Dark Reading Staff , Dark Reading January 22, 2026 Becky Bracken Hello, and welcome to Dark Reading Confidential. It's a podcast from the editors of Dark Reading, bringing you real-world stories straight from the cyber trenches. I'm Becky Bracken, your host. And today I am joined by two fantastic guests to talk about how cyber can reclaim its hacker ethos. Please welcome Michael Coates, former teen hacker and cybersecurity venture capitalist. He's also a former chief information security officer (CISO) of Twitter, Mozilla, CoinList, and former OWASP chairman. We also welcome Tal Kollender, CEO of Remedio and former teen hacker. I've invited these two to help us understand better what the hacker mindset is, why it's been lost a bit, and why so many leaders I talk to across the cybersecurity sector seem to lament the loss of this collective hacker spirit. Welcome, Michael and Tal. Michael Coates Great, thanks for having us. Tal Kollender Thank you. Becky Bracken So you two are sort of the ultimate hackers-turned-suits in the cybersecurity sector. I wonder if you could both just take a minute to explain, broadly, sort of what your journey has been from teen hacker to the top of the board, the top of the org charts, and also sort of what that brought to your work. Michael, we'll start with you. Michael Coates You know, as I think about answering that question, I think what was my first job, but then I realized actually that's not where it started. I think that the mindset that leads to being a hacker, a security professional, starts from a mind of being a tinkerer. I go way back to elementary school, getting the first computer, taking it apart, rewriting the boot sequence so my video games would work, understanding what every single executable did by just running each one of them and seeing what the output was. That progressed through my education and my growth. So I think where it starts is this tinkerer mentality at heart — I want to understand how things work. That progressed to this love of computers for me, a computer science degree, because I didn't know what I wanted to do with my life, but I knew it involved computers and software. Only toward the last few years of university did I find out there was even a career opportunity available in this space that would become known as cybersecurity. At the time, I don't even think it had a good name. I took the only two courses available at university back in the early 2000s. My first job was a hacker for hire — legally — to go week over week, break into banks, governments, telcos, show them how I compromised their systems, and then show them what to do to fix it. Wipe my hands and go off and do it again. That was such an awesome grounding into this mentality of what's possible, throwing yourself into new technologies that don't make any sense to you, figuring it out, finding the flaws, and then sitting in front of a board when you're 20-something years old and defending yourself and having conviction in what you're doing. It was a really fascinating start, and from there, there's much more we can talk about, but I think that was what grounded me in this mindset of pulling things apart, finding out how they work, finding out how they break, and going from there. Becky Bracken Was your experience sort of similar to that? Were you a similar tinkerer? Tal Kollender Mine started, I would say, when I got my first computer, yeah. But then, a few years after, we got the 56K modem, and we had the first Internet games. I was so good at one particular Internet flash game, and I thought I was going to win. I told everybody, "Wow, I'm going to win this prize." It was a foosball table back then. I was so confident I was going to win, and I told everyone to come to my place to play. But I woke up the next day, and I was in second place. I couldn't believe it, because I was by far the best. Whoever beat me was millions of points above me, which I knew immediately didn't make any sense. He must have cheated. Since I hate losing — actually, I love winning more than I hate losing — I became very curious. If he could do it, I could do it. That’s how I started. I didn't go into hardware, but more into software. I wanted to find the best way to win every game all the time. After some time, I was named the female version of Robin Hood. It was pretty cool back then. Then I made my own business. I made my first million dollars before I was 18. In Israel, you must go to the army, so I started in a fighter pilot course, then continued to some computer units. What kind of woke me up was that after getting this amount of money, I had to get paychecks of 100 bucks a month. But I just did it because we have to, and I love my country. Right after that, I went straight into the computer world without any college or university degree. That’s how I started my career. Becky Bracken Both of you say the impetus was different — tinkering versus competition—but what you recognized early was a passion for figuring out how these computers work and how to make them do what you want. Why do you think — or do you think — we're getting further away from our hacker roots? I hear hiring managers talk about getting people who are good with computers and want a good career but don’t necessarily have that same kind of passion. What do you think about that, Michael? Michael Coates I think it shows a lot of the industry growing up, and some of this is growing pains. Where we started, it wasn't an established industry. There wasn't a chief security officer role. It didn't exist. The notion of a cybersecurity team was whether or not your IT person knew anything about security, and that was the end of it. You can see how far we've come from that. Naturally, at the beginning, we had people gravitating to it out of interest and passion. We had these people who were deep, hands-on experts who liked to do this all hours of the day, not just during the eight hours of a workday. That fueled the culture, and a lot of people gravitated to it. As it grew up, we had a few things happen. Some of them are very good. We needed to be more systemic in our thinking, and that's where the risk management side came to bear. It’s great that you found these individual flaws, but are we thinking about this systematically? Is this a good risk management program? This is one problem, but what about the 58 others? Which one's more important? That put us in this cycle of needing more risk thinking — maybe not as much technical expertise and depth, but more coverage. I don’t think that’s wrong, but now we see a lot of people viewing this as a great profession — and it is. So you have some people coming in saying, "Here’s a track I will do. This will be a great job for me." That's great; we have those. It’s not that we’re losing the technical excitement and hacker mentality. It’s that we’re growing bigger, and there are more people under the tent. We have far more people in different camps, and we need to start to see where everybody has their place. Becky Bracken Interesting, because it was sort of like a club of like-minded hobbyists early on. And also, the sector is growing up to the point where there are good old days, I guess, to look back on, maybe. That's part of it. Tal, what do you think? Tal Kollender I think that today you have, I would say, maybe let me start from, I don't know, 20 years ago, if that's OK. Yeah, there wasn't any cyber, right? Like 20-something years ago, everything was under the IT. And then it was even called, you know, whatever security. Then after that, it got evolved into cybersecurity, different teams. And then from the cybersecurity, there were like so many other teams, you know, like SecOps and SOC and whatnot. And obviously it became very mature with time. The only thing that I would say is today the cybersecurity and everything got evolved, but it got evolved into and scaled, and it is scaled drastically, but everything was more often visibility instead of resolution. And until these days, when you get a lot of solutions that will tell you what is wrong back to the risk management, it will give you the risk but it will not address the risk. It will tell you, OK, what do you need to do? But it will not address it and you will not know what the impact is in case you are going to do X or Y or Z. And that's one of the main problems because, and this is where we are actually talking about two different teams now, the security should see while the IT should do. And then, OK, now I have a visibility tool and usually I want the IT to do those things and that's where there is a pain point and the bridge or a gap that needs to be addressed of not only giving the visibility but also to address it or to have the resolution for it or to remediate stuff. Michael Coates You know, an interesting thing that this brings to mind, and I've seen this from my days at Twitter and what's progressed in the last 10 years, is sort of in this notion of responsibility silos. And for example, security and IT have come up and been, originally there were one thing together because security didn't exist. Then security and IT became two separate things to Tal's point. You know, security is like finding problems. IT is maybe fixing problems, but IT is also making everything run. And so for many years we had this butting of heads. Like, you should fix this stuff. And like, well, we're busy giving out laptops and making sure everybody can do their job. I think that's now converging back together where I see more companies actually bringing these teams together and having IT report to security. And it's forcing this fundamental point of it must work and it must be secure, figure it out. You are one team. And this kind of comes back to this hacker mentality of risk management is an important piece that we've seen, finding the problems of another, but we just have to make it all come together and actually drive, you know, secure business forward.