These are like SAPs that like thirty people in the entire world are revoluntary all.
Special acts, you know, all the work that we did. We're special access programs. So not just only you're in a skiff, not just your top secret. But they are so limited. I mean we sometimes like if anybody's done the research on what an ODA is or an a team in the special forces world, you're talking twelve sometimes you know, twelve person teams that subdivide into six person teams. I was on programs where sometimes it was six people.
Mm hmm.
If you sleepot at night, you know just how disruptive it can be, whether you're having trouble falling asleep, you're waking up sweating in the middle of the night, or all the above. That's where ghost Sped could help. As the makers are the coolest beds in the world. Ghostbed is your go to for cooling mattresses, cooling pillows, and even cooling betting. From their sendatuor ghost Ice fabric to patent technology that adjusts with your body temperature, Every ghost
Sped mattress is designed with cooling in mind. So whether you want a plush your mattress that cushions your shoulders and hips, or a firmer option with except support. Your ghostbed will keep you cool and comfortable all night long. When you purchase a ghost Bed mattress, your comfort is guaranteed. You can try out your mattress for a one hundred and one night's risk free and make sure it's the right fit for you. Plus, they offer free shipping and
most items ship within twenty four hours. If you're not sure which ghost Bed is for you, check out their mattress quiz. You'll answer a few questions and get your personalized recommendation, or reach out to their friendly team of sleep experts for all the help you need. Even better, Teamhouse listeners can get fifty percent off site wide for a limited time. Just visit ghostbed dot com slash house
and use code house at checkout. Again, that's ghostbed dot com slash house with code House at checkout to say a whopping fifty percent off site wide. And if you're not in the market for a mattress, check out their pillows. They're betting they have all kinds of great stuff there. So thanks to ghost Bed and check them out.
Special Operation Cobert Asdi and.
The Team House with your hopes Jack Murphy and David Park.
Hi everyone, Welcome to episode three and twenty nine of The Team House. I'm Jack Murphy here with David Park and our guest on tonight's show is Kyle Hanslovan. Kyle served in the military with the National Security Agency and now he works in the cybersecurity realm with Huntress. We're really excited to have him on the show. As I was telling him beforehand, You're somebody who's been on our list for like four or five years, so we're really happy to finally have you here.
Absolutely stoked to be here.
It's one of those funny things, right of how long sometimes it just takes for good things to go down.
It's totally my fault, you know, just sitting on it not not doing anything about it.
But so, Kyle, let's start off at the beginning.
I think tell us a little bit about how you grew up and what took you towards military service initially.
Got you well, I'll try not to like cut onions or anything, but definitely grew up on the poor side of life, right, so think of like single mom. I never hungry, poor, but like we always lived with whoever mom was dating at the moment, you know, that type of situation, and you know, so I got to go bounce between Oregon, which was kind of great for outdoors life, and I eventually moved to Florida, so.
It was good.
But come seventeen, it was enlistment time. I kind of skipped college. I did really well in high school, but it was a little bit of like a you know, computer thug, I guess at that time, and it was one of those things that never had a brush in with the law, but it was pretty clear that if I stayed at.
Home, I was probably going to get in trouble.
So yeah, joined up because you had an early interest in computers from the get go, and we're doing some things that were a little shady.
I was a super nerd, right, So it wasn't cool back then like now, like my kid's kind of like Marvel, Like my dad's a hacker.
That was not cool in the late nineties.
But yeah, a lot of aol, a lot of I mean when you're poor, like I hacked myself to free internet probably most of my childhood, all the way through probably like the very early two thousands. So yeah, a lot of unscru unscrupulous, but maybe not quite you know, jail time worthy offenses.
Yeah, so late you said late nineties or late nineties is around that time, like what was.
Your probably ninety seven all the way to probably two thousand and three.
What was your first computer or what was the first computer you had access to, whether it was a public computer or whatever.
Yeah, a lot of public computer. I remember I built like a broke down commodore once. That kind of got me in, taught me a lot of the basics. So I'm in this like weird generation for the geeks out there from like I can go as old school as like seventies style tech, very analog, all that old school programming, yeah, all the way to the most modern like technical stuff. So I'm kind of like this tweener, right, late millennial aged kind of just like this.
Bourbon right yeah, like and bourbon.
Yeah, yeah that is you know that is.
Because it's it's it's post like common R sixty four BB the bbs right all the like that.
It's yeah.
Yeah, I had probably the bulletin board days, but immediately went to I R C and then it became AOL and a lot of those like it's just really lucky, you know, it's because I was so poor.
I got to do the old stuff because that's all I could afford.
Yeah, and then.
Obviously the world kind of changed when like dial up, cable modems and then everything became available.
So yeah, it was a good time.
And was there like there was an online community.
I'm sure that.
Did you know other people in person that were like you?
Not so much in person, right, everybody like back in those days, I r C kind is like a modern day chat group, right, a slack a discord server. Yeah, and so I spent most of my time back there like reverse engineering software, you know, getting around like the activation codes, getting around, you know, kind of piracy type things.
Yeah.
Also allegen.
I mean, I think what's nice is when I joined the military the polygraph, they said you got to answer all the questions, but only go to your eighteenth birthday. And I was seventeen, So it made the polygraph really easy.
That's funny.
SOH time to enlist before he get into too much trouble.
What branch did you join? MS?
Where did you go?
Yeah? So even though I was Navy junior ROTC and I had a ride to Annapolis, there was no way I was going to make it like I graduated really early out of high school and you had to be you roughly, you know, seventeen and a half or so by the time my birthday fell for me to be able to start the year.
And so I changed and I went.
I got an uncle that was in the Marines, and he said, look, Kyle, you're too damn soft for any other service.
You need to go there.
And I did.
I scored good on the ASBAB, so I got guaranteed.
At the time, I think they it was communication systems. I COX one was my first AFSC in the you know, in the Air Force.
So in the late nineties, uh was communications systems? Was that still just was it just radio tech? Was it like setting up communication packages and stuff like that?
So I had both. I had both the analog side of the house.
So I actually got to do like combat com and do some more of the like proper encrypted radio, a lot of point to point systems. But I also got to do it. And so there was job was like regular base comm. So think about maintaining the email servers. I had to do a BlackBerry server, Like I don't even know those things, you know, I'm sure they don't exist.
Anymore. But it was a good time.
And like I said, my first duty station was all regular just comms.
Yeah.
No, that's fascinating because you know where cyber is a career field now. Back then, you know, it was like it the military needed it, but didn't.
Really have that. Yeah.
When you said cyber back in like the early two thousands, that meant like something dirty.
Or doing in that chain right room. It dely didn't mean what it means that.
Yeah, I mean for me, it's still me is the dirty stuff and chatman is it?
Yeah? Yeah, old have his diehard right yeah.
Yeah, yeah yeah cyber yeah yeah exactly.
So how is how is the Air Force treating you at that point? I mean sounds like you're probably enjoying it.
Yeah, you could imagine, like being seventeen, I did real well in like basics, since I had already done like years of ROTC or junior ROTC, and so that part was kind of a breeze. And what was really lucky is that this was right at the cusp that you know, people were already doing offensive cyber operations. They weren't calling it that. It was called a lot of like you know, info security. There was information operations, but really nobody knew
what that meant. And it kind of gave me the benefit of because my rank was enlisted and I had a lot of technical potential. It kind of had a lot of parallels where nobody really held you down because of your rank. It was your ability to execute kind of was like where they would cap you.
So for me, that first duty station was in A. I actually did in A two.
Tours in England and that was just great because it opened up my whole life from moving from just basic security and that's what I started getting to work with GHQ and NSA.
So it was like really good timing.
And and you know, for like NSA was like singing like that was their and they start, but but that was their bread. You know, everybody's sitting there wearing their cans. Was the NSA sort of on the cutting edge of what was going on in you know, in this kind of cyber space or were they trying to catch up with kids reading twenty six hundred every month?
Yeah, So General Hayden at the time, running you know, as the UH director of NSA was definitely on the cutting edge of realizing that like these basic things that we were already you know, listening in on just about anything, right, is it a cable, is it you know, overhead anything along those lines. We really started realizing there was this whole new domain that if we couldn't master it quick,
somebody else was, especially like nation state adversaries. So early two thousands, all of a sudden blossomed even though nobody knew what these names were, right, they were trying to figure out, like, how do we stand up organizations that aren't really because at that time my MOS was a three series, right, it wasn't a one, it wasn't an operator AFSC, and it kind of mimics you know, MOSS and other ratings where we were looked at as support and so you can imagine there was a lot of
folks on the outside that actually had substantially better skills. On the inside, however, there was pockets always from the beginning, like Navy postgraduate school, they have always had amazing offensive cybersecurity talent, and they kind of had both like that twenty six hundred early hacking vibe. Yeah, but definitely with the government, you know, espionage flair.
So it's pretty cool.
It's fascinating, was how did these commands overall command as because hacker at the time was a bad word, right, and so.
I wouldn't call myself a hacker, but people kind of like shame. There was no concept of ethical hacker.
It's just like, oh, you know.
Immediately it's like, you know, some skinny dude in his basement and with a hacker hoodie. Right, that's what it invokes. It doesn't invoke military at all.
Right, Right, So like, how would you know this is a new technology, this new space that you know, a bunch of old fuddies don't understand.
You know, we're going to drop bombs or we're gonna.
You know, you know, send tanks and and how are you guys selling this?
There is a new domain that needs to.
Yeah, you could you could imagine the human world has been vibrants since humans were humans, right, just try to be able to gather and all of a sudden this world that de risks. Wait, you could gather intelligence from somebody completely remote. And remember we've always been doing you know, whether it's radio, just good old bash and RF. So there was a lot of these parallel analogies that from
my interpretation, is a very young airman. I don't think I appreciated how many of those parallels that some of these real early you know early sorry, late nineties, early two thousand's officers that at that time the military, right, if you think about the Air Force, they were run by pilots.
The Navy admirals.
Were commanding you know, a fleet, right, and of course you know instead of regular legs, there are stuff like that. In the army, you actually had folks that might have been tank commanders also now thrust into this brand new domain. And I just totally missed how far ahead some of these people were. But I'm on to bet that, like finances came into it, do a really expensive human operation doing all this crazy stuff, or put some geeks in the basement with some shady software and get it a
lot cheaper at low risk. That had to be part of it. I don't know for certain, but it had to play it into it.
Yeah, yeah that co read mountain and co or like mountain dew and pizza or yeah, to get the job done.
Or sure definitely was that I was the skinny nerd that give me pizza get that code.
Yeah that's funny.
So it sounds like you started off your military career more unlike the IT side, but then you got exposed to some of these other career fields. What was that sort of like as you you know, progressed in your Air Force career.
Yeah, my first pivot was not straight into cyber writing software for espionage.
It was actually a mission security. So think about gathering like signals that would you know, leak from those big old monitors, right, they would ride over top of cables. That type of stuff was a real big threat, right, especially when we had, for instance, like embassies in other countries. So I got exposed to that. I got to do a lot of that work and a lot of stuff that was overhead related too, right, think of like satellite things.
But it wasn't really for me.
The real cyber side of my career didn't really take off till probably two thousand and eight, two thousand and nine, I happened.
To be deployed when you know that it's now very.
Much publicly talked about the Buckshot Yankee incident, and I happened to be in theater. I was attached to third Group, being just support. You know, I'm the furthest thing from an operator, But it was just kind of a wild time where all of a sudden, these whole worlds collide of very physical everybody's in the AOAR and the area responsibility and now all of a sudden cybers being used to gather intelligence on like some of our highest, you know, sensitive assets.
Was a wild shot Yankee for the squares out there like myself.
Yeah, so if you go read Wikipedia, well we'll use that as our official source.
The inside scoop.
Buckshot Yankee is acclaimed Nation State actor developed some software that rumor had it got into not only systems in the military that were unclassified, but even to classified networks as somebody was there on ground and one of the only offensive cyber guys on ground.
It was just kind of a.
Really cool moment, a luck purely by luck to during the first days of this to get to be able to do the forensics, and it kind of was some of the first truly tying what other adversaries could do to our war fighting capability and the importance of cybers.
So was was this who in the whole USB controversy, Like when they started taking away our USB's was that timeframe?
So you're nailing it there, You're absolutely nailing the USB drives themselves were definitely one of these things of like where did they come from? The software they called it Agent BTZ is the malware name for any of the super nerds. But it's just a piece of software that when you put a USB or put a CD in a drive, it would auto run, right, it would literally automatically start running and next thing, you know, bad stuff.
And so that was a kind of wild time for the US military.
Yeah yeah, and you know, I you know, not too like whoever the Nation State Actor was, but when you consider like all the SSC that was going on in people throwing you know, taking CD ROMs or US off targets and you know, throwing them in like we were exposing ourselves for that stuff all the time. Uh, just from our everyday activities.
Yeah, I mean it was it was It was life right.
There is a process by the way, like when you go from these low systems to high just like anything, you know, it's just like a clearing barrel.
You got to be able to, you know, clear your gun.
You got to be able to follow these processes to make sure you don't accidentally, you know, bring something nasty. But this is the first time that for instance, people didn't think that maybe the clearing barrel wasn't enough so to be able to find something that you're just doing your job and think about when you gather intelligence, like my deployments in Afghanistan were all you know, a team
related oda work gathering human intelligence. Human intelligence doesn't start classified, it starts unclassified, right, right, and then you bring it up to the systems appropriately right. And this threat actor just really seemed to understand how that system worked and how they could exploit it.
So I'm curious because you know, you you are you're an offensive guy.
Now you're not offensive guy.
I would be offensive, yeah, but also offensive.
Right yeah? Yeah, but but you were you know, so you're in this cyber space before you even joined the military.
You joined the military, you.
Get into the sort of the IT track, do you know, uh like, are you aware that sort of there is or isn't a cyber capability? You know how to get there? And how are you spending your evenings? Are you like sweating bullets every morning when you go into work?
One boy, I hope nobody heard about this.
So it was already in the IT world, like everyday tech was already changing, right right, we were moving from these old novel systems into early Windows and T and Windows two thousand systems. So I was already used to that grind of like every day something was different, huh. But at this time it and cyber what we call it now were largely blended.
Like most folks wouldn't have called a cyber.
It was this maturing and if you got lucky that you were stationed at a place that only did offense. But my job at a time was just as much defense as it was often it.
Was really odd.
And then of course we got a lot better when some of this started increasing and Nation States right started really going after us. We had to get much better and mature because we could see that if not, we were going to be left in the dust.
Right right, No, it'sentially because like the military is running like most mom and pop businesses right now, right, we need an it guy to make sure our computers were secure.
Yeah.
Yeah, So at the sum of the work, I was literally the it guy unlocking accounts and stuff in the early like two thousand and three, two thousand and five days.
By two thousand and seven, two thousand and eight.
I was usually only doing the upper end. But that's how quick it happened only in about three years. I would say my whole life changed.
Were they were they sort of were they splitting that off? Were they making the commands? Were they making that distinction? Did they see that the security was not it?
The career fields hadn't updated yet, but you could get to certain places that were like and I know it's acron and souit nobody likes that military stuff, but JTFG and O, right, the Joint Task Force for doing this started like huddling together some of these offensive minded and the way I would actually describe it, in a lot of ways, it was purely you know, for those that follow us, it was title fifty Intelligence and Espionage Gathering Activity.
It wasn't title ten War Powers types.
Right.
This is still very very early, let alone the modern world where it's our offense and support of defense.
So you can imagine this timeframe.
Us doctor in all on the unclassified side of the house is all about just trying to figure out, like how do I enable espionage.
So I want to take a minute today to tell you guys about the perfect gene. I've been wearing them for a few weeks now and really enjoy them, and I just want to share it with our audience. You know, sometimes genes have this problem where you know, you guys all have seen these skinny jeans that they like crush your balls and you know it's just not comfortable.
To wear or the other way around. The jeans are like too baggy.
You know, you have the sort of like diaper in your ass area looks like. So there are these problems that you know, different fits of different types of genes have and the perfect gene strives to fix that both the fit but also the mobility, the maneuverability. It has a stretchy fabric, like they say it's like yoga ready, but you know I would say it's athletics ready. You know,
moving furniture, doing things around the house. You're not going to have that like super tight, like constricted fit that you feel like you're.
Not gonna be able to move around in.
And there are over four hundred thousand people out there wearing these jeans at this point, so not all of them can be wrong. I hope you guys will go and check them out. So a few scenarios where you can wear these jeans and where they really come together. Everything from you know, doing yard work, or doing things around your house, if you have to move furniture around or you have to do handiwork. They're perfectly comfortable, but you can wear them, you know, getting your man spread
on on the subway if that's your thing. So, the Perfect Gene is great for all kinds of different environments, whether it's doing handiwork around the house or on the job or athletics. And we really hope you guys will go and check them out. For a limited time, our listeners get fifteen percent off their first order plus free shipping at the Perfect Gene dot nyc. Or google the Perfect Gene and use the code House fifteen for fifteen
percent off. That's fifteen percent off for new customers at the Perfect Gene dot nyc with promo code House fifteen. After you purchase, they'll ask you where you heard about them. Please support our show and tell them we sent you. So fuck your takis and get the Perfect Gene.
Well that messages anything that ain't good.
You said you did some deployments overseas supporting soft I'd be interested to hear a bit more about about that, and like how this like it security field kind of interfaces with that.
Yep, So for any of the other fans of silent professionals out there. They don't just exist in espionage or you know, they exist in special forces, right, human intelligence. And it turned out these A teams were all about how do I gather intelligence right the old school ways, local building relationships, things like that, ha, humanitarian assistance.
But they need a geek like me to keep some.
Of the systems up, whether it's classified systems, being able to be able to keep the data you can imagine for how do you covertly record, how do we make sure things aren't bugged. All of that stuff is normal parts of just any sort of espionage doctrine all the way back to the fifties. It's not unique, but there
is definitely shortage. And so folks like me who are cyber warfare operators completely different than special forces operators, got attached on the same teams, and I was like super grateful to get that.
Did you basically have to teach them how to utilize you?
I think in a way and a lot of it.
Like when I first got there, the team was actually pretty clear like reminding me, hey, you know, hey, turd, keep the systems up, make sure the morale drive is running, but right, right, very similarly, you know, very similar though you could imagine like their careers is often defined by their capabilities, which was identical to mine. And so in a lot of ways, I got lucky that my team treated me pretty darnfair. I won't say that there wasn't azing.
Like we had an incident that involved diverting a drone one day, and I'll be darned if they did not. Only like, after this incident goes down, I get in, they tell me to pack my stuff. They have me fill out a you know, incident report. I'm thinking I'm going to jail. I'm like crying, you know, filling this out. I get to the last page and it says, remember you're not a Special Forces operator, You're an Air Force tech geek.
Sign here puss.
So these guys let me have it.
Even though you know, I got to help them with a lot of great stuff. I was definitely, though still support So that type of relationship was actually pretty cool. And for me, who'd always been very athletic, not the same style of athleticism, it was a really like kind of humbling experience to get to spend a couple of appointments with these guys.
So in addition to like telling people what you can do, like, did you have to tell people what you couldn't do based on like misconception, like like enhance a picture, enhance enhance to Kyle, Yeah, exactly.
Yeah, So you can imagine all the TV shows and movies ruined it for you know, folks that, for instance, are like, look, you know I blow things up. I'm a demo guy, or you know, I'm the combat medic. Just the same way that people don't understand how transfusions do and don't work.
They didn't understand some of the time ethnical stuff.
So like Wi Fi hacking, I could do that that would impress them.
Other things. It's just like, yeah, I took this.
This camera was on a flip phone or some Nokia on a Roshan network somewhere enhanced this, and I'm like, guys, there's it's not you know, it's not minority port where there's not enhanced and hands and hands. So you can imagine there's definitely some disappointment. I disappointed at times, guys.
Yeah, I mean you can do stuff, there's like literal magic to them, and then they ask you for something to them that's basic, hey, and pictures like there's nothing like nothing.
Yeah, I like, I literally remember some surveillance stuff that we did that I soldered some kit that was very simple pinhole camera to like an existing like cable that was hidden away, very very far away, and they thought that was magic. And then I'm letting them down on stuff that they felt it was so basic.
Right, It's just a weird dichotomy.
Yeah.
Yeah, So.
Did you do I mean, were you with them or did you do multiple trips with.
SF Yeah, yeah, multiple oda's But they were like they would go and do like twelve thirteen month rotations and I'd be in and out in like five you know, by the time I could actually deploy, go back home and come back in the same team could still be in place. So it was, uh, it's kind of sad actually if you think about it.
Yeah, And how do you see, like during this time where you're doing these deployments, how do you see technology changing and how the military is or isn't embracing technology.
So the teams were becoming more technical, like the eighteen echoes right, who had comms roles. Our team actually also doubled as a team sniper, right, so he was very different than he could have like encrypted comms, and so you could imagine as I could take on some of those responsibilities. It allowed them to take their own specializations and focus on it. So I actually think in many ways it was you know, I even like today my current job, the best thing I can do is focus
on the skills only I can do. And so this blending started happening in the late like you know late ots, think of like two thousand and eight to twenty twelve.
All of a sudden you had these geeks that were taking away some of the I would call it mundane, monotonous and allowing like real operators to do stuff that only they're trained on, right, And so that was I think kind of a true like people use that word force multiplier lightly, this was an actual case where they're like, whoa, I have somebody now that can do this, can run this, is fit enough to do this, and then it enables you know, an extra body because these again these teams
are very small. So anyways, it was a cool difference because that from my first time, like even just on small deployments, think about like catark weight stuff. We were modernizing it systems, but they weren't impactful, not like this right right.
Yeah, you're watching people's IP addresses and their MAC addresses and they're going to pourn shutting them down.
It's really really cool.
Yeah, but you got to see like the blending of these capabilities pretty early on.
Yeah.
Yeah, and again right place, right time. And if you fast forward even just a couple of years later, by twenty eleven, I had left active duty and I started National Guard time. So the typical one week in a month, two weeks a year, and that led me at Fort Meade and that time, no joke. Within two years you had going from these type of incidents to things that were like you know, people publicly claimed, you know, the
US and Israel were related to like stucksnet. That's such a big difference where you're going from four years earlier scared of like bad USBs to now all said in the world supposedly some nation state actor made some centerfugion spend extra fast to prevent enrichment of uranium.
Like that is a crazy difference in four years.
Yeah, were there things during this sort of blossoming. Were there things that like you just wanted to jump on somebody's desk and tell the like, tell the military you're missing this like, or the government and general that you're not paying enough attention to this particular thing.
So twenty twelve was the first time I actually thought, because we have so many flyers running some of these you know what a lot of people we call them wings, right, Air force nonsense. But when you have some of these flyers making policy decisions, I would say sixty seventy eighty
percent of them just couldn't get the force multiplier. But there was a rare twenty thirty percent that kind of at this time had laid the groundwork to create you could imagine the beginnings of US Cyber Command, some of even the separation because at this time, like NSA is doing what they can do to help. But NSA's mission is foreign adversaries abroad for espionage, And so you could imagine in the US we're watching all the other nation state actors.
They're changing their techniques, they're using.
Schools for espionage, they're using commercial entities. So in many ways, like we were both ahead and learning at the same time everybody else was. So it was again I can't tell you like how lucky I am at right place, right time for all of this stuff to change.
So you joined the Guard, which exposes you.
To me, what's your first impression when you like, when you're there.
So I wasn't a Guard guy. I had deployed with.
Okay, sorry about that, Okay, oh no, no.
Yeah, you were right, But I wasn't at this time think about it. I wasn't really a National Guard guy. I was in the National Guard, but I didn't know what that meant. I thought at this time Guard were kind of like, you know, hey, you'd have like sixty five year old tech sergeants. Right e six is for us, right, And I thought, oh man, this isn't the tip of the spear.
But it turned out the National.
Guard and a little bit of the reserves, but really on the National Guard side of the house, realized there was going to be They're not talking about the word hemorrhage.
They called it stem ridge.
All the science, technology, engineering, and math folks doing cryptography, advanced for instance, offensive cyber operations, even defense, they were racing to go to support. You know, remember Google got mass hacked in two thousand and nine. So even the industry is now dropping major dollars. I'm talking like four hundred five hundred thousand dollars salaries a year, and this
talent was bleeding. But it turned out the National Guard realized this was going to happen, and our whole goal was, let me retain the best talent in the world, So even if we can't have them full time, how do we have that reserve capacity? And it was brilliant. I didn't even know that this was going down, and it didn't become apparent to me for probably two or three years later that some good flyers realized this was going
to happen. I guess there's some parallels with flyers. This happened, you know, at the draw down of like Vietnam, and we didn't necessarily have for a while the flying talent to be able to do other air superiority. And it turns out those same type of flyers realized this was going to happen in cyber and again I just happened to be part of the right unit. It was trying to be able to not only like retain talent, but in case there was ever like a surge capacity we
could step up and support. So you could imagine for me, my perception of the National Guard went from old kind of unfit, you know, you know airman to all of a sudden like whoa. It turned out the National Guard actually had in many cases better talent in than active duty head.
Were they were they Was there any process at that time in formalizing training and devog partnership with like Sands or any you know, any of the big organizations.
Were they sending you to black hat?
Like how were they you know, working on your professional skills and things like that, or how were they supporting that?
So you could imagine when this hemorrhaging or stemaging started happening, everybody started realizing we're going to start losing to commercial They weren't so worried about overseas. They weren't worrying about national threats, although there was some of that. You know, if you think about human there's always a worry somebody's going to go start, you know, merc in area type s right, that wasn't really a concern at this time, but you could imagine they're sitting there going, if we
can't retain, how do we build this cadre? And it turns out there's a couple epicenters right in the DC area. You look like the National Guard had a handful of units that were trying to retain but they also were smart enough to realize if we don't set up some sort of commercial training, we are.
Not going to be able to backfill. It was a pipeline problem.
Yeah. I mean still to.
This day twenty five, I have to build more talent than I can hire because they're still that rare. So yeah, companies like Sands and even other like research institutes, think about the National Labs had to step up and help grow people.
Yeah, and then what what was the relationship with the government side of this, whether it's military or in it say whomever, and you know, the kids or the people who or anti the man or whatever, but still doing this stuff, you know, and like you.
Know, I think def Con is a funny example, you know where guys are always like trying to point you know, pick the fed and you know stuff like that.
Ben right, Yeah, yeah, So like what.
Was that real relationship like and how has that developed over time?
So for a guy like me who I've been going to deaf Con since I on early two thousands every year showing up or black hat I had done presentations, there was always this irony that those you know, you know that current statement that the my gen Z kids will say if you know, you know, all of us that were sometimes involved in some of these hacking events by kind of like late oughts, you know, two thousand
and five, thousand and seven, twenty ten. A lot of people realize spot the FED was ironic because a lot of people organizing had now become in support of some of the federal sides. So there was always this irony of you know, catch the actual active agent. And I'll be honest, lot of people wanted to pick up FBI. There's a very big difference between NSA, who is very much a mission that is going after non US citizens,
right right, FBI that's looking at US citizens. And I won't lie it wasn't even it's not a lie to say there wasn't a schism between some folks who are like, fuck you stay out of my you know, US citizens. And so even sometimes some of the you know, IC guys or maybe spot in the more field agent type guys of like, you know, get out of my, uh my corner.
Yeah, you know everybody was FEDS.
Yeah yeah, right, yeah, take your five elevens in your polo shirt and get out here.
Yeah, there, I go.
Yeah, but but that is true because the IC is the IC and the FBI is the man.
Like, you know, people don't realize that, but you're you're hitting a culture thing that there will be more books on this, Like I think, uh, I can't remember that politician. He was out of maybe Texas, but people found out
he was an early hacker. I'm spacing on his name, and uh, it blew some people's minds that some of these people that didn't seem like they could be from the hacker culture were actually the same guys on bulletin boards and you know, you know, IRC and stuff like that, but had now held like actual governor or sorry that's not correct congressman positions. So it was a weird time at the you know, kind of twenty ten period where you're the man but not the man.
Right right, But we're also looking at a time from the time you started when you were a kid up until this time.
You know, there wasn't hack the box. There wasn't there were.
I'm pretty sure that people who were good at offensive stuff at the offense side of the house at some time may have you know, pushed up against the the legal system.
There was definitely gray.
And what's weird is a lot of people don't realize the polygraph is not necessarily to find out who's breaking
the laws, to figure out who has integrity. And so I remember people that I knew flat out had like done not crazy hard drugs, but admitted they had done drugs and made it through polygraphs just or some shady level of Like Now, even looking back, there's nothing that I think that as long as I was honest on my polygraph, if it actually asked me about those questions, I don't think anything would have precluded me from service.
It wasn't They're not looking for somebody that have you broken a law or do you, you know, dip into the gray. They're making sure that when they ask you, they know you're going to be honest. And integrity's worth a hell of a lot more than occasional bad judgment. So I think the actual US government had to changed their mind a little bit. And for me, I mean,
I've been tiptoeing this line my whole career. You cannot you know, you have to obey laws period, right, you know, the intelligence communities, you obey laws if you're you know, a Ford deployed, you know, a soldier, airman, marine, you know, sailor. You obey the laws, but there's always this level of
gray that I noticed that the offense of CyberWorld. You know, even to this day, some people will say, ah, I use my offense in supportive defense, and somewhere there's a little lit level of understanding.
Just don't go too far.
Right right, but in order, like I said before, all these you know, cool little sites that you could go on and learn this stuff.
You know, when you're thirteen or fourteen.
And there are there aren't sites like hack the box or whatever you know, or pent testing sites or whatever, like, how do you learn how to hack into a network?
You know?
For me, it was these capture the Flag of competitions. You know, they weren't physical capture the flag like the sports game. They were the hack into other systems. And it turned out there was a lot of these. They were actually hacked the box and a lot of these modern training systems started from kind of war games type events. And I don't even think people new like the year that, you know, for those that don't know what I'm talking.
About, these capture the flags, think of.
Possibly fifteen to twenty eight person teams of stinky pasty nerds creating exploits and hacking each other to steal data. That's their stealing the flag. They then submit the flag, bring it back to base, and they get a point. That's kind of how this worked, and these competitions were kind of the breeding grounds that at one time I remember playing Capture the Flag at Defcon where all the
nerds get together in Vegas every year. That I remember looking and going Nation State Nation State US school that probably supports offensive cyber operations, defense contractor. We were a team that were just as guilty. A lot of us were five Eyes right us and some of our closest allies,
and it was wild. This was almost like, you know, you can't train publicly, so the next best thing you could do is make a game out of it, And kind of what happened for I would say even still to this date, there's Capture the Flag runs every year a deaf gun.
So there was Capture the Flag events like as young for you as young as like seventeen.
I thought that was a more recent type of thing.
So back then they were called crack mes or rehearse mees, so people would make fake software to teach reverse engineering. So they would make like a fake software that had like a fake digital rights or like key code that you had to pay for, and so they would actually teach you. And that's what I grew up on with interesting learning how to reverse engineer so I could get free software back to my broke days.
But that's how it started.
People then started training by creating fake software and fake activations and giving these tutorials too. This is what they were called, right, and you would actually use these tutorials to reverse engineer, and that.
Turned into a whole game.
So you're right.
It didn't just go straight from the IRC channels into this full on war games. There was these kind of minor trainings that kept getting bigger, yeah, and bigger, all the way to hundreds person events.
Right.
Yeah, so let's jump into you know, you're in the National Guard. And now it sounded like at a certain point you make the jump over to the three letter side of the house or actually have a foot in both. I explained to us a little bit about like how that comes about and how that works.
Yeah, so a lot of my life, you can tell, is still kind of recovering from you know, it's hard growing up broke right, and so you turn to you know, you make decisions based on money and what you know gives fun. And I realized, as you know, an e six, I was not going to have the stability for my family at this time. I have two kids, you know, I had my first one at eighteen years old, so you can imagine like a little bit of my psyche of trying to learn while graising kids, while being a kid,
and I needed that. So I'm now six seven, eight years into the military, and I decide I'm going to become a contractor, and so I'm using my skills full time at NSA as a contractor for most of my time. That just means I can do most of the stuff that a government civilian can do, but there is some rules that they wouldn't let me do. And at this time my job turned into creating. They called it computer network operations. It's creating these things called implants that gather software.
If you were on the receiving end of an implant, you'd call it malware. So that was my job at night or sorry, during the day. I'm creating malware professionally to support intelligence gathering. And one week in a month, two weeks a year. I'm using those cyber capabilities to actually gather intelligence or to support offensive cyber operations.
That's pretty interesting. So I mean literally dual had it in a sense.
I remember some meetings where again you're limited as a contractor, you're getting paid better, so you kind of like it. But with me having both feet in this world, there were times where I would actually have to remove myself because it wasn't appropriate being a contractor. And there were some times I'd have to literally flip my badge to have the right badge color up in and say, I want to tell you this on behalf of me in
this role. I'm no longer a contractor, Kyle, but this is how we're going to use this for not espionage but attack computer network attack. And that was a real different role that I could actually use my National Guard time to often now benefit people who were only able to do espionage. So if I won't bore the audience with like all the laws, there's a big difference between Title fifty espionage in Title ten, which allows you to truly do attack.
Deny degrade.
Yeah, destroyed.
I didn't use the face.
It was destroyed disrupt but that type of actual effects and I will tell you being able to have both badges, it was a again I used this word earlier, force multipliers, seeking these opportunities to use my experience and again right place, right time.
Super thankful.
Well you spoke a little bit earlier about like these blended teams and blending these capabilities, and I mean you continue doing that. I mean I think that is that something that this line of work is sort of institutionalized or is it still sort of like a stovepipe there.
I think it's getting better.
This is the stuff that like if you hear people in the deployments in the AOAR saying we're going to use total forces, that means usually they're secure in the sky right with air power, they're maybe jamming the signals with electronic warfare. They've got human intelligence on the ground, they've got infantry pushing up, you know, doing the hard work, and then all the support that goes into it when you use total force. We've known that using all domain
warfare is very powerful if you can coordinate it. At this time, people are trying to figure out not only how to add cyber to that story, they're trying to figure out, Oh my gosh, even within cyber there's all these different domains, right, it's an inch deep.
And a mile wide of skill sets.
So i'll tell you by this time, probably twenty thirteen, twenty fifteen, they're just starting to figure out what are all the blended skill sets.
And they're learning this by accident.
Right.
The civilian world, by the way, starts calling this purple teaming. What they mean is blue teaming was always defense. Red teaming was always aggression assessing, and they start realizing you can use your red team offense to improve your blue team defense, and vice versa. You can use your offense to deliver effects so you never have to defend. So
this world all of a sudden is completely learning. The whole thing is changing, and it's kind of like what we're seeing right now in Ukraine, where warfare is completely changed to drones autonomous systems.
This same effect was going down.
Just out of curiosity.
If you can answer in a roundabout way, even how many different tools do you think you used on a daily basis when you went into work.
I don't want to be cliche, but it was definitely maybe sometime in a day, it might be a half dozen to a dozen, but in a month it could be a It was really the old school, you know, folks that were lucky enough like me to grow up and learn remember those early computer programming languages like Assembly, and then blend them with modern programming languages like you know, Python, and then stuff in between like C and C plus plus.
There wasn't many of us who could do this, so you could imagine this was a time where they were really trying to do everything they could, whether it was retaining people on the active duty side or National guard side, because once you lose this to the tech world, getting them back into these spaces was pretty hard. So I'm not going to sugarcoat it. It was a cluster for
a really long time, and it's definitely maturing now. It's maturing to the level that some of these teams not only understand what manpower needs to look like, they can forecast it, they can grow it, and they know. But again, this is still mid twenty fifteen, twenty thirteen, and this stuff isn't figured out yet.
Can you can you tell us a little bit?
And I don't want to get into anything too sensitive, so I'll say, like, if we think of you know, you mentioned espionage and attack, and if we think of espionage as intelligence collection, right, that we're collecting information and you know a lot of times there's probably I imagine the attack and espionage often show similar entry points.
Right.
Yeah, so there's a fancy word, unclassified word, but it's talking about the preparation of an environment.
Right.
Think about the difference between when you deliver an effect. Let's make up one in this room. Maybe the light that's above my hair, right, give me this fancy hair light. The difference of me being able to turn that on and off is often like flipping a switch.
Right.
However, this is the time that all of a sudden we start realizing our legal frameworks. It's all about following laws, period. I know there's a lot of disinformation, there's a lot of bs, especially postnodin, but the most law abiding organizations I've ever worked at, military NSA plenty of examples of where it didn't happen.
But it's kind of crazy.
And where I'm going with this is you started learning our laws might not have let us prepare to get in just in case you have to flip that switch. So I'm telling you, when you start getting into this time period twenty fifteen twenty seventeen, we're realizing things have to change quick because our adversaries are not hung up on riwas And if you think about people that aren't nation state, let's start talking about the emergence of cybercrime. They give no shits what the laws are. They are
just moving faster than anybody to innovate. So we actually got caught up in a world in the US for a little while that the real heroes were actually the policy wonks, the lawyers, the legal folks actually realizing that if we're going to obey the laws, we need to make sure the laws not only protect US citizens' rights, we have to be able to handle all the murky situations. What if a US citizen goes abroad and you accidentally do something and collect how do you like all this stuff?
Because no offense.
Like my mom is my best, you know, supporter, She's also the first tinfoil hatter who's like, are.
You listening to my calls?
And I'm like, Mom, I give no cares what I'm talking about in your calls. But that crap can happen by accidents. So you can imagine lawyers had to allow us to get in place gather intelligence, so you don't have this nine to eleven event where you had the info but couldn't action it. And so this time period again, we as the US are still trying to make sure we follow laws, but we can't get cut flat footed.
Right.
We are a nation state power that stays in power by projecting power, right, and if we hamstring ourselves by being perfect, you can sometimes let perfect be the enemy of good, and good enough sometimes gets you know, get shitped done.
There was that example just a couple of years ago. If you remember Tucker Carlson making a big stink about how somebody illegally leaked to him that he had been caught up in an intercept. It turns out yes, he was contacting the Russian government and talking to them. So if you do that, no shit you're gonna get your accounts are going to get intercepted.
And what's wild.
And this is some of the stuff that I think many government agencies realized that we were caught flat footed during the snowed and era because there was a lot of things that people just zip their lips, right, No such agency type world where we weren't going to talk about this stuff right. And what it did is when you have the absence of a narrative, people will be
more than happy to fill it in for you. And so this is the stuff that, to be honest, the Armed Services, I would generally say, gets it done right. We don't overclassify. We have a mission. And that's because I think we realize and we cherish loss of life. But when you work in this world where it's all secrets and it takes it away from loss of life, you sometimes let some of this perfection get in the way. And I'll tell you, like nobody wants to collect, but
I'll be darne. You'll find cases of people abusing. Just like think about any employee. You probably hired somebody that seemed legit when you hired them. They turn out to be a turd d. This stuff happens.
Hey, guys, it's your pal Jack. I just want to take a moment to tell you about the sponsor for this show, which.
Is Stop Box.
Stop Box makes this very cool box to secure your items in where your valuables or weapons could be a firearm, knife, things that you want to keep away from kids. Opens up like so and the way it locks is very interesting and you can change the combination by the way, so you have these actuators on the side, and in this case for demonstration purposes, the code is to hold down the index finger and pointer finger and then come over and there's a thumb if that and it opens up,
so that's the code. And this thing is proudly made in the us of A, so they keep the quality very high. It's also TSA so you can throw this in a bag and travel with it.
And stopbox also offers a.
Range of other innovative products, including their vehicle safe chamberlock and other essential gear designed to keep you prepared and protected wherever you are. For a limited time only, our listeners are getting a crazy deal. Not only do you get ten percent off your entire order when you use the code House at STOPBOXUSA dot com, but they are also giving you a buy one, get one free for their Stopbox Pro. That's ten percent off and a free Stopbox Pro when you use the code House at STOPBOXUSA
dot com. Discover a better way to balance security and readiness with Stopbox. I think you've touched on something that's like really interesting. I think especially around like the Snowden period, because there really was not a public interface between an, say and the public. I'm sure they had a public affairs office, no offense.
But it was the House of Glass, right, I mean, yeah, you know, you know evil.
So when that scandal broke, it was a little bit different, I think than the military, because people can see their soldiers, they can hear their soldiers, they can get to know them a little bit, and it kind of takes away the mystery of it, whereas with the NSA, we can if it's a black box, we can project all sorts of maorious things upon what you're actually doing.
Yeah, no offense when somebody doesn't tell me how something works.
I have survived by being.
Very pessimistic, right, right, as humans evolved, right, bad stuff outside of the cave. And if you make something seem shady in the dark, I'm not going to assume positivity happens in the dark. Right, That's literally how we evolved as a species.
So I can't wait.
If you do the math right, you've got some of the snowed in era type stuff twenty ten to twenty fifteen. Usually US has a lot of like declassification things that happen in twenty five years. For some of this I cannot wait to fast forward to you know, our equivalent of twenty four, when some of these stories start to become declassified. Maybe governments and officials declassify these things early and tell the real story of how some of this
stuff happened. Because I will say, remember that word stemorage I used if we thought it was bad in this kind of twenty ten. When you don't give somebody a voice, and you don't defend somebody who's working hard every day, I'll just go take Google's five hundred thousand dollars a year, thanks, because my civilian pay at ninety six thousand dollars a year ain't cutting it.
Right, right.
Yeah, And you know, both the CIA and the NSAY have this problem of not you know, they don't they'll never talk about their victories. They'll never talk about the victories, will never you know, air out like things that they've accomplished. But when they when somebody does go rogue or somebody does something bad or fails, you hear about that.
So it's easy to see these shady.
Evil organizations that are secretly, you know, pulling strings all over the world.
World.
Yeah, and I'll tell you it's what's weird. Is you work at a spy agency for about thirteen years, and now I appreciate my privacy and transparency more than I've ever appreciated. Yeah, but there's also this like again this level of like the black and white is always easy. It's the gray where things get dicey, right, It's that I think about like AI and autonomous cars these days.
Do I go and you know, make the decision?
Right?
Do I take a right and run over three or four people? Or do I take a left and run over one person? How do you make that decision in value life? And it could be you know, one child or three ninety year old people. All this logic and the reason I'm given this example is national security is not one in the black and white. It's one on interpreting the gray and trying your best during a crappy situation to make the best decision and not regret it for the rest of your short life, you know.
So back to the notion of like lifting the veil or wearing the fog a little bit. I'd love to ask you, since you were there for a hot minute. I think a lot of people, including myself, don't really understand, like what is the culture of the NSA.
What is it like to actually work there?
Who are your colleagues, the type of people that you're working around.
So, I mean, this is the fun stuff about these big agencies, right, And we haven't even talked people forget that the US has like I don't know, what is it, sixteen eighteen different.
Intelligence agencies, right, yeah, even.
Treasury has like some type you know, a work. But the part that I'm getting at is that the big ones you get the whole spectrum.
Right.
You get some people that are top level operators, and you get some people at NSA who are janitors.
Right.
They they'll go.
Out and tout and you know, stolen valor and everything else about how cool they were at NSA. But it's like you weren't in the thick of it, and so you can imagine you get all shapes, just like in life, just at like any type of you know, career. But the one thing that seemed to drive everybody together was understanding that like, if you mess up the things that we appreciate, right, true, freedom, true, just being good to people, Screw politics and how you lean, Like I don't care
which way you lean. People love the smell of a neighbor's good smelling barbecue.
Right.
We also hate paying taxes. I hate getting a red light ticket. We all share way more that like unites us than divides us. And I would actually describe that was the era that I got to grow up in the intelligence community. Didn't matter whether it's political, it was just, oh my gosh, democracy is fragile. People forget the US. It's only a couple hundred years old, like we are a footnote. Like I remember the first place that I
lived in England in my duty station. The house that I lived in was one hundred years older than the US. That's a perplexing thing. And I think people forget like if you don't just unite behind the like you know, I'm not talking with DEI stuff, but like belonging, just carrying around a mission that this thing that we love, which is freedom, could go away, like it'll disappear.
And so I liked it.
I really was felt good. And all the different things that outside of work divided people at work, it was just like mission, mission, mission, get shit done.
I've heard well, first off, I've heard stories about D and D games down in the cafeteria.
Ooh, so you you've done some digging here, and then the question is what cafeteria.
Right, I don't know that.
I don't know.
OPS two has a different cafeteria than R and E. So this is for anybody who's been in the buildings, knows that there's a different level of geek.
Right, are you the neck beard geek?
Right it does math or are you more of like the modern cyber like there's different levels of you know, geek versus nerds. So, but you are right, it's a pretty broad spectrum from your type A personalities. I used to be a lot quieter. It turns out you can't be a very good CEO if you can't storytell. I had to learn that skill. And so what I'm talking about is all walks of life, all race, all nationality, spicy,
too very timid. And it turns out some of the people that you expect, like some of the biggest badasses I ever worked with I can think of. I only had probably two or three women coworkers, but I think they had like something to prove, like they really had their whole career to prove.
So some of the most competent people.
I work with were actually like hardcore math and computer science women and that was sometimes intimidating. You don't have that in the physical like you know, if you think of like operator life, you guys are going to be able to drag somebody heavier most of the time, ninety percent of the time just because of like physicality.
It's a little intimidating when you have someone.
Five 't two crush your soul, right because they're just that much better, because this is about mental mind power and not the physicality that like testosterone and stuff separates. So I'll tell you it was a cool place to even be humbled real freaking quick, because I have a cool resume. I will tell you I still only for you know, fit in probably the top eighty percent, there's
about another twenty percent who could wreck me. They probably can't communicate the same way I can, right, but from skill to skill they'll wreck me, right, And you.
Know, and that's I think that is one of the interesting things about you know, like in Range of Battalion, they should say there are smart rangers and there are strong rangers, right, So you know this idea, and it's interesting that in in this cyber world and this you know that like you say, there's there's this percent that they they're their ability to interact with other humans, Like it's like it's best if they have like a translator a lot of times probably right, somebody who gets what
they're saying and you know gets this.
Being a true nerd.
We used to call it a middleware, that a middle layer that like, okay, people that need to understand what they're talking in a translation layer between you know, geek dashk, right, do you sometimes need that?
But you know, the idea that there is this place in our government security structure for these very brilliant people who again may not you know, be great at dealing with people, but they're really good at their job.
And they care, which is funny, Like it's so weird when you hear about like I'm not a big polarizing fan of anything, and the reason for it is there's always something bigger, there's a bigger mission, right. I think that's a dope place though, when you're like, whoa this person that I probably on the outside would never go like drink beers with or whatever, is literally in the
same trenches with me, fighting the same war. It's a again coming from military that had deployment skills, coming into the intelligence community where it comes in all shapes and forms.
It was like both I said earlier, humbling, but also kind of like it definitely helped me be a better dad to understand like kids come in all shapes and forms as well, and it made me maybe a little bit more appreciative of like, you better watch out because somebody, for instance, that might not you know, be able to take me in a game of beer pong or be able to run sprints with me, might just run me under the ground because their brain is like a ten pound brain.
Yeah, yeah, they'll.
Turn your lights off night.
I've met a few of those, those five hundred pound brains. And yeah, it's interesting you put it like that, because I thank god that there are these people out there who are so much smarter than I am, but they're also super patriotic, like they're on our side.
Yeah, thank god for that.
Yeah, what what is you know? Could you mentioned this this idea of this this evolution into the this attack mentality, And I'm sure that there are people who were like, well, if we have the espionage, if we have the placement, why are we gonna why are we going to attack and let them know we have the placement?
But but then there are other people probably like hey.
Like yeah, an espionage, there's that whole thing of like then they'll know that we know that, they know that we knowed.
Right lately, what are the pros and cons of attack?
Yeah, David, one of the best cases I remember, and this was again humbling, and it was more human actually than cyber. But it's the same mentality. I remember us having intel that was ID related, you know, roadside bomb type scenario and exposing the road side bomb that could save not necessarily us, but maybe like it could be second third party ally definitely civilians and if you gave that up, could prevent us from you know, at the time,
it has always been lod and related. That math is like it's like I don't know, Like today I don't have I've.
Been really lucky not have any form of PTSD.
But the closest thing that I had was that type of scenario where you're literally measuring trade offs.
In whose life is more valuable.
And I'll tell you it also like when you create attack tools that you were talking about this new world. I remember the first person the first time somebody said, Okay, I appreciate you doing your work with the espionage.
You don't have to create an uninstaller.
And I thought, I have to uninstall my malware, right, and they said, no, don't worry, it's going to be kinetic uninstalled. That's a moment that humbled the shit out of me because you're starting to realize that, oh, because of me doing my job, just like anywhere else, bombs on, bad guys get dropped. It's kind of similar to like, you know the folks in Las Vegas that are flying drones right that still get PTSD even though they're thousands of miles away from any sort of battlefield in combat.
And I didn't have anything like that, but I remember those moments that I thought, oh, I didn't gather the intelligence and people blew up that day.
Like that's also like a really, that's.
That's the analyst PTSD that those folks get, right.
Why didn't I see that?
Well?
And it's like it's like when you have you know, when you have a low level uh you know, you you have this, You've identified this low level AQ guy and you're like, all right, if we roll him up, we lose access to anything he has. But if we leave him out there, he might kill innocent people.
And it's that dilemma is that.
And I don't think I mean, I really don't think enough actually gets talked about that because I think in the movies, right, you watch any born identity type, you just think that it's go, go go, But like people don't realize there's a lot of like calculator risk, and even worse than the calculator risks. Sometimes you just have to make a decision very quick and hope that when you're not in the black or in the white, those
are easy decisions. You'll later have to hope you got it right in this like semi dark shade of gray. I just I again, I think that some of the better side of stories that will come out, Like you know, growing up, I idolize the black Hawk.
Down stories and the things that were very physical.
I was a big fan of like Platoon, right, the you know, the military stories that were all, you know, all testosterone. And I think the stories that probably need to come out, especially as we're starting to realize like mental health directly has a relation to like people's peak performance. Right,
I don't think people normalize these things well enough. I don't think that we normalize like how much goes down like you called it the analyst trauma, right, But even just things in business, right, people forget there's like real good humans behind these things that then go home and have to like smile to their family because it's no such agency and like how is work?
I was good?
Yeah, yeah, yeah, speaking of that, you know, I know you had mentioned to us before the show. I think that you put some things through public review and so on to make sure they're.
Yeah, good to go.
Are there any like war stories from NSA that you're allowed to tell?
I will tell you some of the best NSA stories that you know. The thing about NSA, right is there's a lot that can make it through pre publication. It's usually how was it collected?
Who is it collected by? What the overall measurable effect?
And it turns out some of the moments, like I'll tell you, like NSA stories, we were so compartmented. People don't realize how compartmented truly tailored operations are. I would like my co founders, all three of us worked NSA together. I remember we were all on different access pro none of us knew what we did, and I remember a moment I still to this day don't know if it's classified, unclassified,
just completely happenstance. But all three of my co founders and I are sitting at a bar or busing and we look and it has like a country that has a nationwide internet outage, and all three of us look at each other trying to see if anybody will give a drive that no wordy breaks anything. And to this day I still don't know, did like some cable come and plugged, did they have a power outage or was this an accidental like intelligence gathering operation that took down like a core router.
I still don't know to these days.
Yeah, So I think those are the best stories of like not what you did. But people don't realize to truly protect secrets, you need to keep small amounts of people knowing them. And the downfall of that is I my best friends in life, I still don't know to this day they could have been directly responsible or just as clueless as I, And I think those are probably the best stories that maybe when forty fifty years gets done and people start declassifying, we'll go back and read these things.
But I think that's actually.
The camaraderie that I love, is the sometimes.
Not knowing what are these are like SAPs that like thirty people in the entire world are revolt.
All specials, you know, all the work that we did.
We're special access programs, so not just only you're in a skiff, not just your top secret.
But they are so limited.
I mean we sometimes like if anybody's done the research on what an ODA is or an a team in the special forces world, you're talking twelve sometimes you know, twelve person teams that subdivide into six person teams. I was on programs where sometimes it was six people.
That's intense when you.
Like, you know, I even think to this day of like how do these stories will they ever get told?
Like what if people pass? Right?
Yeah, all stories need to be told, But I think nowadays there's a lot of maybe even overclassification that I learned a lot from what we used to do with like espionage in Vietnam and even during like a desert storm, desert shield, And I don't know if those stories will be told fast forward in twenty five years, because sometimes they're so limited and so targeted that people just might not be.
Around to tell them.
Do you think that leads to another type of stress? We talked about it a little bit. But I've kind of noticed on the military side of things, when you have these SAPs, like you mentioned, only six people on the program, there's only six people in the entire world that can do that very important job. One of them gets sick, one of them goes to you know, his wife is having a baby.
Then you're even more shorthanded.
I mean, does that lead to a different type of like stress, like and burnout?
Really is what I'm getting at.
Yeah, I think these type of things, like you're just asking people to do unnatural things. Right, if you you know, think about a sports team, right, any we just have the Super Bowl in the US, not long ago, right for NFL football, American football, there's always two or three strings of you know, quarterbacks, reivers.
When you don't have that, not only do you.
Have to have like that depth to be able to still get the mission done.
It's just asking a lot.
I actually think some of my most unhealthy work life balance was during these times where I just now look at it. You know, my company's now five hundred people. I pride not having tiny you know, people who can't do it.
I call it the bus factor.
Right, how many people at my company can get hit and the mission still gets going, you know.
Run over by the bus. Yeah.
And I actually think in some of these places that we were so small we didn't even know we were creating stress because we're having to do the jobs of not just one, but like, oh, if this falls, I better be able to do at least sixty eighty percent of that, so the mission still gets done. So I don't think I've ever heard anybody publicly talk about that, but I bet that happens. I know I felt it over extended, is what I felt.
You know, the other thing in addition to that, because you've talked about post amount of stress, and you've talked about the camaraderie, but in addition to that is that you know our friends, the cammaderie that we build, those ties that bind us. When you walk out of that sat, when you get read off, you lose something with those friends, Like you can still hang out, you can still barbecue, but you know you're not going to.
There are limits. Now, there's a barrier.
And when you leave, especially when you leave a service, whether it's the military, the intelligence screen or whatever, and you're out in this world where there's not that purpose and the post traumatic stress or the operator syndrome and all this stuff, and now you're also isolated and you can't even really be that close to people who are your best friends. I used to be close to them, but there's but those walls go up. Once you leave, you're gone.
So my co founder Chris right, he was navy, don't judge him. We now have these moments that we talk about this. We're like, why did we end up creating Huntress? And now that we're ten years in, you know, hindsight's always twenty twenty the amount of places that we were like, look, we created a place that gave us the same mission and the same fulfillment that we had, And so people now ask, like the finance people are like, oh, you got a big company, You've done these things, but they
don't realize the most of the motivations. There was some very altruistic reasons, but there were some also very selfish reasons that I just had to get back into the mission.
Right. It's almost like.
I bet there's some sort of like dopamine hit that comes that you're addicted to. And I remember even going like there's a couple of these like local like bars and watering holes not far from NSA that you go and you catch up with your friends and you're all read out now and there's a little bit of a look. You know, nobody's going to disclose classified, but you're kind of you look at each other and you're like, okay,
I can vibe you because we can. You know, we're speaking at a level that's you know, nonverbal, right, non physical, but you know you kind of just you know, you got that gut feeling you're like, okay, I can stay connected. Yeah, when I jumped into the civilian world, I felt probably as isolated and purposeless as I did. And so and what's I'm lucky, Like I've always had some sort of
sexy flare. I got early cyber special Forces. I don't know how the people, like a lot of the operators will call, you know, the regular army folks legs, right. But those folks there are the folks that didn't get that sex appeal.
They didn't get the intel, they didn't get it.
I actually think about them a lot of what happens when you didn't have that extra high that made all this worth it, and you just were serving a mission as best as you could.
And now you definitely don't have it because you don't.
Like for me, when I have my high highs and then low lows, I can always go back and think, ah, that roller coaster ride was great, right, right, But what if everything was just mediocre and then you leave the service and now you're low you don't have these moments to reflect on.
So I don't know.
I think we're at a really interesting place where both armed services, whether it's cyber, whether it's signals intelligence, whether it's human intelligence, and just go to fashion kicking doors in I bet there's a lot on the psychological side we're going to learn now that we're becoming very aware that these things have real effects.
Twenty thirty years later.
Yeah, I think you're right.
I mean we're already learning just on like the SOFTE, Like we're learning so much about like blast injuries, you know, all the door breaches and you know, and you know post traumatic stress, like you know, I mean, I'm fifty five, so like I remember made for TV movies in the seventies about a Vietnam veteran having post traumatic stress and losing his mind, like having flashbacks in the office and people there are still someings out there who think that's
what it is, and that you know, they don't understand. It comes in all shapes and sizes, from all different types of things.
One of the things the reason why I was asking you about how many tools you accessed on a daily basis, I have a acquaintance working on a PhD dissertation about what that does to a person psychologically. He was really he was pointing out that if you're a soldier, let's say you're an infantryman, you learn how to shoot an m F four M two forty Bravo machine gun, M two four nine saw three weapon systems. Maybe if you're a sniper, you have a few more weapon systems, maybe
you have to earn six something like that. But people are in the cyber warfare field. You're having to learn hundreds of different tools and move between those systems, those weapon systems, if you will, on a day to day basis, And what does that do to, particularly a young person, to their mind.
And I you know, obviously, you know, it's not ever worth joking about any folks that are on any sort of a spectrum because like that stuff's real. Some of us get hit, you know, in the chest, some of us get nicked with the tism, you know, yeah, I think about Like I think part of the reason we bonded so well from Cyber to some of the operators is very specifically. We all had to learn different weapon systems. Like I remember first deployment in Afghanistan. None of us
are shaving everything else. Everybody's using macarovs, AK forty seven's and pkams. You don't learn that in basic training, right, you don't learn any of that type of stuff. And so like that flexibility, and I think they called it fluidity at the time, like being able to go fluid between different weapons systems on different arms. Learning the basics only gets ratcheted up to a level like I remember the guys looking and they're like, how do you keep track of what to do?
And I'm like, I don't even know.
Yeah, I bet there is some real like ramifications, like if somebody asked me, quantify the number of pools you've used, Like, so I joined in two thousand and three, So what would I be at I'd be I guess I would be at twenty two years of like some of this professional experience.
Yeah, I don't even know.
It would be thousands.
It doesn't even make sense, But I bet there's somewhere that, like, if you're not on some sort of like okay with the spectrum, and I guess we're all becoming, like with scrolling, a little short minded and used to consuming a little bit more. But somewhere in there it wears on you. So I would be stoked if you actually have those resources. I would love to see someone writing the dissertation.
Also, yeah, I can.
I can introduce you to that dude and maybe he can get it to you when he finishes it. Well, you mentioned jumping into the private sector before we jump into that. Any final thoughts on NSA that you want to talk about before we discuss your transition into the private sector.
I am, you know, if I was to end it on there, obviously I'm long removed. I don't carry a badge there anymore. But if I was to you know, end it with you know, standing on a soapbox, it's we owe a lot to folks, just like in the arms, services that are okay with be in silent professionals don't forget, you know, the typical hero doesn't always look like Jason Bourne. It doesn't look like some folks like the three of us that can articulate.
It's kind of really interesting.
Of like at the future of true peak performance.
Brain power these days.
Can actually be the equivalent of top level athlete who can bench the most weight.
So I just would challenge folks to consider that.
And even though I don't fit that personality for ends, I think, I, you know, next time you sit back and think about where you want to go, maybe you don't fit in the military, don't forget the opportunities you have to support you know, national security in different ways, even if you.
Don't fit the mold.
At least for me, I really enjoyed every bit of it, working for all the different types because I'm not a bodybuilder. I'm also not you know, quiet, and it was cool working with both sides of it.
That's awesome.
So what made you decide to transition from you know, your leave behind your National Guard and your NSA careers essentially into the private sector. I think you said, what you had sixteen years in uniform.
Yeah, so they start thinking about that, I'm only four years away. I think I might have had one bad year in the Guard because I was a scrub, But either way, four or five years very close to like a twenty year retirement of some sorts.
Gosh, you're asking me the spicy question, brother.
I was pretty pretty upset by not having representation in that STU world. I was definitely part of those that felt like I had given it all. I had my kids, the amount of birthdays I had missed, the amount of things.
I had given.
I finally had a moment where I said, Okay, I've given all that I can. I need to use my skills to give back to a new mission. And I think I would have stayed longer if I would have had better support, because at that time I had the money.
Contractor pays, no joke.
You can make some pretty decent money as a contractor sometimes, you know, two two hundred and fifty thousand dollars, stuff that you usually can only get on combat pay. That's good pay, is a geek, right, Maybe not quite the same pay as like a big you know, fortune one hundred bay, but that's pretty great government services you know pay or government service is.
But I didn't.
I didn't have that support. I didn't feel like the mission resonated. And to be very frank, I was looking at these operations that I was supporting and people forget when you're in the military and you're doing intelligence gathering, you might be on the same computer with not only other nation states, you might be on the same computer
as a cyber criminal. And so as I pour me a little bit of drink here in preparation, I guess of this segment as I I knew that there was kind of a wave, a tsunami about to come where these people were going to go from just spy verspy. It dawned on me that we were about to see the first billion dollars cybercrime groups. And in twenty fifteen, I realized, if I don't help get ahead of this, we're going to see some of our most critical infrastructure.
Like don't think about just water and hospitals and you know, electricity, think of like the backbone of world economies. Your fortune five hundred, Yeah, that's dope, right, the biggest five hundred companies of the world. But the US has thirty three million businesses and the vast majority of those are twenty five hundred employee companies all the way to the smallest. And I realized that nobody was going to be able
to protect them. When cybercrime said, let's not go whale hunting, right, Let's go hunting for like squirrels, rabbits and mice right right.
And so you can.
Imagine I'm a little bit bothered by the NSA system. I'm getting crusty, I'm missing my kids, right, I'm realizing I'm missing life. And I decided, okay, I'm going to punch Even at sixteen years, even being this close, I had a bigger calling and it was going to be protecting not just the one percent of businesses, but the ninety nine percent that fall below the enterprise.
So you can imagine.
Before before we jump into that, I do want to ask you to unpack a little bit the Snowden.
Issue, yeah, and share share the.
And you know your claim, your issue, it sounds like, was that there was no pushback against it, and so I would love to ask you, you know, to give the insider point of view. You talked a little bit about the importance of following laws and everything, but like, what would be as a intelligent professional, what would your pushback be against the snow narrative of mass ubiquitous surveillance against the American and.
And the like the argument that he was just a whistleblower.
Right, yeah.
Yeah, So we'll break those in two different parts.
Right.
The first one is people fuck up. Let's call a spade a spade. Anybody can do it. I am not a fan of having my personal data leaked by any or snooped on by anyone, just the same way at Defcon when I would happily call spot the FED against.
An FBI agenty same guy.
Yeah.
So people don't realize sometimes these government agencies collab and when you get it wrong. From everything that I've come to read in the public news, it sounds like some pretty jacked up stuff that should have been fixed. It wasn't, by the way, NSA's first mistake. If you go back
to like the Pike Church Committee type stuff. This is not the first time a government agency has done dumb stuff, right, But accidents happen, right, and to be able to call like, you know, anybody you know, paint with a broad brushstroke. I was really surprised to hear some of the people
that they don't realize. The average Joe does not realize how much terrorism, how much abuse of money, and how much kind of like world projection, all of our agencies do to like keep the daily freedoms we have and then to get roasted in the news by and again I'll toe the line on this really closely.
Edward Snowden was an IT administrator.
Edward Snowden did the good thing that any person, for instance, could do, which is, if you find something that is truly illegal, you should file an IG complaint and get that shit to attention. And if somebody ignores you, you should do the most safe version.
Of whistleblowing right, go to Congress.
When twenty forty drops, we will see a narrative that is very different, and I'll leave it at that, and it's one of those that it doesn't match any narrative of a Roger Stone film or if I got that wrong right, some.
Of the movies that were on this.
He's an administrator that if you you know, when the actual cards spill and the proof comes out, you'll see it's not a hero, a hero in the sense that he challenged good things.
I'm not going to take that away.
But there's more to any story, and I can't wait for that one to become public. And that's as somebody who like, maybe from me to you, I left my whole career behind because I was so bothered by the bigger story not coming out. So I'm hoping, and remember, any president can declassify this type of stuff. I hope we see some of these come public, but I don't know, like it doesn't. Some of these stories don't become public.
And so on my end, it was enough that it bothered me that me and enough people to come up with an acronym called stemmeradge left.
Yeah.
Yeah, and you know, I have no personal inside knowledge of that, but my like the way I see it, like we can say whistleblower, I you know.
The guy had.
I think the guy got like, I don't think he knew what he had. He got lucky that there happened to be something that was, you know, sort of like implicating the US government, but he was really just you.
Don't you don't accidentally fly to China and then accidentally.
And right exactly exactly exactly. Yeah.
And I think the other thing to point out is that he didn't just take documents or below the whistle on documents about like prism that was the big the metadata issue. He took everything from what I understand, he took everything.
Yeah, yeah, yeah, anyway, so you're you're we're right there, we're on that knee, respecting like my career and respecting that on to end up in handcuffs. But you know, when something's a problem, you raise the problem and cause the minimal damage as possible. Yeah, if, for instance, you are creating maximum damage as a plan to keep you out of jail, if what you were doing was ethical from the get go, Don't get me wrong, there are plenty of cases where good whistleblowers.
Have been hung to dry. I know this is the gray.
This isn't black, this isn't white, it's the gray. But when the details come out, I hope that these things are settled that call a spade is spade, call it for all the good, and what I believe will be interpreted is all the bad will finally come to roost and we'll see like, okay, there's you know, life is complex, and I guess you know.
The biggest thing that I appreciate.
It seems like that moment actually caused a lot of the intelligence communities to realize if they don't have a say in the narrative, the narrative will be formed around them, and that has consequences.
Right, right, and not everything's bad is what I'm saying.
And the problem with.
That is is is that one it hurts recruitment to it, you know, the the public sentiment, which you know may or may not matter, but the public sentiment you know about you know, these nefarious organizations that are listening to our every phone call, Like how many people have to work at the NSA to listen to my every phone call I make?
Right?
Or you know the CIA also, you know, they're they're just all over the world, you know, creating coups and stuff like that. And it's it when these agencies won't stand up for themselves, it hurts them, you know, Yeah, it hurts their recruiting, It hurts their their efforts.
Yeah.
Yeah, So again I'm I I'm one of those type of people that, like, I don't believe you should sit on a fence, you should have an opinion, but I also acknowledge, like it's not always left or right or you know that side or this side right. Some stuff is the devil in the details and you can kind of only help, you know, and hope that at the
end you chose the best things. So if you can tell enough for me to upend forego retirement and say, I appreciate my service, I need to use my skills for some other reason, and thankfully like the Service Army to be able to do some pretty cool stuff. So I can't be completely salty about Edward Snowden, but I am ready for the reckoning.
Yeah yeah, So talk to us about making the jump to the private sector and how that worked out for you.
Can I tell the embarrassing embarrassing.
Side, absolutely, because all of us have that story about leaving governmental service and going into the private sector and slamming face first into the ground at least once.
So all the stuff that made me like successful, right, promotions, early, you know, awards, things along those lines. When you decide to create a business, you have to go into sales, and it turns out I did not have to do much sales in the military. You guys would be so like disappointed if you, like I've it ever leaked like some of my first cold calls and stuff like this, I sounded like a dumbass military guy.
I was at least hat honest, like I think guys. The pitch usually went.
Something like, Hi, my name's Kyle, and I'm a former service member and I'm exploring creating a startup, Do you have a couple of minutes to like help me, like I need help? Like I was always really honest, and I found that if I was more honest that people wouldn't hang up on.
Me as much.
And usually I'd find somebody that was either prior service or respect the service. It would give me a little bit of time. But Guys, you wouldn't believe, Like when I started, I started thinking like I was going to be selling to like one or two person companies. Think about how many one or two like these little tiny micro businesses.
That are still important. But I didn't know how to make money.
I knew, like how to personally make money and pay bills, but I didn't know how to do this at scale. And so I am so stink and lucky that like the State of Virginia did this program.
They call it an accelerator. It's pretty much like an MBA.
In sixteen weeks that teaches you how to build a startup.
Guys, if I didn't have that.
Program, one, I wouldn't be celebrating at whatever it is now two billion dollar business. But I sure as heck I wouldn't have Like I would still be living in Maryland in my three bedroom townhouse, thinking about how I could use military my military skills.
It was that bad.
Yeah, I'm cool. Now I can do these things.
Now I can pitch confident and I can get over like the apost syndrome. But twenty fourteen, twenty fifteen, twenty sixteen, these were like my puberty years that I'm just glad that there wasn't more camera phones at that time.
It was that embarrassing what you know, And I think that's very common for you know, people who are good at something and and all business is sales, right, so it's like or like I can make these The acumen is yeah I can, or I can make this table, but be like the table doesn't sell itself, and I don't know how to run the business.
In addition to.
Sort of that type of thing, though, how was it difficult for you to articulate too a two person business who what they know about the Internet is you know, plug it, you know, having the cable guy come out, plug it in, and you know, to try turning it on and off, and you're trying to explain to them how their business is potentially at risk of getting ransomware or speaking hyper gee right.
I mean to be honest, I think all careers have this. I bet if a firefighter, right, I'm trying to choose something that's not that's technical but not too technical. Imagine a firefighter having to talk about all the physics things that you can smother a fire by spraying, for instance, and causing different vacuum Like, no one is going to
understand that. Must They've seen a video that was me in the cyber world talking to people that were just like Kyle, I know you have the skills, but if you can't learn to talk to me and storytell to me on my level, I'm never gonna appreciate what you're doing.
And thankfully, like the one gift.
I got was I got a lot of radical candor, meaning people who I also got like what some people call ruinous empathy, meaning they cared so much about me, but weren't willing to challenge me, right, they would just not tell me that I suck. Thankfully, it was actually a lot of either people that were fan of the military or support of the military or prior service that would just tell me a spade is a spade and
be like, Kyle, you suck. I don't know what you're saying, can you talk to me, like like tell me, like I'm five, what you're doing and enough stumbling by the way, like I would rather not fail.
It's just faster.
But it turns out if you're going to fail, do it really quick and people give you. And so again I just was blessed with failure and I had the time to, by the way, like this was real early, so I got those out of the way. So when it came time for me really needing to know this, all that military skills of being used to like in this fast failing environment, just like a hacker trying to break in. Yeah, nine and ninety nine times I fail. I don't care. It works on the thousand. That mentality
helped me. Actually, my hacking skills literally help me be a better entrepreneur.
That's phenomenal.
The you know Udulu you know, yeah, yep, yeah, it's funny you uh so one of our sponsors, I'm going to say it because I like the company.
I like their product.
What Manscape used to sponsor us, and it's a great company. And even though I don't sponsor us anymore, I'd recommend everybody get one, but they'd send us copy and we see this a lot in copy right that the copy like it mentioned like how many RPMs this motor runs at the little mansket motor.
And I'm reing this just like nobody nobody cares about that.
Actually, that scares me when I if I'm even my junk, right, I want to know how many RPMs. I know that the guard isn't gonna right, That's what I want to.
Know, right, you know.
And and it's like, but it's that type of thing that somebody, some engineer who is very proud of getting that, you know, the RPM off like got to add this, and nobody said, we don't need to add that.
I mean, that's that's unlocking my fear. I will tell you I would.
There was this analogy my first sale, very first sales guy told me. He called it painting Seagulls.
It was this idea like imagine you've got a beautiful family on a beach and they asked you to do a portrait. So David, you're you're you're just painting this portrait and you're like, man, this sky is missing something. I'm going to add some seagulls. That moment right there, you are inserting risk. You don't know, maybe that wife is terrified as seagulls attacked her when she was six.
The amount of like sales objections I would immediately add by thinking I was being so transparent, right, and I wanted to have integrity, I was terrible. I could never even get, like in the OODA loop, to the point that I was deciding and acting because when I was trying to observe an orient and edge kate like, I
never even got to this point. And so I ended up having to learn from my lessons really the hard way of how many I just often would add so much information that I had sold myself out of the deal that if I would have just shut up right right, don't tell me about the RPMs next to something that I care about. I just want to get the job done right.
So you know you're dealing with you're dealing.
With like the business side of this with with you know, civilians who have a risk. Was there any side of the NSA or the military that ever looked at you and said, what.
Exactly are you doing with this business?
And can you assure us that it in no way relates to anything that you were doing with us?
So I had a little bit during the National Guard side where they look. We definitely had to deconflict to make sure, Like there's always this problem of like what if we as a company find us tradecraft right right right, would you burn us tradecraft? I am an elitist, very hyper competitive bastard. So my rule of thumb is, I don't care who you are if you're weak enough for me to.
Catch you right back harder. Yeah, and that gets around that.
But I will tell you for a little while, there was actually some of that conflict. Like I left the service I think in twenty eighteen, but I found a Huntress in twenty fifteen, and I had to navigate that for about three years.
Yeah, Ken, you know, you told us a story about, you know, falling flat on your face and trying to pitch these little businesses and.
And out working out so great.
But could you tell us about like the success story, a little bit of the aha moment closing your first big deal and you know how that came about lessons learned from that.
Yeah, I'm going to give the pitch that I used to raise one hundred and fifty million dollars and then translate how that pitch happened, and I'll do it very succinct. So what I learned from my time at NSA, we were a team that believed in using very small compartmented teams an insane amount of automation to deliver value. The value at that time at NSA was largely finding intelligence against our foreign adversaries or saving life in the counter
terrorism mission. At Huntress, I went and took that same very small compartmented teams. I use so much automation to be able to bring this product to people that don't have the budgets. And the thing we obsess about at Huntress is a very small but measurable, valuable thing that prevents people from getting wrecked by hackers. That pitch took me like nine years to get right. I'm ten years
into it. That's how new this pitch is. What it turned out that I ended up learning is I had to get so simple.
I had to be able to speak in analogies.
I had to learn that people like to hear the story, but they don't sometimes need to hear the seagull in the depths. And I iterated on that pitch so freakin' long. I think it literally took me four years before I had a version of our pitch that actually like resonated to the point that people were.
Giving me cash. So you can imagine, just like.
The cybersecurity mission I mentioned earlier, it's not like the movies. It's usually like months and weeks of like gruesome you know, hard work to get two minutes of like success.
And then you're back at it.
That prepared me for all the failures that I'll tell you, like grit matters. Also, what's that country music selling? Get to know when to hold them no wheen to fold.
Them by Kenny Rogers.
There you go.
I was probably foolish enough that at times I probably should have folded them, but that grit actually allowed me to see it through. So I can't tell you there's anyone path for anybody, but for me, I was so obsessed by just delivering a.
Small little bit of value. And we used to do this.
By the way, in the intelligence world, you don't got
to get bin laden get this. You know small person in AQ right, you know some sort of al qai to type personnel that allows you to go to the next level, that allows you to go to the next level, that that allows you to find family that allows you to be able to do the DNA swab, that allows you to be able to get into the phone, that allows you to find the court courier, that allows you to be able to have a team that drops bombs on bad guys or breakstores, kicks them down and eliminates terrorists.
Those were all very small iterative moments, but they all built on each other. Right, I don't think people appreciate how much you can do that involves small iterative successes. Instead of it, we would have just went ten years to hatch the master plan, Ben Laden would still be alive today. Right, I don't think people are okay with that idea. And the one thing I would share with the audience that turns out like it's better to not fail.
But if you're going to fail, fail in a way nobody else has done before, and do it quick.
Yeah, And here's kind of a question for you.
Like obviously in coding or like not coding, but like in hacking or whatever, you probably know when you fail, like when you don't get entry, but like in business, with these ideas, how how do you know when you failed?
And how do you know when to keep on? Like pushing.
I'm giggling, because when you pitch somebody in real life, especially like me who's used to this little like you know, even Cyber was fairly hyper masculine.
People only code. It's a lot of dudes, military, a lot of dudes. I remember the first time pitching a woman CEO and she was like, I have no idea what you're talking. I could see it across her face before she was even kind enough to tell me, like, if you don't have that social awareness and I'll say other parts of it, when I started like if I missed that social c to be honest, if I was like some of my other NSA compatriots and I didn't
have that, Like it's not just about IQ. Sometimes the intelligence right only goes so far and the emotional quotient.
EQ picks up right.
If you can't read a room, I dare you to start a company and then look back in two years and find success, it's just not gonna happen. But I was kind of blessed enough with that like middle of skills that even when I didn't have it, Like my co founder John, he is the quietest guy in the room and we'll wreck you. But he couldn't do what I do and my co founder, Chris, there's three of us. He is when some people talk about what one engineer can do, Chris is like a whole He can do
what one hundred engineers can do. We offset our balances. But you remember that whole conversation we brought up earlier about like team dynamic and sometimes having the right team, and we have to be able to cover each other's gaps but also compliment each other's gas. These skills turn out like you can change worlds. You can build billion dollar companies on the same tactics that six person military
units or six person intelligence units can do. So I just if you can't tell, like my military time was pivotal to team me up to make a big difference.
You know, it's interesting too, because you have a team. You built a business with a team, And I think a lot of veterans go out there to build business by themselves and are very dissatisfied even if they're successful, because we're used to working in those team environments and when we're out there on our own, it's like, I I mean, I'd rather like, who's my team? You know, my employees are they my team? Like I think that that.
Must have been in my mind. I think that that must have been very gratifying for the three of you.
I mean, think about the use of the word team, team room right, my team, my teammates. I actually think a lot of the starts with good old fashioned psychology. I don't think we realize, like I know there's all these corny you know, there's no I in.
Team corny or not.
I actually think some of these things that if you get them right from the beginning, they just get your head right. Yeah, they help you think about that. Like there's like that old African prov or. I think it goes something like, if you want to go fast, go alone. If you want to go far, go together. There's nothing wrong with going alone. There's nothing wrong with starting a very small business and a lifestyle business that can still
make big differences. But if you want to move mountains, you want to go far, you are not going to get there. You could be the greatest cyber warfare operator or greatest grunt or greatest pilot or whatever you do, you're going to be able to.
Move what one X does.
And I will tell you, like I now have the point where I think I'm in US Canada UK, Australia, New Zealand right some Ireland in there too. I've got five hundred plus teammates and we move not just paddling in the same direction, but we're in the same boat, in the same direction at the same cadence, and that.
Allows us to go both fast and far.
So I think the word team and team room actually has a lot more to do with success of just getting that right in the beginning, and if you get it wrong, I just would challenge, like, how far can you go?
Solo?
So let's I want to ask you about Huntress, uh real quick, because you know my vast time, the whole eight months that I was in cyber like, Huntress is a name like it is, it is a name that is known in the community. You know, people outside of the community may not have heard of it, you know, may or may not, but it's like it's known.
What are you? What is Huntress? What? What was your original mission? Has that morphed?
Yeah? Why we start with the embarrassing?
Why started with a badass? Is what I want to know. Why are you guys so bad ass? Yeah?
Yeah, we started with a mission that we were like all we want to do is fuck a packers. That's not a good mission statement, by the way, don't start a company on that mission statement. But it was a good north star. It told us like what we were there. It ended up becoming a mission statement that was we had to figure out who we were doing it for and how we were doing it right, that's the why. Start with why, move to how and who, and then
finish with what. So at Huntress, our whole mission is to elevate mid sized businesses, small businesses, and these folks.
That don't have a budget.
We do that by leading with education and community, and we end up delivering this one hacker at a time. That's a double entendre talking about taking down one hacker at a time, but we also do that growing one ethical hacker at a time. Notice nothing in there talks about making money. Nothing in there talks about making cybersecurity tools. We just happen to build cybersecurity products. Our whole mission is to elevate people that are underrepresented in business. Because
cyber criminals love direct small businesses that are underrepresented. They extorre them for twenty fifty hundred thousand dollars and that's usually enough that you can't run payroll for six weeks. Right, How many Americans can go six weeks without pay? Not
very many. It's really really low, unfortunately. And the part that I'm talking about is when you get your mission right and you start with the real why, everything else falls in place, that one hacker at a time, it turns out we realize that if we lead with education, growing other hackers to be able to join our mission, and doing it with a community, not by ourselves, we could go far.
And so like what I do is I sell security products.
Products that allows my shady team of hackers that if anybody tries to get in, whether it's your computer, your digital identity like your Google or Microsoft account, maybe it's trying to get into your data, we're not only going to prevent them from getting in, but when they do get in, we wreck them. Right, that's the whole idea. And it's not perfect, just like health, you can get sick. But notice what I'm talking about is it started with
a mission. Everything else the stuff that we do afterwards, building it, how we do it, that's the minutia. And I think that's what I like most about hanging with you guys, is you guys expose stories for the mission first, and it turns out everything else can fall in place and you can learn it. You know, after ten years, I can sound crisp because I iterated with small successes
and I can eventually take down much bigger targets. So if you can't tell, I owe a lot to what I learned during my time in the service.
Yeah, it's it's amazing, you know.
So the cyber community is it's very interesting because you have the government.
You have the government that is working on you know.
These uh you know national nation uh actress you know uh threats.
Yeah, nation state adversaries, stuff like that, advance threats.
Yeah, yeah, and then you know, you then you have a bunch of security companies and then you have like you say, these these companies that can't they're not going to have a couple of you know, uh cybersecurity guys. They're not going to have you know, they're not they don't have these things and and a lot of the tool out there or out of reach for them. But they are also the ones who get hit often and
you know, and so they get ransomwared. Then they have to hire a DFI our team, and the DFI our team, well, they hire lawyers, and the lawyers get to deal out because the lawyers are basically like, this is this is your exposure, Like, this is the risk that these people might sue.
You, you know, the people, your clients or whoever.
Yeah, you're in business to make money, right, you got to limit your liability.
Yeah, yeah, and you know.
And then with the forensics teams, these are civilian.
Companies that are being paid by these you know.
To find what to find really one thing, and that is what is the company's exposure, right, and maybe do some ransomware negotiations. But they're not paid the hourly to go in and find out the code or the who the actor was. And and so a lot of these DFIR teams are actually on the cutting edge of like seeing a lot of these thread actors for the very first time, but they're not setting that off anywhere because
they're not getting paid the hourly to do it. So you have this really like disconnected community in a way of where because the national security it all plays like a lot of these thread actors are part or at least not necessarily sponsored by but maybe like giving permission by nation state.
Actors loosely supported, loosely connected when it's favorable. You know, Hey, I don't want to do something as a nation, why don't I allow this slightly shady proxy that I get permission to do it on my behalf because my hands are clean.
You're nailing it.
But if one of these DFI R companies like comes across or is in chat with a brand new thread actor that nobody has seen before, they're not reporting that to anybody because that you know, they're they're being build hourly or they build hourly, and they're just going to give these attorneys in these companies what they ask for. And so it's sort of like, how does the government incentivize these smaller companies to to you.
Know, to pump this information up?
And then should the government or state governments pay companies like yours uh to cover everybody in order to you know, basically as part of the infrastructure of our country.
We all have bias, and I'm going to show my cards first. I'm a big fan, for instance, of there is great places where the federal government should intervene. Sometimes local government that's closest to you should be able to help. I will also share that I'm a firm believer we all have an obligation to take care of each other. It's just kind of what's got us to be humans in twenty twenty five. I'm giving that upfront because I
want to like caveat that. There is some places, for instance, the government's job is to facilitate and allow companies to be able to go toe to toe with cybercrime, to go toe to toe with terrorism. But we don't need companies, for instance, being vigilantis. Imagine if we just allowed like the local person to provide security at the I don't know bank.
You don't want that.
You need some level of professionalism, some level. Heck, the person who cuts my hair has to go through a certificate. I want the person guarding the bank to go through some bar I don't want a vigilane right.
But where I'm going with this is their job is to be able to enable this.
Just like the story I told earlier that when the early days of cyber kind of as it started to mature into twenty ten to twenty fifteen, the real heroes were the lawyers who allowed us to do more of this preparation of the environment right to be able to do the effects that could actually stop terrorism or stop nation states I actually think the role that we have right now in twenty twenty five in the government, and this is global.
I'm not making it about the US.
Some of it is about facilitating companies that are of the right qualification and the right standard. Why are we not doing more to take defense and not lead by defending waiting for them to break down our door?
Right?
But if they're qualified people, and I'm not saying spin up vigilantis, there's going to be people who interpret this wrong.
But private qualified maybe qualified letters of mark, cyber letters of mark.
I mean, I'll tell you Huntress itself, two billion dollar company, at the risk of, you know, liability when we find, for instance, a threat actor who is just for instance, a lot of times people come to us after they're
already hacked, not before we try to prevent it. When somebody comes to me that they're hacked and I find that this cyber criminal has stolen their data, These I'll call them what they are, bastards accidentally leave their credentials exposed, just like how we get credential I would be a liar to say it is not. You know, I could count on more than one hand the times that, for instance, we said oh, they left their credentials exposed. We took
a look at the risk. We realized it was some shady hosted server and insert shady country here, that you have quite a good idea that it's malicious. We have been more than happy to rendition that data back for somebody. We have been more than happy to dump their logs, and more than happy that when we find a mistake that they make they use software vulnerabilities to get into
people's systems. We have actually found vulnerabilities in the same systems that they used to steal and encrypt and hold data for ransom, that we exploit their system and make their software no longer work. That is not always in an area that's clearly defined. I'm not talking about hacking them back. I'm talking about using our offensive skills sometimes
to be able to make their software not work. And the thing that I would go back to without ever getting political, sometimes you can make a big difference by just carrying a big stick, right, And if you have a defensive company that's led with a very offensive mindset that also believes in following rule of law, who is happy to explore not just the black and the white, but the gray. I think it's government's job to facilitate that, and when lines are crossed, let's hold people accountable. We
can't do illegal things. We all have to be accountable for our actions. But I do think that version is a lot easier version that we can let capitalism do its thing. Let's let businesses protect against hackers, but let's not think about healthcare. If my only job was I wait till you get stage four cancer, tell you like, let you know you're gonna die.
That's too late.
Well, I got to be doing everything I can to find it as early as possible, and if I can, if I can possibly stop cancer from happening, no one would say, don't do that. So why are we not making similar analogy about stopping thread actors and treating them like what they are. They're criminals and they should be stopped, and that sometimes should be law enforcement closely partnered with commercial businesses.
Well, I was gonna say, like, we've all deployed to the you know, the g WAT in some way, and it's sort of like the US's cyber policy seems to me to be like we're getting attacked, so let's keep building our base defenses.
Yeah, let's just keep on.
Let's add more sandbags, let's add more hescoes, Let's uh, let's get to.
Say, Jack, are we taking you off yet with all this nerd stuff here and hackers kind of going unrecked only mildly.
But we're gonna jump to some user questions because I know some of our viewers had had some stuff for you as well that we want to make sure we get to.
Let's do it.
Alrighty from the count of Kohiba, did you see any differences in people who had shady backgrounds growing up for straight laced kids.
A yeah.
I actually would say my general rule of thumb is bad decision makers stay bad decision makers. However, if you can't understand the nuance between what is a think about fruit, I'll choose strawberries because why not I like them. Sometimes fruit molds because it's next to bad fruit. Sometimes fruit molds because it is truly the one that starts the molding. I would say, generally speaking, I've seen rare cases where people who make extremely bad decisions change making bad decisions.
It's not saying people can't change, However, I think sometimes separating what's molding because they're surrounded by essentially a bad environment is very different than, for instance, a bad egg. So what I'm saying is I've seen plenty of people. I mean, look at my I started this whole thing admitting I've been some things that when I.
Was poor that are pretty crappy. I kind of wish I could undo them.
They were circumstantial, and I've given back a lot more than I've ever taken. And so I don't think this is a case that you can just say if you've messed up, there's no forgiveness that like that doesn't mimic life. So I appreciate that question because no, I don't think
just because you've made a mistake you're wrong. But I think there are degrees in it's the spectrum, and if you cross a line, you're probably going to keep crossing a line, not because it's wrong or right, but you probably have something wrong with judgment.
Do you do you think that motivation is because I feel like in you know, the cyber world, that there is a lot of this, there's a lot of crossover with the softman tell you right, like when we take an an MP, I like like we have certain traits that we share with criminals, and you know, but I think.
That that.
It's, you know, we have sort of the same adrenaline, the sort of same compartmentalization, the same desire for.
Challenge, but we don't have we don't have.
The selfishness or the desire, you know, the desire to profit. And so I think maybe a cyber there's a difference between that hurteen, fourteen, seventy year old kid who wants to hack into a system to see if he can get into the system and the kid who wants to hack in the system to see what he can take.
Yeah, you mentioned the selfishness, right, One of the core values in the Air Force was serviced before self.
Why are you doing it? Are you doing it?
Because it's experimenting and I've had I've been selfish before.
Right, it's a you know, but.
When I look back in hindsight, a lot of it was and ends to a means that was in a way that was inconsequential. Did anybody get upset back in the day that I was using their unlimited minutes AOL account? They probably never even noticed yet they were giving me a chance to learn. That is so gray, But that's very different than I tried to get their credit card number. Right, and they just used their credit card and racked up all kinds of gift cards with it. Right, that's a
very different version. And so the gentleman or you know, a lady or person that asked that question, like, that's a really astute question because, to be very frank, it's all a spectrum, and I think the answer is somewhere there in probably the middle to dark gray.
I think that's still okay.
Yeah, we got another question v due to the place, due to places like China having an internet, and as opposed to an internet, could regular Americans actually do any kind of hacking in places like China?
So the thing everybody forgets, right, think about a castle wall, and even if you have the world's greatest you know, moat, and you have all the walls in the world, some people have to bring food in and out of that castle. So China does with the Great Firewall. For those that don't know, it's an actual logical layer that prevents certain traffic that only operates in China and certain traffic that for instance, allows outgoing. So it's not as easy as
just walking into a place with no castle wall. But they're not on their own and as a result, sometimes you have to be able to find just like the about the old stories about the Trojan horse, right, sometimes you got to be able to get things in. And you know, if they were truly like a hermit kingdom that nothing could come in or out, they wouldn't be the nation state that they are. So where I'm sharing with this is I think that there is some value and having castle walls.
But let's not be s ourselves.
No castle wall is permanent because unless you're self sustaining from the inside, stuff's coming from the outside end. And as long as that's coming from the outside end, someone like me is trying to exploit it.
Yeah, do you think that there's ever any future in which like a standard defense is just basically to learn how to put like create a poison pill for people's like data that you know what I mean.
So I've gone back and forth between should we have data that just you know, deletes itself or you know kind of like mission impossible, this message will self.
Distract, right.
I've also balanced with the such opposite side of the spectrum of do we care way too much about what data gets leaked?
No offense?
At this time, I think I've had like ninety six times my Social Security number. I probably have like nine overlapping credit card policies right now. I get by every day. I'm a super nerd. I've got Alexus in my house. I could probably talk to my phone right now and ask it to do its thing. There is some level that I think we kind of got to dial it back and say, like, look at do you remember that movie Catch me if I can. That's that guy Frank
Abagnail that fished the checks. It's twenty twenty five. Check fraud still happens. We never solved that problem. Why do we think we're going to solve this cyber crime problem? So I think some of it we just got to tone it down and realize, you get hacked in twenty twenty five. What's important is can you find it before it becomes like deathly, right before they drain your account?
And when they drain your account, is there some sort of way that we can, you know, ease the burden, because that's pretty extreme to have like no money to pay for bills, you know. So my point behind a lot of that statement is I think that there is a level of I wish sometimes data would self delete. We'd be a little bit smarter, you know, minimize it. But I think we should also not a butt but an and we should also just chill out a little bit and be okay with certain things.
Is gonna leak in twenty twenty five.
So when I say poison pill, I don't just mean the data is self deleting, but basically installing malwell or you know, basically destroying whatever that data goes to.
Ooh see, that's a good one. I don't you know what's unfortunate. I don't think that we're quite at the level that people are playing that four dimensional chess yet. Should we have things like we're getting better, Like, even though I'm not a huge crypto fan, we're getting.
Wallets that are like better resilient.
They try to prevent people's data from getting stolen, and they have some of these built in protection mechanisms. I I'm never a naysayer. I always think glass half full unless it's suburban, right, But I actually think we're still playing in many ways checker, not even chess, let alone four dimensional chess. So I think what you're getting to, we'll get there. Yeah, We're just not there yet, Like we still can't keep people from stealing my darn s F eighty six data.
Well I've we talked about that before.
Yeah, our our OPM file.
Yeah yeah, so yeah, I wish That's my long way of saying, I hope we get there.
Yeah, all right, m corbyin how do you feel about the fact that Chinese cybersecurity organizations are cyber organizations openly acknowledge and publicize their partnerships.
Does it result in better collective action?
So? I think that some of the things that's needed.
And by the way, for the remember when I started this story, I said all the people that were in decision makers were former tank drivers, pilots, sub drivers, ship
you know, admirals. Turns out in twenty twenty five, some of the people in office now are people who started their careers in offensive cyber So what I'm saying this is, if we go back to the root question, we've actually got some really well informed people that are helping make better decisions that allow us to kind of be more public and with more public like I can tell you publicly, Huntress collaborates with all kinds of law enforcement, less about government,
but all kinds of world law enforcement. Sometimes in countries you wouldn't expect like, you know, people forget that. Sometimes on what you read in the news, you read like, oh, we're going to trade political prisoners behind the scenes. Sometimes
cyber criminals are traded. These nation state governments, for instance, that protect some of these sometimes use these players as chips, and believe it or not, law enforcement is some of the people that we've actually had the best success of collaborating. We've worked on raids that have brought back millions of
dollars of stolen money from cyber crime takedowns. So that's my very long way of saying we could do better, and I will wholeheartedly argue some countries are challenging us of how well they do open collaboration, but don't underestimate how much dope stuff goes down in the shadows, like we're you know, we're not playing from a position of weakness. We use this term in the intelligence community that we call everybody else not peers. We call them near peers.
It's not by accident, it's not by hubris. We do a lot of stuff really well. Don't underestimate what the US can do.
I have a question, out of all the state actors, who's the best at hacking.
That's such a good invest is such a loaded Do you know who I like and who I'm not going to use the word admire because like that'll be on like I go, I file for IPO and that'll be used against me. North Korea knows what they are, and they know what they are and what they are generally is very dependent on China for certain things. And they
are also pretty darn broke. And this is a country that is more than happy to use their very very stringent, you know, economic sanctions that are against them that they have no problem going after your crypto wallet, going after Swift, that's the you know payment systems behind credit cards, and they have made millions maybe even there's some estimates that go into the big B word that is not playing around.
Could you imagine like as a business and if you think about what some of these nation states are, their biggest businesses in their country are actually their hackers bringing in revenue wild that's pretty crazy, and we don't do that in the US. We don't do economic you know, espionage this way, some people will split hairs. I'll tell you ninety nine times out of one hundred unless there's some weird accident. We don't do that the way we
play with economic espionages through like things like immigration. We'll just steal your best and brightest and make them US citizens. Right, not going to open that can, because that's a whole different other thing. But we play at a different level of four D chess, and I admire North Korea knowing how bad they are at some things and being able to make a whole lot of money with a handful of people they're not us.
Well, you can't keep up with ghost but that's pretty dope.
Before uh well not before, but during I mean they were also involved in the whole supernotes.
Thing and oh yeah, oh yeah.
I mean they were like like, uh, you know, counterfeiting physical US dollars. So this is just a criminal regime. Like like you said, they know who they are and what they do.
Yeah, So I mean, is there not something to admire where they're like, Yo, it's getting harder to repre you know, to recreate and forage and create counterfeit dollars.
So let's just not counterfeit as hard, and let's.
Go after this new emerging digital Let's go after people behind crypto. Let's go after some of these core systems, like they know how to get paid, and I know it's so easy to like throw a Kim jong unmema out there, but like they're scrappy, they're hustling. They remind me of a startup they got startup energy.
Well, you know what's wild is, you know the same scams that worked in the eighteen hundreds, like this Snake Oil says like the Nigerian prince like this with these crypto drops, you know, like they're using the somebody in competence. Yes, exactly, somebody wants something that's too good to be true and they believe that they just might be the person to get it, and they give people access to everything.
You know, it's it's wild.
And people forget when they're succeeding. They don't have to succeed big. It doesn't have to be billions. When you have such a disproportionate exchange rate, a fifty thousand dollars ransom could be significantly bigger for folks in economic sanctioned worlds.
So I just sometimes think that we just like how we're really bad as humans, like comper in and how many like stars in the sky are great of sand on Earth, there's a different law, right, a different set of physics in North Korea or these other you know, world regimes, even Iran, who's like much smaller that they are winning and just at their scale. And I don't think we necessarily like we talk trash against them, but you got to watch out because startups sometimes disrupt big environments.
And I'm not saying North Korea is going to become a nation state, but what you know, a nation state for instance that we have to worry about, like a China Russia type of scenario. But don't sleep on their ability to dis you know, deliver bigger bang for the buck.
That's what I'm saying.
And the simple fact is a lot of these countries will play by.
Rules that we won't even consider.
Like I mean, look like look at human espionage. There are countries that will still honeypot and the United States will not honeypot, you know, I mean, look.
At the koshogi you know situation, right though the reporter, when's the last time the US was accused of hacking some be apart in an embassy, Like, we play on slightly different rules in the physical and digital world, right, And I think that's.
My officers, We don't do those kinds of you know, uh.
And there is a level of like I will say, there's a weird thing about espionage that it's a very gentleman's general person's game. But we got to understand that we have to play smarter and harder because some people just won't play by our rules. And that's not an excuse to play by the rules. Like you don't want
to fall into that, right, you don't. You've got to protect some level of humanism, Like even adversaries they wake up and they probably have back pain the same way that my you know, aging you know ass is starting to feel back pain, like something generally connects us. They're still humans. So I think it's important that we can't lose that right. At the same time, let's not let them take our kindness for a weekend.
So let me ask you a quick question because I I feel kind of strongly about cybercrime, and I I feel as though our.
Government gets wrong.
That's it's not breaking into the bodega and stealing their cash, it is that I'm all for presidential findings. I am all for the cyber terrorism. If you shut down a hospital, that now you become.
A title fifty Title ten target that you're not.
It's not a lot you know, an FBI case anymore, it's not law enforcement. I would like to see consequences. I would like to see these things elevated in our in our sort of warfare, or in a new domain, a new warfare domain.
Yeah, so, David, I think there's nuance in what you just said.
But I will tell you so what we've been hanging out bs in for what two hours or so, I will tell you, like, we protect one hundred and fifty thousand businesses worldwide, even with all of our skills, all of our prevention, et cetera. I'm sure there's probably a to a couple dozen that have been wrecked in the last two hours, even the ones we protect. It's like saying there's perfect prevention against cancer. It's not real. Sometimes
it's about just finding it early. And the point that I'm getting across the whole idea is finding it before it kills you. If you look at things that way, at that scale, that even just during this two hours that we're hanging you know, just there's companies that are not going to be able to deliver food tomorrow. There's
going to be companies that can't run payroll. There's going to be companies that can't schedule logistics meetings, and there's going to be people that's causing stress on real people. I don't think we equate cybercrime with real crime. And I think in some ways we even victim shame. Oh you got hacked, Right, you don't blame somebody for getting robbed at knife point in New York City, Right, you just flat out and say that's crap, Get out, go
after the criminal. And I think some ways that we need more support to, like, let's treat hackers, and I don't mean all hackers not ethical, right, the people who are threat actors cyber criminals. Treat them like they are criminals, and it should come with some real consequences. And let's be willing to handle the gray areas. Maybe there's some places that we have to interpret. Maybe there's some people
that aren't quite the same level. Right, just like how we're having the conversations on like recreational drugs and stuff, Let's be smart humans and understand there's gray.
Yeah, but I'm telling you.
When it's very clear that you're out to ruin people's lives, why are we not considering.
More and I'm not going to all the way to the extreme.
Of use of force. There is some level of disproportionate force that I think. I imagine if, for instance, somebody drone striked a group that was doing scam calls. That's the most extreme example I can come up with here at night. And what I'm going with is it probably doesn't take too many of these things to have real repercussions. And I would not advocate for like loss of life, but maybe when it hits a certain level that you're willing to attack a hospital, let's call it what it is.
It's no longer cyber crime. It's much closer to terrorism, if not split out terrorism. And I just don't think, Yeah, there's a whole lot of this willingness to have this hard conversation.
Yet Yeah, for me, it's like even talking about scam calls. I mean, do we measure how many Americans kill themselves because they've lost everything through a scam call or through ransomware? Like, so have they sort of taken that life?
I don't know. I feel like you, you know, you send.
A tomahawk to one or two thread actors and and you'll separate the week from the chat, you'll see who's serious about, you know, ransomware.
There will still be some that don't care.
You're not right, absolutely absolutely, But.
And there's versions of this right like jail time. I've seen some of these that are like responsible for millions, and they still end up with four to six years when they finally get extradited. I again, I think there's difference between people who rob banks and people who shoot people while robbing banks. That's logical, that is a difference between that. But I don't think, for instance, we do enough to look at the blast radius. We don't look at the collateral damage. And I do think we will
get there. I really think that now we're starting to realize. But I will also say guys to not to like maybe tone down some of the rhetoric. There's a lot of incidents actually that businesses do get hacked and they go back to business in six to eight weeks as well. So I do think that we got to make sure that like, when it's extreme, let's treat it more extreme, right, and when it's chill, let's normalize that some people get the car burglarized and let's just go back to work
the next day. You know, get the window fixed by USA or whoever your car insurance. And so if you can't tell, I'm like this weird version of where I'm simultaneously saying reck.
Them right and also chill, And I think that's okay.
Right, we have any more question? One more question?
Do you have any thoughts on cyber having kinetic effects in warfare like hacking medical devices and altering device functionality?
I think if laws support it, do it. And I don't mean that laws can't take it down. But for instance, if I could take your internet connected car and I have everything against you that you are an arms dealer that's taken life, if I have the same war power, for instance, if I was there to actually take life, why does it matter if it comes from a bullet
or your Mercedes swerving off the bridge. I know that's extreme, and I'm trying to make a point with it, but my point behind it is let's not go to extreme on either side, but let's keep things proportional.
Does it really matter?
And so I come from a world that my job has literally taken life because of this, and it wasn't against people who just did a little bit of credit card fraud. They were people who blew up ten, fifteen, twenty innocent people, some of their own citizens, some foreign Again, I think the nuance matters here, So I'm trying to give these edgy points to like make sure people have a sound bite and they can like jolt them to think. But I'm also trying to bring it down to the
nuance matters. So for me, there is definitely situations that exist that we should be able to use cyber to deliver kinetic effects when the juice is worth the squeeze, or when we would have done the same thing if it was a physical situation.
Right, Yeah, Kyle, tell us about where can people find you? Where can they find Huntress? What types of companies should contact you? And you try to procure your services? I mean who needs to find you?
Yeah, so I gave all the embarrassing stories earlier. When I was small, we serviced businesses that were small businesses. It turns out now we're cybersecurity for all businesses and it's not just a tool where the full team that actually does all the development and the same team building the tool is the same team hunting these cyber criminals. Huntress dot com is obviously the website but it turns out some of our spiciest stuff you can find is on stuff like LinkedIn, on x right, on Facebook. We
actually show on a daily basis what we're wrecking. And that goes back to that mission statement I said earlier. If you lead with not only transparency and integrity, but educate these companies that don't.
Have resources, maybe like yours.
With community and with education, you can kind of make a real big difference in the world.
So again, the website's cool.
You can learn about us on a website, but if you want to see the real kind of like deal that you've got to experience tonight, find us on LinkedIn, Find us on one of those social networks that's where we actually talk, just like we talked today.
Yeah.
Awesome.
Yeah, it's been fantastic, really really.
Thank you Kyle guys. Well again, I appreciate it.
Again.
We got to touch a lot of topics that some people shy away from. We got to be able to play both sides of the fence, and I just really appreciate I know it took us a handful of years for both of our schedules to work, but I don't know. Two and a half drinks in and I'm feeling like we succeeded.
So cheers, guys, outstanding.
We'll do it and some time, Kyle, and thank you for your time spending some for your Friday evening with us.
Yeah, this was awesome, Thank you so much.
Guys. Hi, I got one more question? What the where? What countries does Huntress service?
So we actually service all of them?
Right?
There is a you know when it comes down to like we have some legal obligations like I can't service Syria today if they're sanctioned away. But when I say one hundred and fifty thousand businesses, I'm not talking about like in the Atlanta or Baltimore a DC region. There are one hundred and fifty thousand businesses that some you would know and some that just provide all the power and electricity that you don't know across the entire globe.
So no joke.
We are a proper global company, wrecking hackers no matter where they try to go.
After what what would be your like five year dream for hundreds?
Dude?
So I asked this question or I get asked this question a lot too, meaning I asked my teammates, but also get asked and what's nice about it is hackers are so innovati if they have to be respected, just like for instance, adversaries, they're smart humans. And the one thing that I love is, think about launching a rocket to the moon. Physics don't change, right. If you know the physics, you know the Earth orbit, you can take a rocket, go around the moon, slingshot back, land it on a drone platform.
You're done.
But cybersecurity is brilliant shady humans against brilliant ethical humans. And the part that I would share is I hope more and more and more through like our conversation we shared today that the ethical side can you know, not just cat and mouse this, but disproportionately win. We're not going to win at all, but I think we're on the cusp of using our offensive skills to support defense
that could finally change. Like, so, cyber criminals are making less money than the companies protecting them, and I know that sounds like so capitalistic. You want that companies like this are making money. You are just doing whatever you do, dry cleaning, delivering pain right services, shipping things, whatever, widget software.
You want that to win. And for me, I would like no matter.
Where threat actors go, I would love for Huntress to be one step ahead like that would be a really cool place that I could like pass away and feel good about.
That's awesome.
Kyle, thank you again for taking the time to do this interview, and maybe we'll come back to you again at some juncture in the future when we need your cyber expertise. And we will see all you guys next week. There's some links down the description for you'll find Kyle, you'll find Huntress.
You also find our Patreon. Thank you everyone who
Subscribes, and we have new merch also, so you can find that down there, and thank you everyone, and we will see you next week.