A few goodies I’d ordered all arrived nearly at once on Saturday, and I thought I’d share them here.
Business card
New business cards! Tap to view at full size.
It’s been a while since I’ve had an honest-to-goodness business card, but since NetFoundry makes them available to employees and since a good chunk of my job is about making myself available to the public, I placed an order and received two boxes containing a few hundred cards in total.
These days, I tend to simply display my LinkedIn QR code on my phone when exchanging contact details with people, but I still like the old-school feel of giving someone a card (which just so happens to contain my LinkedIn QR code).
I know a couple of the authors. Way back in 2016, Ted reached out to me after I’d landed a developer relations job with SMARTRAC and wanted to see how they did developer relations. I also know David from my time at Auth0, because shortly after I joined, Auth0 merged with Okta, where David worked. In fact, to prepare for my technical interview with Auth0, my primary resource was David’s 2019 article in the Okta Developer blog, An Illustrated Guide to OAuth and OpenID Connect.
Since I’m now pretty much Supreme Developer Advocate at NetFoundry (I’m the only one; it’s a small, scrappy company that punches above its weight class), I figured the book would be useful.
Also, I have a policy of buying books written by people I know, as illustrated in the meme below:
I try to be cash money all the time. Tap to view at full size.
You may have noticed that I bought the dead-tree edition instead of an electronic one. This also follows a rule of mine:
If the content is ephemeral or likely to be outdated in a couple of years (or a couple of months, given the pace of change these days), get the electronic version.
If the content is likely to be longer-lasting or seems timeless, get the paper version.
Also, it’s nice to get away from screens from time to time. I’ve carved out a little time each day to sit on the rocking chair on our front porch and read paper books, and Developer Relations Activity Patterns will be one of them.
Teeny-weeny hard drive
Nice and compact! Tap to view at full size.
Between the RAMpocalypse brought about by AI data centers hogging all the storage chips and the war in Iran blocking off access to a large chunk of the world’s helium (it’s a key part of making high-end chips; see my earlier article for an explanation), SSD prices are climbing.
Fortunately, there was a very short-time deal for a two-pack of 2TB Lexar SL500 SSDs for about $400, so we placed an order so that Anitra and I could each have one. They arrived on Saturday, and they’re about the size of my business card!
This AI Salon will feature Chad Mairn, Professor and Founder of the Innovation Lab at St. Petersburg College. It’ll feature the this format: keynote → startup pitches → open mic → networking.
Ready to level up your network? Connect with industry-leading recruiters and fellow tech professionals at TEKsystems, one of the world’s premier IT staffing firms. Whether you’re looking for your next role in Web development, Cloud, Data Science, or Cybersecurity—or just want to be proactive in today’s shifting economy—this is the place to be.
Organized by Disrupt the Bay, this is a Roaring ’20s-themed charity event in Tampa, FL, dedicated to raising funds for pediatric cancer research, particularly targeting ATRT. There’ll be a premium cocktail hour, live entertainment, curated dining, silent and live auctions, and powerful stories showcasing the real impact their support makes for children and families. It’s not just a gala—it’s an experience where purpose meets style, and generosity fuels life-saving breakthroughs led by Save The Kids Foundation.
BSides Tampa, a cybersecurity conference that brings in 2,000+ attendees and held right here in Tampa Bay, returns for its 13th year on Saturday, May 16! It’s a full day with…
Great keynotes and presentations across seven tracks: keynotes, red team, blue team, cloud security, GRC and privacy, appsec, and AI and emerging
The exhibitor hall, where they don’t scan your badge, which means that you won’t get spammed as a result and they won’t sell your info
Interactive villages: malware, social engineering, IOT, network, lockpicking
A chance to meet the technology and cybersecurity professionals in the area, including these two…
SOF Week (“SOF” being short for “Special Operations Forces”) brings the international Special Operations community together for one focused week of collaboration, learning, and capability development. Jointly supported by U.S. Special Operations Command and the Global SOF Foundation, the event serves as the central gathering point for SOF Operators, government leaders, and industry partners working to advance the mission. There’s a fair bit of overlap with the technology industry (including SOFWERX).
One of the largest technology conferences in the Tampa Bay region returns on May 20, bringing together hundreds of technology leaders, innovators, entrepreneurs, and students for a full day of learning, insight, and connection.
This year, poweredUP Tampa Bay Tech Fest introduces an exciting new format designed to give attendees both the big-picture view of where technology is heading in our region and the practical knowledge they can take back to their teams.
Happy Saturday, everyone! Here on Global Nerdy, Saturday means that it’s time for another “picdump” — the weekly assortment of amusing or interesting pictures, comics, and memes I found over the past week. Share and enjoy!
Tuesday at 9:00 a.m. at Entrepreneur Collaborative Center (Tampa): Entrepreneurs Learning and Growth Hub presents Preparing Your Business for AI Automation.
Many businesses attempt to automate too early and struggle with broken processes, unreliable results, and increased complexity. This session focuses on how entrepreneurs can properly prepare their business for AI automation by building the right foundations first.
In this session, you’ll explore what needs to be in place before introducing AI so automation supports growth instead of creating operational risk.
Tuesday at 5:30 p.m. at Entrepreneur Collaborative Center (Tampa): Tampa Bay Biotech presents Building Agentic AI Assistants: A Tutorial for Everyone.
Join Tampa Bay Biotech for a practical and engaging introduction to Agentic AI — the new generation of AI assistants that can reason, plan, use tools, and complete multi-step tasks. This session will explain how agent-based AI differs from traditional AI and standard prompt-response systems, then walk through the core architecture behind intelligent assistants, including LLMs, memory, tools, planning, execution, and orchestration.
Wednesday at 5:30 p.m. @ spARK Labs (St. Pete): The St. Pete / Tampa AI Salon is back with Chad Mairn, Professor and Founder of the Innovation Lab at St. Petersburg College. It’ll feature the this format: keynote → startup pitches → open mic → networking.
Wednesday at 6:00 p.m. at Vaco (Tampa): Tampa Bay Product Group presents Product Builders & Bingo: Casual Networking Social Hour.
Get ready for a networking experience that trades awkward silence for a little friendly competition. We’re turning the standard “so, what do you do?” small talk into a low-stakes scavenger hunt with our interactive Networking Bingo. Each attendee will receive a custom bingo card packed with a mix of product-focused prompts and lighthearted personal fun facts. Your mission is simple: strike up a conversation, find someone who matches a square, and have them sign your card. It’s the ultimate icebreaker designed to help you connect with as many local product peers as possible in a relaxed, pressure-free environment.
While you hunt for those winning rows, we’ll keep the energy high with plenty of fuel for your conversations. Food along with both alcoholic and non-alcoholic beverage options will be provided to keep things casual. Beyond the networking, we’ll also have exciting giveaways throughout the night for those who participate in the quest. Whether you’re a seasoned product leader or new to the field, come for the community, stay for the prizes, and leave with a whole new set of local connections.
Ready to level up your network? Connect with industry-leading recruiters and fellow tech professionals at TEKsystems, one of the world’s premier IT staffing firms. Whether you’re looking for your next role in Web development, Cloud, Data Science, or Cybersecurity—or just want to be proactive in today’s shifting economy—this is the place to be.
Organized by Disrupt the Bay, this is a Roaring ’20s-themed charity event in Tampa, FL, dedicated to raising funds for pediatric cancer research, particularly targeting ATRT. There’ll be a premium cocktail hour, live entertainment, curated dining, silent and live auctions, and powerful stories showcasing the real impact their support makes for children and families. It’s not just a gala—it’s an experience where purpose meets style, and generosity fuels life-saving breakthroughs led by Save The Kids Foundation.
It’s largely automated. I have a collection of Python scripts in a Jupyter Notebook that scrapes Meetup and Eventbrite for events in categories that I consider to be “tech,” “entrepreneur,” and “nerd.” The result is a checklist that I review. I make judgment calls and uncheck any items that I don’t think fit on this list.
In addition to events that my scripts find, I also manually add events when their organizers contact me with their details.
What goes into this list?
I prefer to cast a wide net, so the list includes events that would be of interest to techies, nerds, and entrepreneurs. It includes (but isn’t limited to) events that fall under any of these categories:
Programming, DevOps, systems administration, and testing
Tech project management / agile processes
Video, board, and role-playing games
Book, philosophy, and discussion clubs
Tech, business, and entrepreneur networking events
Toastmasters and other events related to improving your presentation and public speaking skills, because nerds really need to up their presentation game
Sci-fi, fantasy, and other genre fandoms
Self-improvement, especially of the sort that appeals to techies
On Saturday, April 18th, Anitra and I attended Tech in Full Effect, a gathering of Tampa people in Tampa’s tech scene who also enjoy ’90s hip-hop and R&B, and we had a grand time!
Organized by Jordyn Short and Tiffiny B., it took place at Gaspar’s Luxury Estate in South Tampa, a large house and property that can serve as a vacation place for a large group, or in the case of Tech in Full Effect, a lovely party venue.
They had DJ Will spinning ’90s classics…
…’90s hip-hop/R&B-themed drinks…
…and opportunities aplenty to catch up with old friends and make new ones:
While many of the guests were local, a number came from way, way out of town, including from Jacksonville, Miami, Atlanta, and even San Francisco.
I had lots of conversations, and some of the topics were…
What am I doing after Tampa Bay Tech Week? My answer: “Get up to speed on the new job, keep cranking out the Tampa Bay tech events list, touch base with the new connections I made, try and find a venue for an upcoming Tampa Bay AI Meetup.”
My favorite current hip hop?Tkandz and Relaye. None of the “mumble stuff.”
Did we buy a Mac Mini to run OpenClaw? No, Anitra and I got his-and-hers M5 MacBook Pros as our main devices and are turning our old M1 MacBooks into to agent machines.
So what’s my new job?Senior Developer Advocate at NetFoundry, and it’s starting in two days (Tech in Full Effect took place on the 18th; my first day was on the 20th).
All in all, it was a great event with great people, great conversations, and great food and drink in an unusual setting for a Tampa Bay tech event. My thanks to Tiffiny and Jordyn for putting it on — and please let us know when and where you’re holding the next one!
Last week was my first week at NetFoundry, where I’m the Senior Developer Advocate. It was fun, and it was also like drinking from a high-tech, encrypted firehose!
To mark the occasion, I sat down with NetFoundry’s Head of Developer Experience (and also developer; he does a lot!) Clint Dovholuk for my first episode on Ziti TV. We spent an hour diving into the “meat” of Zero Trust, networking architecture, and why your traditional VPN might be the “castle and moat” that finally (and unintentionally) lets the invaders in.
If you’re a developer who has always viewed networking infrastructure as someone else’s problem (and as a recovering mobile developer, I’m certainly guilty on that charge), here’s the deep-dive breakdown of what I learned in my first week on the job.
Clint said that Zero Trust might be better understood if you called it Explicit Trust. In the old “Castle and Moat” model, if you’re in the castle, you’re trusted. In the OpenZiti model, we assume the network is already compromised. You have zero privileges until they are explicitly granted based on:
Authentication: “Who are you?”
Authorization: “What are you allowed to do?”
A lot of resources will authenticate and authorize you through some kind of sign-in process. Clint describes OpenZiti as moving the process out by one layer into the network so you can’t even connect to an OpenZiti-protected resource without being authenticated and authorized first.
Or, to quote Clint:
With OpenZiti and Zero Trust, if you have a service that’s protected by OpenZiti, you first need to authenticate to the OpenZiti overlay network, and then you need to have an authorization that permits the operation you’re trying to perform.
OpenZiti also uses a Zero Privilege approach. Once again, to quote Clint:
The whole idea is that you have no privileges until you are granted privileges, and only then are you able to take whatever operation you want.
“Jay double-you tee” vs. “Jawt”
Apparently we’re on different sides of this debate. Clint prefers referring to JWTs as “Jay double-U tees,” while I prefer to call them “Jawts.”
OpenZiti and NetFoundry: How are they related?
OpenZiti is the network overlay project, and NetFoundry is the company behind OpenZiti.
The “Open” in OpenZiti comes from the fact that it’s an open source project. This is in keeping with the philosophy that a cybersecurity product should be open source because making source code publicly visible enables a community of developers, analysts, and other experts to audit, test, and improve it.
If you have the time, tech skills, and inclination, you can use OpenZiti and run your own overlay network at zero cost — if you don’t count the cost of said time and tech skills. It’s all up for grabs here.
However, if you’d rather spend your time and technical expertise elsewhere, especially once your needs get up to scale, such as on your main line of business, NetFoundry is here to provide you with a managed OpenZiti platform.
It’s easy to run one controller and two routers on your laptop. But when you’re an enterprise managing a fleet of routers, handling upgrades, and monitoring metrics, you’re suddenly in the “overlay business” instead of your actual business. NetFoundry is the “Easy Button” that manages OpenZiti for you [19:10].
The quickstart
Clint then gave a quick demonstration of the OpenZiti quickstart, which creates a fully functional OpenZiti network overlay on your system in a couple of seconds. This overlay has both a router and a controller, and each has a specific job.
Controller
The OpenZiti controller [24:36] serves as the brain of the overlay network. It’s the authority responsible for managing the state of the environment and ensuring that all connections are secure and verified before traffic ever flows.
Its responsibilities can be broken down into several key functions:
1. API surface and management
The controller surfaces several critical APIs that different components of the network interact with. These include:
Edge Client API: Used by SDKs and tunnelers to authenticate and discover services.
Management API: The interface used by administrators (often via the Ziti CLI) to configure the network, such as creating new identities or defining service policies.
Fabric and OIDC APIs: Used for internal mesh communication and identity provider integration.
2. The authority on explicit trust
The controller is the primary decision-maker for the two pillars of Zero Trust security:
Authentication: It verifies the identity of any user, device, or “workload” attempting to connect (answering “Who are you?”).
Authorization: It checks configured policies to determine exactly what that identity is allowed to access (answering “What are you allowed to do?”).
Unlike a traditional network where a firewall might be open by default, the controller ensures the network is dark by default. No connection is permitted until the controller has explicitly authorized it.
3. Bootstrapping trust, a.k.a. enrollment
The controller is the starting point for bringing new devices into the fold through a process called “Bootstrapping Trust”.
It issues One-Time Tokens (OTTs) (essentially signed JSON Web Tokens) that are delivered to users.
When a client initiates enrollment, the controller validates the token and facilitates a Certificate Signing Request (CSR) exchange.
The end result is a strong, cryptographically verifiable identity that the client uses for all future secure communications.
4. Orchestrating the mesh
While the controller does not actually handle the data traffic (that is the job of the routers), it provides the “map.” It coordinates with the edge routers to broker data channels, ensuring that when a client “dials” a service, the routers know how to steer that traffic to the correct destination.
Router
The OpenZiti router [26:09] is the workhorse of the network. While the controller acts as the brain and makes policy decisions, routers constitute the data plane: the actual infrastructure that moves bits from point A to point B.
According to Clint, the router’s job can be broken down into these core functions:
1. Forming the mesh overlay
The routers are responsible for creating the “mesh overlay network”. Unlike a traditional hub-and-spoke networking model, these routers connect to one another to form an interconnected fabric. Even if you start with just one router, you can deploy many others to extend this mesh.
2. Brokering data channels
The primary job of a router is to broker data channels. When an application wants to send data, the router facilitates the creation of a secure path. It effectively “steers” the traffic through the mesh to ensure it reaches the intended destination router and, ultimately, the target service.
3. Serving as the entry point for clients
Everything in OpenZiti is technically an SDK client, whether it’s a standalone app or a “tunneler.” These clients connect directly to the routers to form the necessary channels for communication. The router acts as the listener that accepts these connections once the controller has given the “okay.”
4. Shuttling the actual data
The router is where the heavy lifting happens. It is the component that actually sends your data from one side to the other. While the controller handles the logic of authentication and authorization, it never touches the application data itself. That task is handled entirely by the routers.
5. Enforcing the “dark network”
By acting as the only point of entry into the mesh, routers help enforce the “dark by default” philosophy. Unless a client has been explicitly authorized by the controller, a router will not broker a channel for it, effectively keeping the protected services invisible to the public internet, and by extension, unauthorized and malicious parties.
The coolest part for a developer? You can spin this all up on your local machine in about seven seconds with a simple ziti edge quickstart [23:00].
Why not just use a VPN?
One of my questions was the one every developer asks: “Why can’t I just use a VPN?”
Clint insists that an OpenZiti overlay actually is a VPN [34:05] in the broadest sense, in that it’s a virtual network that’s closed off to unauthorized parties. It just functions much differently than the “one big mush” of traditional VPNs, which are open by default, and once you’re in, you can see everything.
On the other hand, OpenZiti is dark by default [35:45]. If you have a server on the open internet, it usually has an open port (such as port 22 for SSH or 443 for HTTPS). With Ziti, you close those ports entirely. The service becomes “dark,” and the ports are invisible, and you can’t attack what you can’t even find.
The “magic dance” of bootstrapping trust
I’ll admit, when I first tried to set up a client and server, I got a little lost in the “magic dance” of certificates. Clint called this process bootstrapping trust [38:47].
It starts with a One-Time Token (OTT), which is a signed JWT, and the process goes like this:
The admin creates an identity on the controller [41:09].
The client uses the token to find the Controller’s URL [43:11].
The handshake takes place, where the client verifies the controller’s certificate, and they exchange a CSR (Certificate Signing Request) [44:43].
Strong identity: The result is a JSON file containing a key that must be protected like a secret.
AI Agents and the MCP Gateway
We also took a detour into Agentic AI. Clint has been using MCP (Model Context Protocol) Gateways to let Claude interact with the Ziti CLI.
The breakthrough here is efficiency and security. By using an MCP Gateway, you don’t have to give your raw credentials to the AI [57:02]. Plus, by using a targeted MCP server, you can strip a massive 100k data object down to a 10k summary, saving a fortune in tokens [59:12].
Real-world use: From blue bubbles to drones
I asked Clint who is actually using this in the wild. The “Adopters” list is growing, including projects like Blue Bubbles (the tool that brings iMessage features to Android) [50:33].
But the stakes get higher. We discussed Zero Trust Drones and secure communications on the battlefield [52:12]. When you’re in a high-stakes environment like Ukraine, having secure, “dark” comms is a necessity, not a luxury.
More coming soon!
This was the first of many Ziti TV livestreams featuring Clint and Yours Truly. The next one’s scheduled for Friday, April 30th at 11:00 a.m. U.S. Eastern / 8:00 a.m. U.S. Pacific / 1500 UTC, and you can view past livestreams in the Live section of the OpenZiti YouTube channel.
