cybersecurity

2026 Conference Talks for Charles Herring

Charles Herring 11 December 2022

New for 2026: abstracts on Coding with AI (lessons from building WitFoo's analytics platform with Claude Code) and Empathetic Processing and Temporal Link Analysis (research pathways for AI in cyber defense). The classics on CyberGrid, SECOPS-as-law-enforcement, and the Seven Unstable Conversations are still on the menu. Bio refreshed for the Chairman era and the New Zealand base

Read more about 2026 Conference Talks for Charles Herring

Which Detective Would You Hire? The Case for Deterministic Cybersecurity

Charles Herring 13 May 2026

Two detectives, same case. The one who guesses fast, or the one who shows her work? Why cybersecurity can't run on lucky guesses — and how empathetic processing bridges the two.

Read more about Which Detective Would You Hire? The Case for Deterministic Cybersecurity

Podcast: Adventures of Alice & Bob

Charles Herring 23 April 2026

Alice and Bob Podcast with Charles Herring

In this episode, James talks to Charles Herring about what happens when an IT wizard runs away to join the Navy, works on fighter jets, and then gets thrown into cybersecurity right after 9/11? He shares his unconventional journey from the Wild West days of network defense, complete with fighting worms with worms—to being CISO during the Target breach. Plus: why trauma creates silos, why your SOC is like throwing receipts in garbage bags, and what it takes to build a "good neighborhood" in cybersecurity.

Read more about Podcast: Adventures of Alice & Bob

Three Prompts That Turn Your Data Lake Into an Empathetic Processor

Charles Herring 22 April 2026

Earlier this week, WitFoo and the University of Canterbury released 100 million labelled cybersecurity records to Hugging Face under Apache 2.0. Here's a three-prompt walk-through for putting it to work in a stack you already own (Grafana, Sentinel, Splunk, Elastic), using Empathetic Processing to translate, detect, and visualise across your own data.

Read more about Three Prompts That Turn Your Data Lake Into an Empathetic Processor

Blaster, Mythos, and the Patching Tempo We're About to Need

Charles Herring 8 April 2026

In 2003 at the Naval Postgraduate School, the Blaster worm taught me hard lessons about patch windows, perimeter assumptions, and the laptops that walk in from outside. With Anthropic's release of Mythos, we're about to relive a version of that August, compressed and supercharged. Here's the guidance I gave my team and what I wish I'd known in Monterey.

Read more about Blaster, Mythos, and the Patching Tempo We're About to Need

Why the Fork: Addressing the Objections

Charles Herring 2 April 2026

After publishing The Nuclear Code Fork, smart engineers pushed back with reasonable objections: use mature projects, wait for stable releases, pin your versions, trust the process. Every one of those heuristics was right once. Here's why they're wrong now, with specifics from Log4j, Trivy, LiteLLM, and tj-actions.

Read more about Why the Fork: Addressing the Objections

The Nuclear Code Fork

Charles Herring 30 March 2026

We killed all 450 external dependencies in our analytics platform and brought every line of code in house. It took two days, ~305K tokens, and uncovered 14 vulnerabilities that were already sitting in our stack. Here's why we did it, what we found, and what it actually cost.

Read more about The Nuclear Code Fork

Dragon 305: AI Lessons from the Flight Deck

Charles Herring 19 March 2026

In November 1998, a terrified young sailor stepped onto the flight deck of the USS Kitty Hawk during night operations and had to make a hard choice under impossible pressure. Twenty-seven years later, the tech industry could use that same lesson.

Read more about Dragon 305: AI Lessons from the Flight Deck

GrrCON 2024 - Birthing Perjury-free AI

Charles Herring 23 September 2024

Abstract

Cybersecurity analysis leading to deterrence of cybercrime requires processing thousands to billions of digital signals per second. Those signals must be accurately comprehended, forensically preserved then used to detect and investigate potential cybercrime. The work products must not only assist the investigators but must be translated into language that non-technical lay audiences including judges, lawyers and jurors can understand.

This presentation explores how generative artificial intelligence (GenAI), natural language processing (NLP), graph-theory and artificial narrow intelligence (ANI) can play a role in delivering these outcomes.

The session includes demonstrations of opensource toolkits, datasets and models designed to assist in this work.