Happy Saturday, everyone! Here on Global Nerdy, Saturday means that it’s time for another “picdump” — the weekly assortment of amusing or interesting pictures, comics, and memes I found over the past week. Share and enjoy!
Here’s what’s happening in the thriving tech scene in Tampa Bay and surrounding areas for the week of Monday, May 11 through Sunday, May 17!
This list includes both in-person and online events. Note that each item in the list includes:
✅ When the event will take place
✅ What the event is
✅ Where the event will take place
✅ Who is holding the event
| Event name and location | Group | Time |
|---|---|---|
| Saltmarsh and Beyond (5e 2024 D&D Campaign) Sunday, May 17 · 3:00 PM to 7:00 PM EDT |
Adventurers of Central Florida | 4:00 PM |
| Sunday Gaming Tampa Bay Bridge Center |
Tampa Gaming Guild | 1:00 PM to 11:00 PM EDT |
| Sunday Chess at Wholefoods in Midtown, Tampa Whole Foods Market |
Chess Republic | 2:00 PM to 5:00 PM EDT |
| D&D Adventurers League Critical Hit Games |
Critical Hit Games | 2:00 PM to 7:30 PM EDT |
| IMPROV Drop-In Class! (FUN! No experience required) [$20] Spitfire Theater |
Tampa 20’s and 30’s Social Crew | 2:00 PM to 4:00 PM EDT |
| Traveller – Science Fiction Adventure RPG Black Harbor Gaming |
St Pete and Pinellas Tabletop RPG Group | 3:00 PM to 6:00 PM EDT |
| Sunday Pokemon League Sunshine Games | Magic the Gathering, Pokémon, Yu-Gi-Oh! |
Sunshine Games | 4:00 PM to 8:00 PM EDT |
| Return to the top of the list | ||
How do I put this list together?
It’s largely automated. I have a collection of Python scripts in a Jupyter Notebook that scrapes Meetup and Eventbrite for events in categories that I consider to be “tech,” “entrepreneur,” and “nerd.” The result is a checklist that I review. I make judgment calls and uncheck any items that I don’t think fit on this list.
In addition to events that my scripts find, I also manually add events when their organizers contact me with their details.
What goes into this list?
I prefer to cast a wide net, so the list includes events that would be of interest to techies, nerds, and entrepreneurs. It includes (but isn’t limited to) events that fall under any of these categories:
If you’ve been building anything with agents in the past year, you already know the shape of the problem even if you haven’t named it: you’ve got a model in one cloud, a vector store in another, a tool server somewhere on-prem, an MCP gateway facing the public internet, and a handful of A2A flows stitching the whole thing together. It works. Better than that, it’s exciting!
Let me say this as someone who’s spent a few years in cybersecurity and the last couple of weeks elbow-deep in OpenZiti: the AI systems that we’re implementing are built on a network model that was designed before any of this stuff existed, and that network model hasn’t kept up with what we’re doing today.
That was the gist of my coworker Philip Griffiths’ talk at day one of the DoW Zero Trust Symposium a couple of weeks ago. As I said, Philip works with me at NetFoundry as the Head of Strategic Sales, and his talk is titled Why Traditional Networking Fails Agentic AI: Identity-First Connectivity Matters for Zero Trust. You can watch it for free (and better still, without having to register or provide any contact info!) here.
The core argument that Philip makes in his presentation is one I think every developer working on agentic systems needs to internalize, regardless of what they’re shipping on top of:
The traditional internet model lets you connect first and authenticate second. Agentic AI breaks that model so badly that we can’t pretend anymore.
Let me walk through why.
Philip opened with this knowledge bomb: the median time-to-exploit for newly disclosed vulnerabilities has dropped from days to hours.
AI has joined the Red Team. There’s AI-assisted reconnaissance, AI-assisted fuzzing, AI-assisted exploit synthesis, and more. Every part of the attacker’s pipeline is getting the same productivity boost the rest of us are getting from Copilot and Claude. The asymmetry is brutal. Defenders have to be right about every service they expose, while attackers only have to be right about one.
The LiteLLM supply-chain incident is a useful recent example. An exploit got injected upstream, and because the compromised library ran in environments where it could see them, attackers walked off with SSH keys, Kubernetes tokens, cloud credentials, and the rest of the usual environment-variable buffet. None of that would’ve happened if the service running LiteLLM wasn’t reachable from the place the attacker was sitting. Reachability was the precondition for everything else that went wrong.
In most “AI security” conversations, the talk is about the model: prompt injection, jailbreaks, output filtering, runtime guardrails, and so on. These issues matter, but there’s a much more “boring” question that’s worth asking…
Can the attacker even get a packet to your service in the first place?
If the answer is “yes”, all the model-layer controls in the world are working with their hands tied.
Here’s the structural issue Philip kept circling back to, and it’s worth stating plainly because we’ve all just internalized it as how computers work:
The traditional networking model allows connectivity before authentication.
In your standard server application, you open a port. Clients, including ones that have no business knowing the server exists, sends SYN. The server completes the handshake, and then it asks the client “Who are you?”
By the time a malicious client is answering that question, the people behind it have already fingerprinted your TLS stack, learned your server software, probed for known CVEs, and maybe even identified an exploit they’d like to try.
This is fine for, say, a public web server that genuinely wants to be discovered by anyone. It is wildly inappropriate for an internal MCP gateway, an LLM endpoint scoped to a specific agent, or an A2A flow between two services that should have no business talking to anyone but each other.
There’s a reason bouncers check for ID while you’re still outside the nighclub.
Philip’s metaphor for this is…Hogwarts. Because of course it is.
Imagine if any random Muggle could walk up to Platform 9¾, see the magical world clearly visible behind a flimsy enchantment, and start poking at the bricks to figure out which sequence opens the wall. The whole point of the wizarding world’s security model is that Muggles don’t even know it’s there. Reachability is the threat. Once something is known to exist, it’s only a matter of time before somebody works out how to get in.
Most of our infrastructure today is like Hogwarts with a “Muggles Keep Out” sign on the gate. Everyone can see it. Everyone can probe it. We’re hoping the lock holds.
The inversion Philip proposes is something that NetFoundry’s OpenZiti project actually implements. It’s straightforward to describe and surprisingly hard to undo once you’ve seen it:
env. An actual cryptographic identity tied to the workload.Here’s the phrase that Philip used:
Connectivity should be an outcome of policy.
It shouldn’t be a prerequisite. That’s the difference:
For agentic systems specifically, this matters because the topology is insanely fan-out. An agent may need to call three LLMs, four tool servers, two vector stores, and a partner organization’s API in a single workflow. Each of those is a trust boundary:
Sure, the security argument is the headline, but if you’ve ever worked anywhere with a serious change-management process, the velocity argument might land harder.
Philip mentioned someone he’d recently spoken with who was building a new service. The platform supported outbound 443. The service needed thirty different ports. Each port change was a firewall ticket. Each ticket was an RMF update. The math on that timeline is grim, and it’s grim in commercial environments too. Anyone who’s tried to get a new outbound rule through a Fortune 500 change board has stories.
In a network where reachability is governed by policy on top of identity rather than by plumbing at OSI levels 3 and 4, that whole category of friction collapses. You’re not asking the network team to change the network. You’re updating a policy that says “this identity can now reach this service.” The underlay (your VLANs, your security groups, your jump hosts) doesn’t have to know or care.
Oh, and in case you don’t remember your OSI levels, here they are, illustrated with cats:
(Layers 3 and 4 are the network and transport layers.)
The downstream effects compound:
That last point matters more than it sounds for AI work specifically. Agents don’t sit in one tidy network segment. They reach across clouds, across organizations, across SaaS boundaries. Trying to enforce zero trust by keeping all that traffic inside a controlled underlay is a losing battle. Enforcing it at the identity layer means the underlay can be anything.
In his talk, Philip mentioned Cloud Security Alliance work, building a reference architecture for agentic systems on top of identity-first connectivity. It’s taking on this shape:
The thing I like about this stack is that the Foundation layer fixes the boring-but-fatal problem (reachability), which lets the upper layers actually do their jobs without being constantly undermined from below. You can have the world’s best prompt-injection defenses, and they don’t help you if your tool server got pwned because somebody port-scanned it from the open internet.
It’s the middle of my third week at NetFoundry, and I’m still in the “drinking from the firehose” phase, where I’m interalizing these things:
Philip closed with a line that I think is the right one to leave on, paraphrased: any sufficiently advanced security model looks like magic. In this context, magic means the thing you’re trying to attack isn’t there. That’s the bar. Not “well-defended.” Not “hardened.” Not visible at all unless you’ve already proven who you are.
For agentic AI, where the speed of attack and the fan-out of the topology are both moving in directions that make traditional networking less viable every month, that bar is starting to look less like a nice-to-have and more like the only model that actually scales.
If you want to dig in: the OpenZiti project is open source and a reasonable place to get hands-on with what identity-first overlay networking actually looks like in practice.
More soon — keep an eye on this space!
From Ars Technica’s article:
Just days before the trial started, Elon Musk tried to settle his lawsuit, which alleges that under Sam Altman’s direction, OpenAI abandoned its mission to serve as a nonprofit making AI to benefit humanity.
According to a Sunday court filing from OpenAI, Musk messaged OpenAI President Greg Brockman two days ahead of the trial to “gauge interest” in a possible settlement. Brockman promptly responded, suggesting that “both sides” drop their claims. But Musk refused, then appeared to grow threatening enough that the court may allow Brockman to testify on the message as evidence supposedly revealing Musk’s true motives for pursuing the litigation.
“By the end of this week, you and Sam will be the most hated men in America,” Musk responded to Brockman’s suggestion that all claims be dropped. “If you insist, so it will be.”
OpenAI clearly did not accept the settlement terms, as the trial started last week with Musk as the first witness. On the stand, Musk stumbled several times, perhaps weakening his case by making concessions, growing hot-tempered, backing off claims that AI risks may quickly become existential, and admitting his ignorance when it comes to AI safety at his own company, xAI.
In short, it’s classic Muskrat moves: make threats, dilute said threats, get huffy, admit ignorance in a field where he claims expertise, repeat.
A few goodies I’d ordered all arrived nearly at once on Saturday, and I thought I’d share them here.
It’s been a while since I’ve had an honest-to-goodness business card, but since NetFoundry makes them available to employees and since a good chunk of my job is about making myself available to the public, I placed an order and received two boxes containing a few hundred cards in total.
These days, I tend to simply display my LinkedIn QR code on my phone when exchanging contact details with people, but I still like the old-school feel of giving someone a card (which just so happens to contain my LinkedIn QR code).
Another thing that arrived on Saturday was my copy of Developer Relations Activity Patterns, written by Ted Neward, Scott T. McAllister, David Neal, and Chris Woodruff, and published by Apress, which is now an imprint of Springer Nature.
I know a couple of the authors. Way back in 2016, Ted reached out to me after I’d landed a developer relations job with SMARTRAC and wanted to see how they did developer relations. I also know David from my time at Auth0, because shortly after I joined, Auth0 merged with Okta, where David worked. In fact, to prepare for my technical interview with Auth0, my primary resource was David’s 2019 article in the Okta Developer blog, An Illustrated Guide to OAuth and OpenID Connect.
Since I’m now pretty much Supreme Developer Advocate at NetFoundry (I’m the only one; it’s a small, scrappy company that punches above its weight class), I figured the book would be useful.
Also, I have a policy of buying books written by people I know, as illustrated in the meme below:
You may have noticed that I bought the dead-tree edition instead of an electronic one. This also follows a rule of mine:
Also, it’s nice to get away from screens from time to time. I’ve carved out a little time each day to sit on the rocking chair on our front porch and read paper books, and Developer Relations Activity Patterns will be one of them.
Between the RAMpocalypse brought about by AI data centers hogging all the storage chips and the war in Iran blocking off access to a large chunk of the world’s helium (it’s a key part of making high-end chips; see my earlier article for an explanation), SSD prices are climbing.
Fortunately, there was a very short-time deal for a two-pack of 2TB Lexar SL500 SSDs for about $400, so we placed an order so that Anitra and I could each have one. They arrived on Saturday, and they’re about the size of my business card!
It’s May, and there’s going to be a lot happening in Tampa Bay’s tech scene, including…
@ spARK Labs / ARK Innovation Center • 5:30 – 8:30 p.m.
This AI Salon will feature Chad Mairn, Professor and Founder of the Innovation Lab at St. Petersburg College. It’ll feature the this format: keynote → startup pitches → open mic → networking.
Find out more and register here.
@ TEKsystems offices • 6:00 p.m.
Ready to level up your network? Connect with industry-leading recruiters and fellow tech professionals at TEKsystems, one of the world’s premier IT staffing firms. Whether you’re looking for your next role in Web development, Cloud, Data Science, or Cybersecurity—or just want to be proactive in today’s shifting economy—this is the place to be.
Find out more and register here.
@ The Orlo House & Ballroom • 6:00 – 11:00 p.m.
Organized by Disrupt the Bay, this is a Roaring ’20s-themed charity event in Tampa, FL, dedicated to raising funds for pediatric cancer research, particularly targeting ATRT. There’ll be a premium cocktail hour, live entertainment, curated dining, silent and live auctions, and powerful stories showcasing the real impact their support makes for children and families. It’s not just a gala—it’s an experience where purpose meets style, and generosity fuels life-saving breakthroughs led by Save The Kids Foundation.
And hey, you’ll get to hang out with this guy:
Find out more and register here.
@ Marshall Student Center, USF • 9:00 a.m. – 5:00 p.m.
BSides Tampa, a cybersecurity conference that brings in 2,000+ attendees and held right here in Tampa Bay, returns for its 13th year on Saturday, May 16! It’s a full day with…
Find out more and register here.
@ SOF Week campus (see map below), May 18 – 21
SOF Week (“SOF” being short for “Special Operations Forces”) brings the international Special Operations community together for one focused week of collaboration, learning, and capability development. Jointly supported by U.S. Special Operations Command and the Global SOF Foundation, the event serves as the central gathering point for SOF Operators, government leaders, and industry partners working to advance the mission. There’s a fair bit of overlap with the technology industry (including SOFWERX).
Find out more and register here.
@ Duke Energy Center for the Arts – Mahaffey Theater • Starting at 11:00 a.m.
One of the largest technology conferences in the Tampa Bay region returns on May 20, bringing together hundreds of technology leaders, innovators, entrepreneurs, and students for a full day of learning, insight, and connection.
This year, poweredUP Tampa Bay Tech Fest introduces an exciting new format designed to give attendees both the big-picture view of where technology is heading in our region and the practical knowledge they can take back to their teams.
Find out more and register here.
Happy Saturday, everyone! Here on Global Nerdy, Saturday means that it’s time for another “picdump” — the weekly assortment of amusing or interesting pictures, comics, and memes I found over the past week. Share and enjoy!
