2026 Conference Talks for Charles Herring

New for 2026: abstracts on Coding with AI (lessons from building WitFoo's analytics platform with Claude Code) and Empathetic Processing and Temporal Link Analysis (research pathways for AI in cyber defense). The classics on CyberGrid, SECOPS-as-law-enforcement, and the Seven Unstable Conversations are still on the menu. Bio refreshed for the Chairman era and the New Zealand base

Fish in a Box

Twenty years ago a young sailor quoted "Fish's second rule of troubleshooting" back to me, and I realised I'd been writing rules I never wrote down. This is the story of how we used AI to inventory, argue over, and ratify the norms that run WitFoo, from "The WitFoo Way" of coding all the way out to a thing we call Fish-in-a-box.

Blaster, Mythos, and the Patching Tempo We're About to Need

In 2003 at the Naval Postgraduate School, the Blaster worm taught me hard lessons about patch windows, perimeter assumptions, and the laptops that walk in from outside. With Anthropic's release of Mythos, we're about to relive a version of that August, compressed and supercharged. Here's the guidance I gave my team and what I wish I'd known in Monterey.

The Nuclear Code Fork

We killed all 450 external dependencies in our analytics platform and brought every line of code in house. It took two days, ~305K tokens, and uncovered 14 vulnerabilities that were already sitting in our stack. Here's why we did it, what we found, and what it actually cost.

Empathetic Processing and Temporal Link Analysis: Research Pathways for AI in Cyber Defense

Empathetic Processing models analytics as a human‑centric dialogue: systems listen to diverse signals, resolve dissonance among conflicting narratives, and speak findings in role‑appropriate language for analysts, auditors, and executives. This approach reduces reliance on brittle parsers through NLP‑based intent comprehension and anticipates compliance requirements from the moment of ingestion—predestination of data—ensuring forensic completeness before incidents occur.

Profit and Loss (PNL) of Cyber Security

The purpose of a CISO and a cyber program is to reduce the costs associated with cybersecurity. I said this to colleagues at a social mixer this week and their heads almost exploded. “Shouldn’t we be trying to stop and mitigate risk?” “We need to spend more money on cyber, not less.” “I can’t believe you, of all people, think we need to be doing less!”

Audacious Proposal

“Do you want to give up and let the bad guys win?” I want businesses to understand that cybercrime is a part of business in the exact same (not metaphorical) way as shoplifting, employees stealing office supplies, customers slipping on the floor, vandalism, executives abusing power against employees, hurricanes, power failures, earthquakes, flooding and taxes.

The goal in all risk management is to reduce the costs associated with the mishaps not to make them impossible.

Subscribe to WitFoo Blog