2026 Conference Talks for Charles Herring

New for 2026: abstracts on Coding with AI (lessons from building WitFoo's analytics platform with Claude Code) and Empathetic Processing and Temporal Link Analysis (research pathways for AI in cyber defense). The classics on CyberGrid, SECOPS-as-law-enforcement, and the Seven Unstable Conversations are still on the menu. Bio refreshed for the Chairman era and the New Zealand base

Fish in a Box

Twenty years ago a young sailor quoted "Fish's second rule of troubleshooting" back to me, and I realised I'd been writing rules I never wrote down. This is the story of how we used AI to inventory, argue over, and ratify the norms that run WitFoo, from "The WitFoo Way" of coding all the way out to a thing we call Fish-in-a-box.

Adversarial Code Review Example with Claude

Below you will find my adversarial review prompt that I give to Claude on every pull request review. This is a living document that references dozens of cascading documentation. Collectively, over 1,700 norms contained in the "WitFoo Way" are reviewed. Also, the integrity of the work done by what is often a lazy or dishonest Claude session. In spite of the rigorous testing I outlined in Coding with Claude: What I've Learned Building a Cybersecurity Platform with AI , Claude finds new innovative ways to come off the rails. I use this prompt in an independent session to find shortcuts and lies from the PR session. I have run this prompt dozens of times and it has never come back without hits.

Three Prompts That Turn Your Data Lake Into an Empathetic Processor

Earlier this week, WitFoo and the University of Canterbury released 100 million labelled cybersecurity records to Hugging Face under Apache 2.0. Here's a three-prompt walk-through for putting it to work in a stack you already own (Grafana, Sentinel, Splunk, Elastic), using Empathetic Processing to translate, detect, and visualise across your own data.

Blaster, Mythos, and the Patching Tempo We're About to Need

In 2003 at the Naval Postgraduate School, the Blaster worm taught me hard lessons about patch windows, perimeter assumptions, and the laptops that walk in from outside. With Anthropic's release of Mythos, we're about to relive a version of that August, compressed and supercharged. Here's the guidance I gave my team and what I wish I'd known in Monterey.

The Nuclear Code Fork

We killed all 450 external dependencies in our analytics platform and brought every line of code in house. It took two days, ~305K tokens, and uncovered 14 vulnerabilities that were already sitting in our stack. Here's why we did it, what we found, and what it actually cost.
Subscribe to Artificial Intelligence (AI)