Join David Moulton, Senior Director of Thought Leadership for Unit 42, as he sits down with Kyle Wilhoit, Technical Director of Threat Research at Unit 42, for an intimate conversation about the evolution of hacker culture and cybersecurity. This conversation explores how AI and automation are lowering barriers for attackers, the professionalization of cybersecurity, and what's been lost and gained in the industry's maturation. Kyle offers practical advice for newcomers who don't fit the traditional mold, emphasizing the importance of curiosity, soft skills, and intellectual humility.
From picking up 2600:
- The Hacker Quarterly magazines at Barnes & Noble and building beige boxes to leading threat research at Palo Alto Networks, Kyle shares his personal journey into the security community.
- This conversation explores how AI and automation are lowering barriers for attackers, the professionalization of cybersecurity, and what's been lost and gained in the industry's maturation.
- Kyle offers practical advice for newcomers who don't fit the traditional mold, emphasizing the importance of curiosity, soft skills, and intellectual humility.
Kyle Wilhoit is a seasoned cybersecurity researcher, with more than 15 years of experience studying cybercrime and nation-state threats. He's a frequent speaker at global conferences like Black Hat, FIRST, and SecTor, and has authored two industry-respected books:
- Hacking Exposed Industrial Control Systems and Operationalizing Threat Intelligence.
- As a long-standing member of the Black Hat US Review Board and an adjunct instructor, Kyle is deeply involved in shaping both cutting-edge research and the next generation of cybersecurity professionals.
Connect with Kyle on LinkedIn Previous appearances on Threat Vector:
- Inside DeepSeek’s Security Flaws (Mar 31, 2025)
- War Room Best Practices (Nov 07, 2024)
- Cybersecurity in the AI Era: Insights from Unit 42's Kyle Wilhoit, Director of Threat Research (Jan 11, 2024)
Learn more about Unit 42's threat research at https://unit42.paloaltonetworks.com/.
Related episodes:
For more conversations about AI's impact on cybersecurity, career development in security, and insights from Unit 42 researchers, explore past episodes at https://www.paloaltonetworks.com/podcasts/threat-vector.
Protect yourself from the evolving threat landscape – more episodes of Threat Vector are a click away
Full Transcript
David Moulton: Welcome to "Threat Vector," the Palo Alto Network's podcast where we discuss pressing cybersecurity threats and resilience and uncover insights in to the latest industry trends. I'm your host David Moulton, senior director of thought leadership for Unit 42.
Kyle Wilhoit: Curious. Constantly curious. That's -- that is -- that is to me what is the foundation of a quote unquote "hacker," whatever you want to call it. That can be an attacker or a hacker, but at the end of the day they're going to be curious to some degree. Right? And I think being endlessly curious is something that can only benefit you. Within constraints, but being curious.
David Moulton: Today's episode is a little different. Instead of diving straight in to the latest threat intelligence or attack techniques we're pulling back the curtain to get to know the person behind the research. I'm speaking with Kyle Wilhoit, director of threat research here at Unit 42. And this is his story. Kyle's journey from a curious kid picking up hacker magazines at Barnes and Noble to leading some of the world's most sophisticated threat research is one that reflects the evolution of our entire industry. He's been a Black Hat board review member for over seven years, mentors the next generation of cybersecurity professionals, and has that rare combination of technical depth and genuine curiosity that makes him so effective at what he does. Today we're going to talk about Kyle's personal path in to cybersecurity, how hacker culture has evolved, and what it really takes to stay curious and innovative in a field that never stops changing. Kyle, when we last spoke on "Threat Vector" you gave us a grounded no fud, in case you don't know what that means, fear, uncertainty, and doubt, view of how AI is and isn't transforming the threat landscape. Was back on episode 13. Today's topic is a little bit more personal. Let's rewind. Do you remember the first time you felt like you belonged in the hacker community or the security community? And take me back and tell me what you remember about that moment.
Kyle Wilhoit: Yeah. There's actually two. There's a personal one and a professional one. The personal side is actually back in the day, and I'm aging myself here, but there's an old magazine called "2600" which I used to pick up at Barnes and Noble at the time up in Saint Louis Missouri. I had to travel with my parents to go pick it up every month. And the first time that I felt like that was reading that and actually getting the plans for something called a beige box and creating a beige box by walking to my local Radio Shack and building it myself in my own house and testing it etcetera. So that's kind of from a personal perspective. And at that time I think I was probably 14 at that age. So from a professional perspective I would say it was honestly the first time I came out to Black Hat and Defcon professionally. Brand new security engineer working for, you know, a couple different companies, and I finally got out to the point where they were going to invest in money to send me to Black Hat and Defcon. And, you know, Black Hat was interesting obviously. The first time you're exposed to it it's pretty -- it's pretty impressive and pretty kind of overwhelming to a degree. And Defcon was even more -- even more that way. So, you know, those were kind of the two real big kind of pioneering moments that I can remember back professionally and personally on when I kind of felt like, you know, I belonged to the quote unquote "culture," whatever you want to call it.
David Moulton: Yeah. That's cool. You know when you were talking about going to Barnes and Noble to pick up the magazine to learn about a thing, going to -- going to Radio Shack and getting parts, man, that takes me back. I used to love to go to Barnes and Noble, smell the print, look at magazines that I couldn't afford to buy. You know, try to figure out what in the design and computer magazines were going to be the one that I would part with my cash and you know that part of our world has changed a little bit. I don't know what today's aspiring -- and I'm going to say hacker and I mean that in the good sense of the word. You know, how they get in to it. Maybe it's reddit. Maybe there's different communities that they're in. I don't think there's like a Barnes and Noble shelf full of the most cutting edge articles to go read, but who knows? I haven't actually looked. Maybe [inaudible 00:04:53]. Well, speaking of hacker maybe we should define that word up front. To you, what does hacker culture mean? And how has that evolved over the years?
Kyle Wilhoit: Yeah. That's a really good question. One that, you know, I haven't really ever been asked, to be honest. And one that I haven't reflected on personally probably in -- for as long as I've been in the industry. But I'd say that it's evolved over the years. Right? So early on meaning like whenever I first started to get in to quote unquote "hacking," and I mean hardware hacking from my perspective, that's how I entered kind of going in to this video game cracking back in the day, and from my perspective the kind of core tenants of a hacker back in that time was freely available information traded or otherwise meaning depending upon the level of information you might trade for that or you might just freely get that. Hands on imperative meaning the ability to actually go out and write scripts, write code, execute code, you know perform actual, you know, quote unquote "hacks" for lack of a better term even though that's a really bad term to use for that. I think there was also generally speaking, and I think a lot of folks that are of that age group, you know, from that kind of community, there was also a mistrust of authority generally speaking. Right? I mean you could see that threat at defcon constantly to spot the fed back in the day. All the different contests that were run that way. And then also from kind of a component perspective like judging on skill meaning you would judge other hackers based on their skill, and by their skill alone meaning didn't matter who they were, where they came from, etcetera. All you cared about was what they were capable of doing with a computer or by bending technology and kind of stressing what was possible with technology. That's evolved though. And from my perspective that's evolved in to where modern times where hacker culture is kind of, you know, deeply intertwined with mainstream tech industry to some degree. And heck I saw this just walking to this hotel to do this interview meaning I have the same t-shirts with hacker written on the front of that. And is that a positive or negative? Right? Because in some communities it could be considered a negative. You could be talking about a true black hat hacker. In some communities the tech industry adopts that as a hacker mentality, something -- someone that stresses those boundaries, someone who pushes those boundaries. So from my perspective I wish it was as easy as saying, "Hey, hacker means X, Y, and Z." But realistically it's a modern multifaceted phenomenon with a lot of baggage tied to that term frankly. You know, there's -- and that's kind of the way that I view it collectively kind of over the years that it shifted and modified and kind of, you know, it's just changed to some degree.
David Moulton: Yeah. Language sometimes does that. It depends on when it was said, what the context, who was saying it. And I've run in to a lot of folks in the industry who considered themselves hackers, badge of honor, and are furious when people use that as a way of describing an attacker, somebody who just set out to do something malicious or harmful. And I've figured out over the years that I've been part of this industry, part of this community, to start using attacker and hacker. And I think of a hacker as somebody who's able to get technology to do things that it wasn't intended to do.
Kyle Wilhoit: Exactly.
David Moulton: And that's interesting. That's fun. You're setting out to just push those boundaries. And sometimes you run in to something where you're like "Oh. I wasn't supposed to have access to this." Or, "I can't believe this allowed me to do something." And, you know, then it's that question of like what do you do with that new information, that new capability. And if you're, you know, on the good guy side, if you will, you start to report that as a vulnerability or weakness or something that was unexpected. And obviously if you're malicious you exploit it. Right? And I think that that's where the language struggles to say like how do you take the same exact behaviors and the intent in the mind of the person doing it then defines whether it's a good or a bad thing.
Kyle Wilhoit: Yeah.
David Moulton: I'm curious if there is a moment or a person that helps shape your views on what a hacker is or should be.
Kyle Wilhoit: Yeah. Both personally and professionally yeah. Personally my brother. He is -- he is an engineering mindsetted individual that literally wants to understand how everything works. And that literally means taking things apart. I can remember as a child seeing him take things apart trying to understand how they function. And that rubbed off on me over the years to then make me endlessly curious on how things function. And I think that that's fundamental to the quote unquote "hacker" mindset. Right? Someone that's endlessly curious. And I think that that ties in to why my brother impacted me from that way. From a professional perspective there's a few folks. Martin Roesler and Ben April from Trend Micro, those are two of my leaders back at Trend Micro and they really kind of taught me to constantly ask what if meaning what if I can do this, what if we go out and approach this problem? What if meaning almost daydreaming research in a way. And it was really really good to work alongside both of those individuals in terms of, you know, kind of teaching and thinking through that mindset. Both really skilled in that area. So I'd say personally and professionally that's kind of, you know, some of the more impactful folks that really impacted me from that mindset specifically.
David Moulton: I really love that what if phrase because that puts you in to a both an imaginative and then a future state where you're going like "Oh. Well, what if that was true? What if I could do that?" And sometimes the thing that is blocking you from making the leap on an innovation is just your own mind saying, "That's not possible."
Kyle Wilhoit: Exactly.
David Moulton: But if you flip it around and you go "What if?" And then it unlocks these possibilities.
Kyle Wilhoit: Exactly. And that's -- Ben and Martin really kind of didn't train us. They led us to that. Right? In a way, meaning hey think of a hypothesis and execute on that. See if it comes to fruition. If not, if the data proves that your hypothesis is wrong, it's still the conclusion at the end of the day and that's still data and it's still a story to tell. Right? So at the end of the day yeah they kind of helped shape my mindset in that. So.
David Moulton: Kyle, I won't admit my age and/or out yours here, but I think we came from a similar time frame. We both went to Radio Shack.
Kyle Wilhoit: That's fair.
David Moulton: We both went to Barnes and Noble.
Kyle Wilhoit: I'm losing my hair. That's fair.
David Moulton: But I think there was a moment where education said failure's not an option. You've got to always succeed. And sometimes asking a dangerous question like what if might lead you to a hypothesis of things you couldn't do. So you didn't want to be a person who did a thing that didn't work. And yet I think that there's a moment where you reframe what you just talked about. Yeah. You have a hypothesis. You run it down. It doesn't work. You still learn something.
Kyle Wilhoit: Absolutely.
David Moulton: That's key. All right. Well, we'll jump back in a little bit. This is a fascinating piece of the conversation. I want to go back to our last conversation. We talked about AI and how it's changing attacker tactics. And this time I want to ask you, how has the rise of new tech, AI, automation, changed hacker identity and culture?
Kyle Wilhoit: I think the number one factor or the number one thing that I see is lower barrier to entry for these types of criminals and these types of nation state adversaries. What I mean is automation, generative AI, whatever you want to call it, is facilitating and fueling cyber crime at a rate that we haven't seen as well as fueling nation state espionage at a rate we haven't seen in the past. I think that that type of technology is only going to continue to increase speed in which these attackers are coming to scale and how fast they're coming to, you know, go out and actually perform initial attacks, etcetera. So I think that that's the number one thing that we're seeing is just a lower barrier to entry. I think the other thing is outside of having that lower barrier to entry for these attackers I think also what we're starting to see is the evolution of attackers starting to use things like LLMs and generative AI to do more advanced techniques. I mean, heck, we just saw a blog recently written that a Russian state sponsored group is actually using an LLM, Gemini if I'm not mistaken, to go out and actually assist it in writing actual malware that functions. So what that really leads to is again that lower barrier to entry. Attackers are able to use and manipulate LLMs, jailbreak them in some capacity, manipulate the guardrails, whatever that is, and ultimately get the LLM to do things that it wants or that the attacker wants rather. I think those are the kind of two big shifts that I'm seeing.
David Moulton: You've seen the industry shift from hobbyist forums to billion dollar enterprises. What do you think has been lost in the professionalization of cybersecurity?
Kyle Wilhoit: It's funny you ask this because I can actually kind of think of myself to some degree. Right? Because I was kind of a quote unquote "hacker" in the old school sense of the word and then migrated over in to the corporate world. So I kind of can look at this from my own perspective. And I think one of those areas is the loss of just open and free information sharing. Right? I think that's one of the reasons that I pursued intelligence because a lot of intelligence work is ultimately sharing information. And I truly believe that I think the power, you know, of threat intelligence is sharing. But I think that the concepts and, you know, kind of migrating more to, you know, that professionalization of cybersecurity I think that that's directly related to, you know, some of the decline of open information sharing. I think also the focus for many in the cybersecurity industry has shifted from inherent curiosity, what it used to be back, you know, early on, to marketable skills. And I'm not saying that's wrong. And I'm not saying that's right. I think that's just part of what we're starting to see kind of change in the industry. Right? I think there are some benefits though. Right? With every downside there is a benefit meaning, you know, with that professionalization you also see innovation and development that you likely wouldn't have seen in the past meaning we're seeing rapid growth in innovation across all industries. I think also professionalization and quality control on software and hardware that's being produced is also something that's directly, you know, a benefit of that professionalization. So I don't want to make it sound like it's all doom and gloom because it's not. It's just the maturation of the field and the professionalization of that field. And there's goods and bads with everything. Right? And that's the way I view it. That's just a couple positives, couple negatives, I guess.
David Moulton: Yeah. I think that that maturation has been required because of the landscape, because of the changes and the opportunity for profit or espionage. And the hobbyist can't keep up with that. That's --
Kyle Wilhoit: That's hard for me to keep up with and I'm a professional.
David Moulton: Right. But I think that there is a sense of like maybe looking back at a simpler time and maybe longing for it.
Kyle Wilhoit: Yeah.
David Moulton: You know, some of the pieces of it were there, but you know you can't unring the bell. That's where we're -- that's where we're going.
Kyle Wilhoit: That's true.
David Moulton: I want you to talk a little bit more about some of the benefits that you don't think get enough credit.
Kyle Wilhoit: You mean with the professionalization of cybersecurity?
David Moulton: That's right.
Kyle Wilhoit: I think innovation is probably one of the largest benefits. I don't think that the same amount of R and D dollars would be spent in innovative categories and innovation in general without that professionalization frankly. So I think that that's one of the direct benefits. One of the direct impactors in a positive way is that innovation. You know, we can talk and continue to go on about, you know, the professionalization and quality control of the software and hardware that's created as well, but I think that, you know, all of that stuff is just net benefits.
David Moulton: You've been on the Black Hat U.S review board for over seven years.
Kyle Wilhoit: Yeah. A long time.
David Moulton: What do you think Black Hat and conferences like it should really be doing to foster mentorship and curiosity?
Kyle Wilhoit: Yeah. So, you know, we've seen a lot of this just, you know -- I don't want to speak for Black Hat specifically, but in this case some of the events that I'm involved in, you know, the past few years have really been impactful in this area. We offer several opportunities to just do meet and greets with board members as an example where we just set up a table. We put our names on little placards and we stand there and we talk and just kind of just use it as a networking opportunity for anybody that comes in to talk. That's the kind of thing that I think really makes an impact because it allows you to get one on one with individuals. I'm also a college instructor as well and having that one to one time to be able to provide that mentorship I think is something that's really key, especially now in today's kind of cybersecurity industry. I think it's imperative to be able to try to find somebody that can kind of help mentor you and because there's so many different avenues to take in the industry now. It's not as simple as it used to be back whenever I got in to the industry. It was much more linear back then. So, you know, setting up those opportunities to be able to mentor and have those one on one connections is something that I continue to see Black Hat doing, and stepping up in to. And that's an area that I continue to volunteer for on the board because again I think that that's really where -- where you see a good benefit is that one on one connection.
David Moulton: So let's talk about that next generation. You mentioned a minute ago that you're an instructor. I'm wondering what advice you'd give to students or new professionals that are quote unquote "trying to break in to security." Especially those that don't feel that they fit the mold.
Kyle Wilhoit: Okay. I like it. I'd say there's three things that I constantly give in terms of recommendations for my students. The first is master the fundamentals. And by the fundamentals I'm referring to, you know, networking. Networking topology. Understand how RFC 1918 space works. Understand how to configure network devices, etcetera. Do the same from a coding perspective if possible. Right? So master fundamentals that you can apply directly to your role because at the end of the day that's going to be, you know, what is -- what you can do technically is going to be the foundation of what you can go from. I would say also get your hands dirty as much as possible. Create your own lab. Back whenever I was first getting started I created my own lab in my basement and literally bought parts off Ebay, racked and stacked stuff, configured it, learned how, and that's where I practically learned how to network devices together and have them communicate, all that stuff. And then the final piece is what I would consider kind of a bit different and that's embracing soft skills. Something that is oftentimes lost in our industry is the ability to effectively and concisely communicate. Like being able to break down complex topics down to simple bite sized formats that people can understand. And individuals can really succeed in this field that have that capability to communicate in that way. And that's something that I really try to stress to my students is you can be as tech -- you can be the most technical individual in the world and that's amazing, but can you communicate what you know effectively? And if that answer is no then obviously there's some places that you can work on for a soft skills perspective. So that's kind of one of those areas that I really try to stress on students. Don't just take technical proficiency as the end all be all because soft skills really round out, you know, that skill set as an individual in this industry.
David Moulton: I think that facts don't change people's minds. Stories do. And what I'm hearing is if you're able to concisely and effectively communicate people will understand the risk. They'll understand that there's a problem worth solving. If you just tell them the facts they don't have the context. So have you run across any effective ways of training on the soft skills whether they're storytelling or something else?
Kyle Wilhoit: Yeah. That's a really good question. And something that hits close to home because in intelligence work with threat intelligence and threat research if you can't communicate what you're finding you cannot communicate the risk that you're identifying. So from my perspective there's two things that I try to recommend. First is public speaking, and I make all of my students, and they can all attest to this I'm sure. Some of them that are listening are probably shouting at this very moment about me requiring them to do concise public speaking. So that's the first piece. Get used to and comfortable in a setting speaking where you are unidirectionally speaking, where it's not -- you know, you are speaking to an audience. It's a different format than if you're an instructor and it's, you know, bidirectional where you're receiving input and giving back. The second piece is Toastmasters. In fact here at Unit 42 we have a Toastmasters club also and it works out really good to cut your teeth with how to effectively communicate because they'll have you communicating about topics that you may not be familiar with which is always a fun kind of exercise, you know, to kind of come off as an expert on a topic that you may not know anything about. You know.
David Moulton: And I think those soft skills that you're talking about, being able to stand up and talk about a topic and/or to move a room of people from one position to another, right, that's a great presentation. That's a great Toastmasters outcome. Those are skills that aren't just great for an aspiring cybersecurity professional hacker. They're great for any type of career that you're going to be in. And I look at resources like Duarte's resume. It's a great book that shows you how to tell a story and to move from what is to what could be, and the jump between those two concepts is data, emotional hook, these kinds of things that our brains come on. And then you bring it back down. Like what could be and then you're like "But here's what is." And then you land at this idea of a new bliss, and you can see great speakers in all kinds of different contexts and industries able to do that. And sometimes I feel like we're a technical field full of technical facts and we're going to give those facts to people and if the receiver of said facts doesn't have the ability to translate them in to their oh no moment they went "Oh. I have no idea what I just said."
Kyle Wilhoit: You lose impact.
David Moulton: Yeah. And then you're not effective as a security leader.
Kyle Wilhoit: Yep. Bingo.
David Moulton: I want to talk about you for a second. Okay? How do you maintain your sense of curiosity, make time for experimentation, in a high pressure role like you have here at Unit 42?
Kyle Wilhoit: The first is that question that I said early on. What if? I literally ask myself that multiple times daily still in my current role, and that was as a people leader, as a technical leader, as everything in between. As a researcher I still ask that question. So the what if question applies across the board. And a perfect example is what if as an example what if I automate this task? Right? That right there can speak volumes in terms of being able to get time back which leads me to the next thing which is schedule curiosity. I know that sounds weird, but schedule time for that what if question. Schedule time to hypothesize research and then execute on that research. I still do that. Even 15 years doing research I still do that because at the end of the day you have to be constrained in your time and you have to understand that you only have a certain amount of time to do those things. So the what if question will ultimately hopefully lead you to that capability of scheduling that curiosity. And then the final piece is embrace intellectual humility. This is something that I think a lot of folks in our industry are not great at doing in some cases. And embracing being -- when you don't know something. Readily admit that. Say, "I don't know, but I'm committed to finding out what that answer is and I'll have an answer back to you within 24 hours." That says a lot about someone versus just making up an answer.
David Moulton: That is a shocking level of confidence when you run across somebody who can admit "I don't know, but I do know how to figure this out."
Kyle Wilhoit: Exactly. The smartest and most brilliant people I've ever worked with and met are the first ones to say they do not know. And that's an important thing that I constantly remember. Even today. I mean I still have healthy imposter syndrome even today. Like I have imposter syndrome constantly. And I think it's because making sure you have a healthy dose of that intellectual humility to some degree.
David Moulton: In tech I think we all do. It's a necessary feeling because we're making up a lot of things and making new things all the time. There isn't a moment where you're going, "Well, I've mastered this skill. I'm a -- " You know, everything that needs to be known about filling the skill I don't want to go and, you know, pick on weaving or being a blacksmith or whatever. I'm sure that there's innovation in those spaces.
Kyle Wilhoit: Of course. But like --
David Moulton: There is a moment where you're going, you know, "We've never done this before. How do we do this? I've never seen that before."
Kyle Wilhoit: Neither has anyone else.
David Moulton: Yeah. What do we do?
Kyle Wilhoit: Yeah.
David Moulton: So I'm curious how you encourage that same level of commitment to being creative and curious with your team.
Kyle Wilhoit: I mean it comes down to literally scheduling that time meaning scheduling research time. Put the time in your calendar block as research time and dedicate the time to that research ensuring that there's, you know, a purpose for the research and there's a deliverable outcome ideally. Right? Meaning you're not just researching to research. You have an outcome or a purpose or a deliverable ideally at the end.
David Moulton: Are you familiar with the pickle jar story?
Kyle Wilhoit: No.
David Moulton: So this professor walks in to class and he has a big pickle jar. Like the ones that you know you get at Costco or whatever. And he asks the class to tell him when the pickle jar is full. And he puts in like a big chunk of stone and then he puts in one more big rock and on. It's up to the top and, you know, the class is like, "Yeah. That -- you're not going to get any more big rocks in there. It's full." And he goes, "Well, hang on." And so then he gets out a handful of smaller rocks and he starts to shove those in there and they like find little crevices and, you know, they're like, "Okay. We kind of see where you're going here." He goes, "Is it full?" You know, and they're like well yeah. He can't fit any of these like smaller medium rocks in. And then he gets out pebbles, does the same thing again, and he gets out sand and they're finally like, "Okay. We get it. It's full." And he goes, "Hang on." And he gets out a big pitcher of water and he pours that in and it fills in every little bit of the pickle jar. And he goes, "What would have happened if I would have started with small things like the water, sand, the small pebbles, the medium rocks? Would I ever have been able to get the big rocks in?" And of course no. And he goes, "Start life with the big rocks because if you don't schedule those in as the things that you're going to go for first life has a way of filling in with a bunch of nonsense tasks, little sand, little rocks." I love it.
Kyle Wilhoit: Yeah. I like it.
David Moulton: Because you could look at your week, your month, your year, whatever you're looking at as your time horizon, and go, "What's the thing I want to accomplish? What's the most important thing?" And then, as you put it, curiosity. Research with intent needs to be scheduled so that you don't look at your calendar and go, "Oh, I don't have any time this week."
Kyle Wilhoit: Exactly.
David Moulton: Because too many of those weeks stack up.
Kyle Wilhoit: Exactly.
David Moulton: And then you've done nothing.
Kyle Wilhoit: Bingo.
David Moulton: Looking ahead, what kind of hacker culture do you want to see in the next call it 5 or 10 years?
Kyle Wilhoit: Okay. Well, I would say I would like to see a culture that is overwhelmingly perceived as a force for good in innovation basically linking creative problem solving and the advancement of secure technology all combined in to that term. I would love to see the negative connotation attached with the term to be separated off and kind of originate it back to its original term is what I'd really like to see. Do I see that happening? I don't think so. But we'll have to see.
David Moulton: Oh look. A boy can dream.
Kyle Wilhoit: That's true.
David Moulton: What's one step that our listeners, every one of us, could take to start to move towards that idealized future culture that we should have?
Kyle Wilhoit: Do what I do. Correct family and friends. So when they say, "Hey, have you heard about that new hacker that's doing X, Y, and Z?" Or using, you know, those types of terms, like I correct them and have them try to use correct terminology. So I -- my friends and family are tired of hearing that, but --
David Moulton: Well, I believe that it is possible. Kyle, you've had a career that bridges research, mentorship, teaching, and public speaking. What values have stayed constant for you throughout it all? And which ones are you still evolving?
Kyle Wilhoit: So relentless curiosity. You've heard me mention curiosity a lot throughout our conversation and having that relentless curiosity is huge. I think having unyielding integrity also with the research that you produce because the data, you know, will speak for itself if it's accurate or not. So having integrity with the research you're conducting, with the data that -- what you're doing behind the scenes, etcetera, is extremely important. Knowledge and knowledge as a shared resource. And what I mean is, you know, I fundamentally believe that knowledge gains its -- gains value when it's shared. And in this case hoarding information for personal advantage is a dead end. I see that. And that's something that I try to kind of continually, you know, think through and kind of, you know, make sure that I'm cognizant of. Some of the things that are still evolving, that's a difficult question and it's something that requires me to kind of think a little bit about, you know, myself, but what I would say is the first thing that I struggled with was patience with problems migrating to patience with people. So meaning I had all the patience in the world for problems that existed in data, problems that existed in the technical realm, but whenever I became a people leader I was not attuned to understanding the patience with the people aspect. So that was something that was constantly evolving, constantly shifting, and something that I had to acutely be aware of to some degree. I think also I used to always focus on technical purity versus pragmatic impact. So meaning, you know, do you -- what is -- the technical purist route is one way or you can go option B, get there faster. It's not going to be pure maybe. It might have some inefficiencies or maybe some things that might not be, you know, perfect, but it still gets the job done. So that's something that I'm still evolving and kind of shifting my mindset from being a technical purist in the purest sense of the word. And I think also migrating from a right to speak to a responsibility to listen also. So meaning, you know, you have a responsibility to listen, not necessarily to speak at all in all sort of things. Right? So knowing when to speak, how to speak, etcetera is something else that I'm constantly aware of and is constantly evolving to some degree. So I don't know if that answered your question though.
David Moulton: It does. And I'm right there with you, brother. Kyle, where can listeners reach out to you or find some of your writing?
Kyle Wilhoit: Yeah. So I'm pretty active on Linked In and then also pretty active on the Unit 42 blog as well. So I'm -- I'm blogging there pretty routinely and updating my Linked In pretty continually with everything from new job postings all the way down to research that the teams are conducting. So yeah.
David Moulton: I'll go ahead and make sure that those are in our show notes. Kyle, thank you for coming in.
Kyle Wilhoit: Yeah. Thank you.
David Moulton: And during the hot seat while we get to know Kyle Wilhoit a little bit better this has been an absolute pleasure of a conversation.
Kyle Wilhoit: Likewise. Thanks, David. Really good time.
David Moulton: That's it for today. If you like what you heard please subscribe wherever you listen and leave us a review on Apple podcasts or Spotify. Your reviews and feedback really do help us understand what you want to hear about. If you want to contact me directly about the show email me at threatvector@ paloaltonetworks.com. I want to thank our executive producer Michael Heller, our content and production teams which include Kenne Miller, Joe Bettencourt, and Virginia Tran. Original music and mix by Elliott Peltzman. We'll be back next week. Until then, stay secure, stay vigilant. Goodbye for now.
