RSAC celebrates 34 years of putting bandaids on the chest wound.

Cyber Thoughts Newsletter

MAY 2025

RSAC 2025 Review

The tagline for the conference was “Many Voices, One Community,” but a more accurate version would have been “We Have Failed as an Industry.” The common themes this year, like every year, were more attacks, more costs, more companies. But now we have a silver bullet! 

Artificial Intelligence.

Excuse us if we aren’t entirely credulous. Despite years of innovation and discussion, cyber attacks continue to grow in both frequency and severity. Cybersecurity spending increases every year, yet breaches and damages continue to escalate, positing the question of whether we have been chasing ineffective hype strategies for years. And while we love the people who make up the industry, we aren’t fans of the direction we are heading in: platform consolidation and a focus on compliance rather than security. So now you’re telling us that all we have to do is take this Vitamin AI pill twice a day?

GET OFF MY LAWN!

Speaking of doddering old men, and a few women…

At RSA we got to hang out with a large number of old-school hackers, which led us to an observation that has been true for many years:

The hobbyist hacker nearly extinct.

Now that security is big business, it attracts an incredible level of talent. But the motivations have changed.

Back in the ’80s and ‘90s, people got involved in the hacker community for a multitude of reasons but “getting rich”, or even making a living, wasn’t among them.

That reality attracted a certain kind of person. All of that started to shift around the early 2000s when money entered the equation. So while that earlier cohort still has 20 good years left in us, we now represent a tiny minority of the industry.

Maybe because of that, there’s a new interest in hacker history and teaching hacking. We met with three podcasters creating content focused on this:

• Were the Warlocks Stay Up Late

• Darknet Diaries: True Stories from the Darkside of the Internet

• John Hammond: Free Cybersecurity Education and Ethical Hacking.

We also saw a panel hosted by Hacking Games focused on:

1. Making hacking cool

2. Bringing more people into the community

The goals are laudable but we can’t help but feel it’s a bit like trying to make smoking “cool.” It always was, and it’s also bad for you.

To paraphrase Dave Chappelle:

You don’t sell being a rebel. That sh*t sells itself.

We’re all for helping people learn to hack—but by its very nature, it requires self-study. You can’t teach grit in a classroom. At best, you can foster curiosity.

A hacker’s role is to explore and find novel solutions to unknown problems. You just can’t learn that via a series of webinars. Sure, you can learn techniques and tricks that have been tried before, but the whole point of hacking is exploration. It’s one of those “the journey is the destination” situations. 

Of course, we’re probably a bit biased. ¯\_(ツ)_/¯ 

Lastly, if you appreciate our highlighted content, please follow us on Twitter and LinkedIn, where we regularly post about things worthy of attention.

What We're Reading

Here's a curated list of things we found interesting.

Big Banks Alarmed After Their Regulator Gets Hacked

Who will watch hack the watchers? These information sharing groups are an important way defenders share information, but they are also juicy targets. 

Some of the U.S.’s largest banks have pulled back from some electronic information-sharing with a key bank regulator after it disclosed a major cyberattack earlier this month.

Black Hat Startup Spotlight Competition

Our partner Lucas is a judge again this year at the Black Hat’s version of Shark Tank. If you have a startup you should apply, everyone else should come watch the event!

The Black Hat Startup Spotlight Competition is a pitch contest designed to showcase emerging cybersecurity startups. Finalists are offered the opportunity to present their innovative solutions to a live audience and a panel of esteemed judges for the opportunity to win it all onsite at Black Hat USA.

What a future without CVEs means for cyber defense

The CVE program has been a backbone of the industry for 25 years. The fact that it was almost cancelled by US Government cuts was shocking to the industry. Uncertainty like this is toxic since it makes planning so difficult as companies move forward. 

The importance of the MITRE-run Common Vulnerabilities and Exposures (CVE) Program shouldn’t be understated. For 25 years, it has acted as the point of reference for cybersecurity professionals to understand and mitigate security flaws… the decision from the US government to row back its guardianship of the program has been met with industry surprise and concern.

Transactions

Deals that caught our eye.

Palo Alto Networks to Acquire AI Security Firm Protect AI

Palo Alto Networks is acquiring AI security company Protect AI in a deal previously estimated at $650-700 million.

Podcasts

What we’re listening to.

Where the Wizards Stay Up Late: Ep 1

Digital Jesus/o.0, aka Matt Harrigan, turned a telecommunication product release into a 0-day, tipped off drug dealers about government surveillance, skirted the crackdown of U.S. Secret Service’s Operation Sundevil, and emerged as a founder and CEO of cybersecurity companies.

About Lytical

Lytical Ventures is a New York City-based venture firm investing in Corporate Intelligence, comprising cybersecurity, data analytics, and artificial intelligence. Lytical’s professionals have decades of experience in direct investing generally and in Corporate Intelligence specifically.