It’s largely automated. I have a collection of Python scripts in a Jupyter Notebook that scrapes Meetup and Eventbrite for events in categories that I consider to be “tech,” “entrepreneur,” and “nerd.” The result is a checklist that I review. I make judgment calls and uncheck any items that I don’t think fit on this list.
In addition to events that my scripts find, I also manually add events when their organizers contact me with their details.
What goes into this list?
I prefer to cast a wide net, so the list includes events that would be of interest to techies, nerds, and entrepreneurs. It includes (but isn’t limited to) events that fall under any of these categories:
Programming, DevOps, systems administration, and testing
Tech project management / agile processes
Video, board, and role-playing games
Book, philosophy, and discussion clubs
Tech, business, and entrepreneur networking events
Toastmasters and other events related to improving your presentation and public speaking skills, because nerds really need to up their presentation game
Sci-fi, fantasy, and other genre fandoms
Self-improvement, especially of the sort that appeals to techies
If you’ve been building anything with agents in the past year, you already know the shape of the problem even if you haven’t named it: you’ve got a model in one cloud, a vector store in another, a tool server somewhere on-prem, an MCP gateway facing the public internet, and a handful of A2A flows stitching the whole thing together. It works. Better than that, it’s exciting!
Let me say this as someone who’s spent a few years in cybersecurity and the last couple of weeks elbow-deep in OpenZiti: the AI systems that we’re implementing are built on a network model that was designed before any of this stuff existed, and that network model hasn’t kept up with what we’re doing today.
The core argument that Philip makes in his presentation is one I think every developer working on agentic systems needs to internalize, regardless of what they’re shipping on top of:
The traditional internet model lets you connect first and authenticate second. Agentic AI breaks that model so badly that we can’t pretend anymore.
Let me walk through why.
The exploit window has collapsed, and AI is the reason
Tap to view at full size
Philip opened with this knowledge bomb: the median time-to-exploit for newly disclosed vulnerabilities has dropped from days to hours.
AI has joined the Red Team. There’s AI-assisted reconnaissance, AI-assisted fuzzing, AI-assisted exploit synthesis, and more. Every part of the attacker’s pipeline is getting the same productivity boost the rest of us are getting from Copilot and Claude. The asymmetry is brutal. Defenders have to be right about every service they expose, while attackers only have to be right about one.
The LiteLLM supply-chain incident is a useful recent example. An exploit got injected upstream, and because the compromised library ran in environments where it could see them, attackers walked off with SSH keys, Kubernetes tokens, cloud credentials, and the rest of the usual environment-variable buffet. None of that would’ve happened if the service running LiteLLM wasn’t reachable from the place the attacker was sitting. Reachability was the precondition for everything else that went wrong.
In most “AI security” conversations, the talk is about the model: prompt injection, jailbreaks, output filtering, runtime guardrails, and so on. These issues matter, but there’s a much more “boring” question that’s worth asking…
Can the attacker even get a packet to your service in the first place?
If the answer is “yes”, all the model-layer controls in the world are working with their hands tied.
Reachability is the problem
Here’s the structural issue Philip kept circling back to, and it’s worth stating plainly because we’ve all just internalized it as how computers work:
The traditional networking model allows connectivity before authentication.
In your standard server application, you open a port. Clients, including ones that have no business knowing the server exists, sends SYN. The server completes the handshake, and then it asks the client “Who are you?”
By the time a malicious client is answering that question, the people behind it have already fingerprinted your TLS stack, learned your server software, probed for known CVEs, and maybe even identified an exploit they’d like to try.
This is fine for, say, a public web server that genuinely wants to be discovered by anyone. It is wildly inappropriate for an internal MCP gateway, an LLM endpoint scoped to a specific agent, or an A2A flow between two services that should have no business talking to anyone but each other.
There’s a reason bouncers check for ID while you’re still outside the nighclub.
Philip’s metaphor for this is…Hogwarts. Because of course it is.
Imagine if any random Muggle could walk up to Platform 9¾, see the magical world clearly visible behind a flimsy enchantment, and start poking at the bricks to figure out which sequence opens the wall. The whole point of the wizarding world’s security model is that Muggles don’t even know it’s there. Reachability is the threat. Once something is known to exist, it’s only a matter of time before somebody works out how to get in.
Most of our infrastructure today is like Hogwarts with a “Muggles Keep Out” sign on the gate. Everyone can see it. Everyone can probe it. We’re hoping the lock holds.
The identity-first approach
Tap to view at ffull size.
The inversion Philip proposes is something that NetFoundry’s OpenZiti project actually implements. It’s straightforward to describe and surprisingly hard to undo once you’ve seen it:
Strong cryptographic identity comes first. Every agent, every service, every endpoint gets a unique, attestable identity. Not a shared secret. Not a long-lived token someone copy-pasted into an env. An actual cryptographic identity tied to the workload.
Authentication and authorization happen before any data plane exists. No TCP handshake. No UDP packet. No DNS resolution that even confirms the service is real. If you don’t have a valid identity for this specific service under the current policy, there is nothing on the network for you to interact with.
Reachability is granted, scoped, and revocable. A policy says that identity X can talk to service Y for purpose Z. Change the policy, change the reachability. No firewall ticket. No VLAN reshuffle. No RMF package update.
Here’s the phrase that Philip used:
Connectivity should be an outcome of policy.
It shouldn’t be a prerequisite. That’s the difference:
In the traditional model, the network is a thing you build first, and then layer controls on top of it.
In the identity-first model, the network only exists between identities that have been explicitly authorized to see each other. Everything else is dark.
Tap to view at full size.
For agentic systems specifically, this matters because the topology is insanely fan-out. An agent may need to call three LLMs, four tool servers, two vector stores, and a partner organization’s API in a single workflow. Each of those is a trust boundary:
In the traditional model, every one of those flows is a potential firewall rule, a potential exposed endpoint, a potential lateral-movement path if something upstream gets popped.
In the identity-first model, each flow is a policy, and only the policy-permitted flows have any network presence at all.
The developer-velocity argument
Sure, the security argument is the headline, but if you’ve ever worked anywhere with a serious change-management process, the velocity argument might land harder.
Philip mentioned someone he’d recently spoken with who was building a new service. The platform supported outbound 443. The service needed thirty different ports. Each port change was a firewall ticket. Each ticket was an RMF update. The math on that timeline is grim, and it’s grim in commercial environments too. Anyone who’s tried to get a new outbound rule through a Fortune 500 change board has stories.
In a network where reachability is governed by policy on top of identity rather than by plumbing at OSI levels 3 and 4, that whole category of friction collapses. You’re not asking the network team to change the network. You’re updating a policy that says “this identity can now reach this service.” The underlay (your VLANs, your security groups, your jump hosts) doesn’t have to know or care.
Oh, and in case you don’t remember your OSI levels, here they are, illustrated with cats:
(Layers 3 and 4 are the network and transport layers.)
The downstream effects compound:
Telemetry gets quieter. When the only traffic that exists on a path is authenticated, authorized traffic, your SOC stops drowning in scan noise from the open internet. The signal-to-noise ratio on alerts goes way up.
Credentials simplify. No more shared service tokens that everybody on the team has a copy of. Identity is per-workload, scoped, and revocable.
The underlay becomes boring (and in security, boring is good). You can run the same workload across satcom, LTE, hotel Wi-Fi, and a hyperscaler VPC, and the security posture doesn’t change. The overlay handles it.
That last point matters more than it sounds for AI work specifically. Agents don’t sit in one tidy network segment. They reach across clouds, across organizations, across SaaS boundaries. Trying to enforce zero trust by keeping all that traffic inside a controlled underlay is a losing battle. Enforcing it at the identity layer means the underlay can be anything.
Where’s this going for agents?
Tap to view at full size
In his talk, Philip mentioned Cloud Security Alliance work, building a reference architecture for agentic systems on top of identity-first connectivity. It’s taking on this shape:
Foundation: cryptographic identity and attestation. Every agent proves what it is before any path exists.
Reachability: policy-driven, identity-scoped, no ambient network presence.
Authorization: agents see only the tools, models, and data their policy permits. No tool discovery for things they’re not allowed to touch.
Governance: human-in-the-loop for high-risk actions, audit trails tied to the cryptographic identity that took the action.
The thing I like about this stack is that the Foundation layer fixes the boring-but-fatal problem (reachability), which lets the upper layers actually do their jobs without being constantly undermined from below. You can have the world’s best prompt-injection defenses, and they don’t help you if your tool server got pwned because somebody port-scanned it from the open internet.
What you should take away if you’re a developer
It’s the middle of my third week at NetFoundry, and I’m still in the “drinking from the firehose” phase, where I’m interalizing these things:
If your threat model says “we’ll catch them at the application layer,” update your threat model. The exploit window is too short for that to be the only defense.
“Is this service reachable from where the attacker is sitting?” is the first question, not the last. If the answer can be “no,” make it “no.”
Identity-first is not a product category you buy. It’s a property your architecture either has or doesn’t. You can get there with OpenZiti, with various commercial overlays, with SPIFFE/SPIRE for the identity piece, with combinations. The label matters less than the property. (But hey, I’d love it if you went with OpenZiti, and double if you tell NetFoundry you heard about it from me!)
The biggest unlock isn’t security, it’s that you stop spending your week filing firewall tickets.
Philip closed with a line that I think is the right one to leave on, paraphrased: any sufficiently advanced security model looks like magic. In this context, magic means the thing you’re trying to attack isn’t there. That’s the bar. Not “well-defended.” Not “hardened.” Not visible at all unless you’ve already proven who you are.
For agentic AI, where the speed of attack and the fan-out of the topology are both moving in directions that make traditional networking less viable every month, that bar is starting to look less like a nice-to-have and more like the only model that actually scales.
If you want to dig in: the OpenZiti project is open source and a reasonable place to get hands-on with what identity-first overlay networking actually looks like in practice.
Just days before the trial started, Elon Musk tried to settle his lawsuit, which alleges that under Sam Altman’s direction, OpenAI abandoned its mission to serve as a nonprofit making AI to benefit humanity.
According to a Sunday court filing from OpenAI, Musk messaged OpenAI President Greg Brockman two days ahead of the trial to “gauge interest” in a possible settlement. Brockman promptly responded, suggesting that “both sides” drop their claims. But Musk refused, then appeared to grow threatening enough that the court may allow Brockman to testify on the message as evidence supposedly revealing Musk’s true motives for pursuing the litigation.
“By the end of this week, you and Sam will be the most hated men in America,” Musk responded to Brockman’s suggestion that all claims be dropped. “If you insist, so it will be.”
OpenAI clearly did not accept the settlement terms, as the trial started last week with Musk as the first witness. On the stand, Musk stumbled several times, perhaps weakening his case by making concessions, growing hot-tempered, backing off claims that AI risks may quickly become existential, and admitting his ignorance when it comes to AI safety at his own company, xAI.
In short, it’s classic Muskrat moves: make threats, dilute said threats, get huffy, admit ignorance in a field where he claims expertise, repeat.
A few goodies I’d ordered all arrived nearly at once on Saturday, and I thought I’d share them here.
Business card
New business cards! Tap to view at full size.
It’s been a while since I’ve had an honest-to-goodness business card, but since NetFoundry makes them available to employees and since a good chunk of my job is about making myself available to the public, I placed an order and received two boxes containing a few hundred cards in total.
These days, I tend to simply display my LinkedIn QR code on my phone when exchanging contact details with people, but I still like the old-school feel of giving someone a card (which just so happens to contain my LinkedIn QR code).
I know a couple of the authors. Way back in 2016, Ted reached out to me after I’d landed a developer relations job with SMARTRAC and wanted to see how they did developer relations. I also know David from my time at Auth0, because shortly after I joined, Auth0 merged with Okta, where David worked. In fact, to prepare for my technical interview with Auth0, my primary resource was David’s 2019 article in the Okta Developer blog, An Illustrated Guide to OAuth and OpenID Connect.
Since I’m now pretty much Supreme Developer Advocate at NetFoundry (I’m the only one; it’s a small, scrappy company that punches above its weight class), I figured the book would be useful.
Also, I have a policy of buying books written by people I know, as illustrated in the meme below:
I try to be cash money all the time. Tap to view at full size.
You may have noticed that I bought the dead-tree edition instead of an electronic one. This also follows a rule of mine:
If the content is ephemeral or likely to be outdated in a couple of years (or a couple of months, given the pace of change these days), get the electronic version.
If the content is likely to be longer-lasting or seems timeless, get the paper version.
Also, it’s nice to get away from screens from time to time. I’ve carved out a little time each day to sit on the rocking chair on our front porch and read paper books, and Developer Relations Activity Patterns will be one of them.
Teeny-weeny hard drive
Nice and compact! Tap to view at full size.
Between the RAMpocalypse brought about by AI data centers hogging all the storage chips and the war in Iran blocking off access to a large chunk of the world’s helium (it’s a key part of making high-end chips; see my earlier article for an explanation), SSD prices are climbing.
Fortunately, there was a very short-time deal for a two-pack of 2TB Lexar SL500 SSDs for about $400, so we placed an order so that Anitra and I could each have one. They arrived on Saturday, and they’re about the size of my business card!
This AI Salon will feature Chad Mairn, Professor and Founder of the Innovation Lab at St. Petersburg College. It’ll feature the this format: keynote → startup pitches → open mic → networking.
Ready to level up your network? Connect with industry-leading recruiters and fellow tech professionals at TEKsystems, one of the world’s premier IT staffing firms. Whether you’re looking for your next role in Web development, Cloud, Data Science, or Cybersecurity—or just want to be proactive in today’s shifting economy—this is the place to be.
Organized by Disrupt the Bay, this is a Roaring ’20s-themed charity event in Tampa, FL, dedicated to raising funds for pediatric cancer research, particularly targeting ATRT. There’ll be a premium cocktail hour, live entertainment, curated dining, silent and live auctions, and powerful stories showcasing the real impact their support makes for children and families. It’s not just a gala—it’s an experience where purpose meets style, and generosity fuels life-saving breakthroughs led by Save The Kids Foundation.
BSides Tampa, a cybersecurity conference that brings in 2,000+ attendees and held right here in Tampa Bay, returns for its 13th year on Saturday, May 16! It’s a full day with…
Great keynotes and presentations across seven tracks: keynotes, red team, blue team, cloud security, GRC and privacy, appsec, and AI and emerging
The exhibitor hall, where they don’t scan your badge, which means that you won’t get spammed as a result and they won’t sell your info
Interactive villages: malware, social engineering, IOT, network, lockpicking
A chance to meet the technology and cybersecurity professionals in the area, including these two…
SOF Week (“SOF” being short for “Special Operations Forces”) brings the international Special Operations community together for one focused week of collaboration, learning, and capability development. Jointly supported by U.S. Special Operations Command and the Global SOF Foundation, the event serves as the central gathering point for SOF Operators, government leaders, and industry partners working to advance the mission. There’s a fair bit of overlap with the technology industry (including SOFWERX).
One of the largest technology conferences in the Tampa Bay region returns on May 20, bringing together hundreds of technology leaders, innovators, entrepreneurs, and students for a full day of learning, insight, and connection.
This year, poweredUP Tampa Bay Tech Fest introduces an exciting new format designed to give attendees both the big-picture view of where technology is heading in our region and the practical knowledge they can take back to their teams.
Happy Saturday, everyone! Here on Global Nerdy, Saturday means that it’s time for another “picdump” — the weekly assortment of amusing or interesting pictures, comics, and memes I found over the past week. Share and enjoy!
Tuesday at 9:00 a.m. at Entrepreneur Collaborative Center (Tampa): Entrepreneurs Learning and Growth Hub presents Preparing Your Business for AI Automation.
Many businesses attempt to automate too early and struggle with broken processes, unreliable results, and increased complexity. This session focuses on how entrepreneurs can properly prepare their business for AI automation by building the right foundations first.
In this session, you’ll explore what needs to be in place before introducing AI so automation supports growth instead of creating operational risk.
Tuesday at 10:00 a.m. online: Computer Coach / Tech Success Network presents LinkedIn Master Class: Being Found In The Crowd.
Standing out on LinkedIn takes more than just having a profile. It takes intention, clarity, and the right approach. This live webinar is designed to help professionals cut through the noise and get noticed by recruiters, hiring managers, and industry peers. Led by the Computer Coach Career Services team, this session breaks down how LinkedIn actually works and how to use it as a tool for visibility, connection, and career growth.
Tuesday at 5:30 p.m. at Entrepreneur Collaborative Center (Tampa): Tampa Bay Biotech presents Building Agentic AI Assistants: A Tutorial for Everyone.
Join Tampa Bay Biotech for a practical and engaging introduction to Agentic AI — the new generation of AI assistants that can reason, plan, use tools, and complete multi-step tasks. This session will explain how agent-based AI differs from traditional AI and standard prompt-response systems, then walk through the core architecture behind intelligent assistants, including LLMs, memory, tools, planning, execution, and orchestration.
Wednesday at 5:30 p.m. @ spARK Labs (St. Pete): The St. Pete / Tampa AI Salon is back with Chad Mairn, Professor and Founder of the Innovation Lab at St. Petersburg College. It’ll feature the this format: keynote → startup pitches → open mic → networking.
Wednesday at 6:00 p.m. at Vaco (Tampa): Tampa Bay Product Group presents Product Builders & Bingo: Casual Networking Social Hour.
Get ready for a networking experience that trades awkward silence for a little friendly competition. We’re turning the standard “so, what do you do?” small talk into a low-stakes scavenger hunt with our interactive Networking Bingo. Each attendee will receive a custom bingo card packed with a mix of product-focused prompts and lighthearted personal fun facts. Your mission is simple: strike up a conversation, find someone who matches a square, and have them sign your card. It’s the ultimate icebreaker designed to help you connect with as many local product peers as possible in a relaxed, pressure-free environment.
While you hunt for those winning rows, we’ll keep the energy high with plenty of fuel for your conversations. Food along with both alcoholic and non-alcoholic beverage options will be provided to keep things casual. Beyond the networking, we’ll also have exciting giveaways throughout the night for those who participate in the quest. Whether you’re a seasoned product leader or new to the field, come for the community, stay for the prizes, and leave with a whole new set of local connections.
Ready to level up your network? Connect with industry-leading recruiters and fellow tech professionals at TEKsystems, one of the world’s premier IT staffing firms. Whether you’re looking for your next role in Web development, Cloud, Data Science, or Cybersecurity—or just want to be proactive in today’s shifting economy—this is the place to be.
Thursday at 7:00 p.m. at The Neon Temple (Tampa): The Neon Temple presents Ouroboros of TPRM, is your TPRM actually working anymore?
Come join The Neon temple as D4B05H drops some knowledge-bombs about TPRM (Third-Party Risk Management). Understanding how the landscape has changed, and with the rise of AI, how effective actually is your current TPRM program? Some lessons learned from building an effective vendor TPRM program and how you can learn from their struggles.
Organized by Disrupt the Bay, this is a Roaring ’20s-themed charity event in Tampa, FL, dedicated to raising funds for pediatric cancer research, particularly targeting ATRT. There’ll be a premium cocktail hour, live entertainment, curated dining, silent and live auctions, and powerful stories showcasing the real impact their support makes for children and families. It’s not just a gala—it’s an experience where purpose meets style, and generosity fuels life-saving breakthroughs led by Save The Kids Foundation.
It’s largely automated. I have a collection of Python scripts in a Jupyter Notebook that scrapes Meetup and Eventbrite for events in categories that I consider to be “tech,” “entrepreneur,” and “nerd.” The result is a checklist that I review. I make judgment calls and uncheck any items that I don’t think fit on this list.
In addition to events that my scripts find, I also manually add events when their organizers contact me with their details.
What goes into this list?
I prefer to cast a wide net, so the list includes events that would be of interest to techies, nerds, and entrepreneurs. It includes (but isn’t limited to) events that fall under any of these categories:
Programming, DevOps, systems administration, and testing
Tech project management / agile processes
Video, board, and role-playing games
Book, philosophy, and discussion clubs
Tech, business, and entrepreneur networking events
Toastmasters and other events related to improving your presentation and public speaking skills, because nerds really need to up their presentation game
Sci-fi, fantasy, and other genre fandoms
Self-improvement, especially of the sort that appeals to techies
