Very much this. I have spent a considerable post-PhD period developing "new widgets" as you put it, and I constantly feel the benefit of (a) the early training of my PhD and (b) the benefit of commercial work done in the framework of "(a)". That seems a bit obscure, but think of it as this analogy:

Person A never does any serious training in a sport, and then goes on to spend 10 years playing "hit and giggle" tennis (say). They probably get a bit better.

Person B spends several years in their youth doing tennis lessons at a high level. They then never take another tennis lesson, ever, but they spend the same 10 years as person A playing recreational tennis, using the skills they have built in their youth as a framework.

I feel that a lot of the stuff I've done recently builds more on the work I did as a commercial researcher (2006-2017, particularly) than it does on my PhD work, but I also think that the 2006-2017 work greatly benefited from my PhD.

I have one anecdata point, kind of. It's not PhD level but master versus the non-academic route.

TL;DR: my friend is more practical (e.g. better at bandaid solutions). I am more integrated with theory and practice (e.g. diagnosing issues from sillicon to high level). When things are simple, he is faster. When things are harder, I am the only one who can solve it.

===== THE WHOLE STORY ======

I simply did a bachelor + master in CS (security + web/mobile). My friend is a semi self-taught web developer and (soon to be) pentester.

Friend in Web:

When he became serious about web development, he went to a coding bootcamp. When I started teaching web, he had 1 year of company experience.

Me in Web:

I had some hobby experience with web, but because I had CS fundamentals and a good teaching style, I was hired to start teaching his course.

Result:

My friend was more practical than me. He came with more bandaid-style solutions which were sometimes warranted (time-constraints) and sometimes they weren't. For me, it helped me to bridge theory and practice.

Alrighty, round 2: pentesting.

Friend in Pentesting:

It took him a year (!) to get his bearings and find a curriculum he wanted to learn. In this year he learned a lot about pentesting which is how he could verify that he found "the magic bullet" of curriculums. By the way the "magic bullet" for entry level pentesters is: go to hackthebox.eu and if you want to get certified (i.e. recruiters will notice you), do OSCP. He did a lot of different stuff before he got to this conclusion (honorable mention: VHL - Virtual Hacking Labs).

Me in Pentesting:

My friend invited me to join him on hackthebox.eu because he knew I did courses in web + network security, binary & malware analysis and hardware security. I go in and slay the boxes together with him. The key difference: he is fast, I am slow but I am capable of hacking the most difficult levels (which they call insane boxes).

Result:

We teach each other a bit of what we know. He helped me get faster with easy boxes. I helped him to (almost) hack insane boxes. In doing so, I taught him x64 assembly and some C.