receiver of said facts doesn't have the ability to translate them into their oh, no moment, they went, oh, I have no idea what that is.

Kyle Wilhoit

You lose impact.

Host/Producer

Yeah.

Interviewer

And then you're not effective as a security leader.

Kyle Wilhoit

Yep. Bingo.

Interviewer

I want to talk about you for a second.

Kyle Wilhoit

Okay.

Interviewer

How do you maintain your sense of curiosity, make time for experimentation in a high pressure role like you have here at unit 42?

Kyle Wilhoit

The first is that question that I said early on. What if? I literally ask myself that multiple times daily, still in my current role, and that was as a people leader, as a technical leader, as everything in between. As a researcher, I still ask that question. So the what if question applies across the board. And a perfect example is what if? As an example, what if I automate this task?

Host/Producer

Right.

Kyle Wilhoit

That right there can speak volumes in terms of being able to get time back. Which leads me to the next thing, which is schedule curiosity. I know that sounds weird, but schedule time for that what if question. Schedule time to hypothesize research and then execute on that research. I still do that. Even 15 years doing research, I still do that. Because at the end of the day, you have to be constrained in your time, and you have to understand that you only have a certain amount of time to do those things. So the what if question will ultimately, hopefully lead you to that capability of scheduling that curiosity. And then the final piece is embrace intellectual humility. This is something that I think a lot of folks in our industry are not great at doing in some cases, and embracing being when you don't know something, they'd readily admit that, say, I don't know, but I'm committed to finding out what that answer is, and I'll have an answer back to you within 24 hours. That says a lot about someone versus just making up an answer.

Interviewer

That is a shocking level of confidence when you run across somebody who can Admit I don't know, but I do know how to figure this out.

Kyle Wilhoit

Exactly. The smartest and most brilliant people I've ever worked with and met are the first ones to say they do not know. And that's an important thing that I constantly remember. Even today. I mean, I still have healthy imposter syndrome. Even today. I have imposter syndrome constantly. And I think it's because making sure you have a healthy dose of that intellectual humility to some degree in tech.

Interviewer

I think we all do. It's a necessary feeling because we're making up a lot of things and making new things all the time. There isn't a moment where you're going, well, I've mastered this skill. I'm, you know, everything that needs to be known about fill in the skill. I don't want to go and, you know, pick on weaving or being a blacksmith or whatever. I'm sure that there is innovation in those spaces.

Kyle Wilhoit

Yeah, of course.

Interviewer

But, like, there is a moment where you're going, yeah, we've never done this before. How do we do this? I've never seen that before. Neither is anyone else. What do we do? I'm curious how you encourage that same level of commitment to being creative and curious with your team.

Kyle Wilhoit

I mean, it comes down to literally scheduling that time, meaning scheduling research time. Put the time in your calendar block as research time and dedicate the time to that research, ensuring that there's a purpose for the research and there's a deliverable or outcome, ideally. Right. Meaning you're not just researching to research. You have an outcome or a purpose or a deliverable, ideally, at the end.

Interviewer

Are you familiar with the pickle jar story?

Kyle Wilhoit

No.

Interviewer

So this professor walks into class, and he has a big pickle jar, like the ones that we get at Costco or whatever, and he asks the class to tell him when the pickle jar is full, and he puts in a big chunk of stone, and then he puts in one more big rock, and it's up to the top. And the class is like, yeah, you're not gonna get any more big rocks in there. It's full. And he goes, well, hang on. And so then he gets out a handful of smaller rocks, and he starts to shove those in there, and they find little crevices, and they're like, okay, we kind of see where you're going here. He goes, is it full?

Host/Producer

Yeah.

Interviewer

And they're like, well, yeah, you can't fit any of these smaller medium rocks in. And then he gets out pebble, does the same thing Again. And he gets out sand, and they're finally like, okay, we get it, it's full.

Host/Producer

And he goes, hang on.

Interviewer

And he gets out a big pitcher of water, and he pours that in and it fills in every little bit of the pickle jar. And he goes, what would have happened if I would have started with small things like the water, the sand, the small pebbles, the medium rocks? Would I've ever been able to get the big rocks in? And.

Host/Producer

Of course not.

Interviewer

And he goes, start life with the big rocks. Because if you don't schedule those in as the things that you're gonna go for first, life has a way of filling in with a bunch of nonsense tasks. Little sand, little rocks. I love it.

Kyle Wilhoit

Yeah, I like it.

Interviewer

Cause you could look at your week, your month, year, whatever you're looking at as your time horizon and go, what's the thing I wanna accomplish? What's the most important thing? And then, as you put it, curiosity. Research with intent needs to be scheduled so that you don't look at your calendar and go, oh, I don't have.

Host/Producer

Any time this week.

Kyle Wilhoit

Exactly.

Interviewer

Because too many of those weeks stack up.

Kyle Wilhoit

Exactly.

Interviewer

And then you've done nothing.

Kyle Wilhoit

Dingo.

Host/Producer

Looking ahead, what kind of hacker culture.

Interviewer

Do you want to see in the next? Call it five or ten years?

Kyle Wilhoit

Oh, okay. Well, I would say I would like to see a culture that is overwhelmingly perceived as a force for good and innovation, basically linking creative problem solving and the advancement of secure technology all combined into that term. I would love to see the negative connotation attached with the term to be separated off and kind of originated back to its original term is what I'd really like to see. Do I see that happening? I don't think so, but we'll have to see.

Host/Producer

Well, look, a boy can dream.

Kyle Wilhoit

That's true.

Interviewer

What's one step that our listeners, every one of us, could take to start to move towards that idealized future culture that we should have do what I.

Kyle Wilhoit

Do, correct family and friends. So when they say, hey, have you heard about that new hacker that's doing X, Y and Z, or using those types of terms, I correct them and have them try to use correct terminology. My friends and family are tired of hearing that.

Interviewer

But, well, I believe that it is possible. Kyle, you've had a career that bridges research, mentorship, teaching, and public speaking. What values have stayed constant for you throughout it all? And which ones are you still evolving?

Kyle Wilhoit

So, relentless curiosity. You've heard me mention curiosity a lot throughout our conversation. And having that relentless curiosity is huge. I think having unyielding integrity also with the research that you produce, because the data will speak for itself, it's accurate or not. So having integrity with the research you're conducting, with the data that what you're doing behind the scenes, et cetera, is extremely important. Knowledge is a shared resource. And what I mean is I fundamentally believe that knowledge gains value when it's shared. And in this case, hoarding information for personal advantage is a dead end. I see that. And that's something that I try to kind of continually think through and kind of make sure that I'm cognizant of some of the things that are still evolving. That's a difficult question, and it's something that requires me to kind of think a little bit about, you know, myself. But what I would say is the first thing that I struggled with was patients with problems migrating to patients with people. So, meaning I had all the patients in the world for problems that existed in data, problems that existed in the technical realm. But whenever I became a people leader, I was not attuned to understanding the patience with the people aspects. So that was something that was constantly evolving, constantly shifting, and something that I had to acutely be aware of to some degree, I think. Also, I used to always focus on technical purity versus pragmatic impact. So, meaning, do you. What is the technical purist route is one way, or you can go option B, get there faster. It's not going to be pure. Maybe might have some inefficiencies or maybe some things that might not be perfect, but it still gets the job done. So that's something that I'm still evolving and kind of shifting my mindset from being a technical purist in the purest sense of the word, and I think also migrating from a right to speak to a responsibility to listen also. So, meaning you have a responsibility to listen, not necessarily to speak in all settings. Right. So knowing when to speak, how to speak, et cetera, is something else that I'm constantly aware of and is constantly evolving to some degree. So I don't know if that answered your question, though.

Interviewer

It does. And I'm right there with you, brother.

David Moulton

Kyle.

Interviewer

Where can listeners reach out to you or find some of your writing?

Kyle Wilhoit

Yeah, so I'm pretty active on LinkedIn and then also pretty active on the Unit 42 blog as well. So I'm blogging there pretty routinely and updating my LinkedIn pretty continually with everything from new job postings all the way down to research that the teams are conducting.

Interviewer

So, yeah, I'll go ahead and make sure that those are in our show notes. Kyle, thank you for coming in.

Kyle Wilhoit

Yeah, thank you.

Interviewer

And during the hot seat, while we get to know Kyle Wilhoyt a little bit better, this has been an absolute pleasure of a conversation.

Kyle Wilhoit

Likewise. Thanks, David. Really good time.

David Moulton

That's it for today. If you like what you heard, please subscribe wherever you listen and leave us a review on Apple Podcast or Spotify. Your reviews and feedback really do help us understand what you want to hear about. If you want to contact me directly about the show, email me at threatfactor palo alto networks.com I want to thank our executive producer, Michael Heller, our content and production teams, which include Kenny Miller, Joe Benecork and Virginia Tran. Original music and mix by Elliot Peltzman. We'll be back next week. Until then, stay secure, stay vigilant. Goodbye for.

Kyle Wilhoit

Sa. Sam.