Fish in a Box

Charles Herring 25 June 2026
Dragon 300 on launch from USS Kitty Hawk
Twenty years ago a young sailor quoted "Fish's second rule of troubleshooting" back to me, and I realised I'd been writing rules I never wrote down. This is the story of how we used AI to inventory, argue over, and ratify the norms that run WitFoo, from "The WitFoo Way" of coding all the way out to a thing we call Fish-in-a-box.

Adversarial Code Review Example with Claude

Charles Herring 18 June 2026
Adversarial Review

Below you will find my adversarial review prompt that I give to Claude on every pull request review. This is a living document that references dozens of cascading documentation. Collectively, over 1,700 norms contained in the "WitFoo Way" are reviewed. Also, the integrity of the work done by what is often a lazy or dishonest Claude session. In spite of the rigorous testing I outlined in Coding with Claude: What I've Learned Building a Cybersecurity Platform with AI , Claude finds new innovative ways to come off the rails. I use this prompt in an independent session to find shortcuts and lies from the PR session. I have run this prompt dozens of times and it has never come back without hits.

Podcast: Adventures of Alice & Bob

Charles Herring 23 April 2026
Alice and Bob Podcast with Charles Herring
In this episode, James talks to Charles Herring about what happens when an IT wizard runs away to join the Navy, works on fighter jets, and then gets thrown into cybersecurity right after 9/11? He shares his unconventional journey from the Wild West days of network defense, complete with fighting worms with worms—to being CISO during the Target breach. Plus: why trauma creates silos, why your SOC is like throwing receipts in garbage bags, and what it takes to build a "good neighborhood" in cybersecurity.

Three Prompts That Turn Your Data Lake Into an Empathetic Processor

Charles Herring 22 April 2026
Huggingface Dataset
Earlier this week, WitFoo and the University of Canterbury released 100 million labelled cybersecurity records to Hugging Face under Apache 2.0. Here's a three-prompt walk-through for putting it to work in a stack you already own (Grafana, Sentinel, Splunk, Elastic), using Empathetic Processing to translate, detect, and visualise across your own data.

Blaster, Mythos, and the Patching Tempo We're About to Need

Charles Herring 8 April 2026
Digital Storm
In 2003 at the Naval Postgraduate School, the Blaster worm taught me hard lessons about patch windows, perimeter assumptions, and the laptops that walk in from outside. With Anthropic's release of Mythos, we're about to relive a version of that August, compressed and supercharged. Here's the guidance I gave my team and what I wish I'd known in Monterey.

The Nuclear Code Fork

Charles Herring 30 March 2026
Submarine Control Room
We killed all 450 external dependencies in our analytics platform and brought every line of code in house. It took two days, ~305K tokens, and uncovered 14 vulnerabilities that were already sitting in our stack. Here's why we did it, what we found, and what it actually cost.

Lost in Space, Time and Standards

Charles Herring 16 March 2026
Southern Cross
I anticipated most of the challenges of moving to New Zealand. Immigration, housing, saying goodbyes. What I didn't anticipate was how exhausting it would be to relearn space, time and standards. When seasons run backwards, Mondays happen twice, and you find yourself whispering 'I miss inches' in bed, the cumulative toll is real. Fortunately, wonder makes a good coping mechanism

Supersonic Broken Processes: The Hazards of Automating Cybersecurity with AI

Charles Herring 15 March 2026
Speedometer
You cannot accelerate a process to supersonic speeds if it barely works at five miles per hour. Applying Anthropic's 4D Framework for AI Fluency to cybersecurity automation reveals that all four D's (Delegation, Description, Discernment, Diligence) fail when built on the same siloed, philosophy-free foundations that have plagued SECOPS for decades. The consequences in our field are uniquely severe: the AI can't go to prison when it gets it wrong.

How AI was the Best Bender of My Life

Charles Herring 11 March 2026
Lake Tekapo
I built guardrails for the code, the architecture, and the security. I forgot to build guardrails for myself. After an eight-month megasprint rebuilding 10 years of work with Claude, I ended up on bedrest for a week. Turns out AI-assisted development is the most potent productivity drug ever created, and the dose that makes it medicine and the dose that makes it poison are closer together than you'd think.

The Closing Window: AI's Value-to-Cost Ratio Is Shifting Fast

Charles Herring 4 March 2026
Sinking Tokens
In September, I burned through an entire GitHub Enterprise token allocation and barely noticed — the overages cost pennies. I rated that moment at 1,000:1. Value to cost. By February, I'm spending $2,000 a week on similar workflows. The ratio is now 600:1 and falling. The window isn't shut. But it's moving. Here's what I think is driving it, and what I'm planning for when it closes.

People > Machines (The OODA Loop Strikes Back)

Charles Herring 12 February 2026
OODA Loop
Eight years after writing "People > Machines," the thesis holds stronger than ever. AI-assisted development has turned the OODA loop into a double-edged sword: with solid devops practices, it creates virtuous cycles that compound quality at unprecedented speed. Without them, it amplifies technical debt into a death spiral. The microphone-next-to-the-speaker problem is real, and the human in the loop is the one who decides what gets amplified.

Why I'm Not Losing Sleep Over AI Stealing My Job or My Soul

Charles Herring 10 February 2026
A Tunnel to Light
After six months of building WitFoo's analytics platform with Claude Code, I'm more convinced than ever that AI coding tools make experienced practitioners more valuable, not less. Claude is an extraordinary Warrior, but the Wizard's strategic vision, the Poet's search for meaning, and the hard-won knowledge of the WitFoo Way remain stubbornly, irreducibly human. The Foo has been upgraded. The Wit remains ours.

Teaching Claude the Old Tricks: Lessons from Migrating Legacy Code to an AI-Assisted Workflow

Charles Herring 10 February 2026
AI Onboarding
A companion to "Coding with Claude," this post covers the four-phase approach we used to prepare legacy code for AI-assisted development: documenting what exists, establishing standards, cleaning up the worst of the mess, and letting Claude build the bridge to next-generation code.

Cricket Baptism

Charles Herring 6 December 2025
Hagley Oval
I spent 5 days watching cricket in Christchurch. I learned a good bit about the game but I learned a good bit more about myself and the general endeavor of being a human on this globe.

Empathetic Processing and Temporal Link Analysis: Research Pathways for AI in Cyber Defense

Charles Herring 9 November 2025
Empathetic Listening
Empathetic Processing models analytics as a human‑centric dialogue: systems listen to diverse signals, resolve dissonance among conflicting narratives, and speak findings in role‑appropriate language for analysts, auditors, and executives. This approach reduces reliance on brittle parsers through NLP‑based intent comprehension and anticipates compliance requirements from the moment of ingestion—predestination of data—ensuring forensic completeness before incidents occur.

New Zealand Move Notes

Charles Herring 2 November 2025
Charles in Russel New Zealand

Background

Over the course of a year from November 2025 to November 2026, Mai and I researched and eventually moved to New Zealand. We were looking for a life change and my work at WitFoo needed to plan for international expansion. My extensive notes are found below. 

Advisors

Our move was made much easier by a few advisors. I am pretty good at paperwork and research and thought of doing it myself to save some money. I ended up feeling that all 3 of these advisors over delivered on value and made our move much more successful.

Tags

The Wizard, The Warrior and The Poet

Charles Herring 4 March 2025
Wizard, Warrior and Peot

In the labyrinth of our professional lives, the roles we assume can often feel overwhelming. Balancing strategy, execution, and inspiration requires a delicate dance of various skills and mindsets. To navigate this complexity, I have compartmentalized my work into three distinct personas: The Wizard, The Warrior, and The Poet. Each persona plays a vital role in the tapestry of my professional endeavors, allowing me to approach challenges with clarity, purpose, and creativity.

The Wizard: Master of Strategy and Vision

The journey begins with The Wizard, a figure of wisdom and foresight. When I don the robe of The Wizard, I immerse myself in the realm of strategy and planning. The Wizard's primary concern is to devise the best possible strategy, envisioning the grand scheme in its entirety. This persona thrives on considering every facet of a plan, ensuring that all systems and stakeholders are accounted for.

Subscribe to Newest Content