Peter's Griddle

📌 Recent Posts:

Why 2025 resources

For the book, here is the link: https://digitalinfrastructures.nl. PDF: How to bluff your way into Zero Trust PDF: Using deployment diagrams to explain architecture and security to everybody. More on deployment diagrams in the book, in which you can search. Find me on LinkedIN or Mastodon @petersgriddle@fosstodon.org.

AI Coding: "Look Ma, no hands!"

Here is how I AI-coded a fully functional Tic-Tac-Toe web game without looking at a single line of code or manually identifying a GUI or logic error. I ran Claude Code (Pro) in VS Code without any other IDE/AI tooling. But it takes some effort and discipline to get there. The core idea is to be very specific and use an opinionated environment that includes extensive automated testing. The Agentic AI way Many people are researching this, all with slightly different approaches. There are a variety of ways to do more or less the same thing. Here are some of the interesting approaches I found. Interestingly, they all popped up in the first half of 2025. ...

AI coding rabbit holes

The approach People call LLMs statistical completion engines and that they therefore cannot write computer code. While the first may be true, the conclusion not necessarily follows. My answer to this question: let’s try this out! Inspired by modern discoveries in, for example, context engineering and swarm coding (references to come) I decided to give AI assisted coding a shot. I had a little used SaaS application (an LMS) that was nevertheless costing serious money. Yet, completely killing it was not an option. It was relatively easy to extract the Gigabytes of content in there, also through a bit of AI assistance. So I decided to rebuild the app, or at least a minimal version of it. Of many options, I selected Claude as my coding assistant. ...

Can AI automate compliance?

My AI-supported risk analysis assistant mirrors a common pitfall in risk management: focusing on irrelevant controls rather than genuine threats. I have created a risk analyst AI based on industry best practices, or so I assume. This is part of a quest toward more compliance automation, because as an industry we are falling behind in security. I am running through a simple example of a chatbot that answers questions over a nonsensitive dataset. The analyst dives deep into questions on all kinds of controls that, in my view, are quite irrelevant to the risk at the business level. ...

Zero Trust Myths

What is the problem with the image that Zero Trust based information security brings along? Once you understand the principles, and they are not really difficult, it is obvious that only ZT can lead us to a more secure cyber future. So, what is holding us back? Here are some of the misconceptions: “It is a boatload of work, so let’s not start.” Truth: yes, fully securing your IT with all its technical debt is a boatload of work. That is exactly the reason why you need ZT, so that you know where you can get started quickly, and be more secure before the last hole is plugged. ...

The AI Coding Age

This is the dawn of a new age. I have been observing software development for more than fifty years, ever since I wrote my first computer program. In that entire time, I have never witnessed a development that has changed the profession deeper, faster, or more pervasively than now. AI-assisted coding has escaped from the lab, and is impacting the work of every software developer. In the communities I track I hear stories of software engineers regret taking a single week of vacation because of the innovations that they now have to catch up to. ...

AI will replace coders, not software engineers

If you build software for a living, generative AI may be a scary development, as it has the potential to take over a lot of software creation. But I think it depends on what you see as the job of creating software. A coder in the world of IT is somebody who writes code in some programming language. More typically they modify code instead of writing it from scratch. This is in response to bugs, feature requests, and so on. In the age of AI, a lot of coding can be automated. We have seen many examples of AI generating lots of code based on fairly compact specifications. ...

Vibe OPSing with MCP: proof of concept

Here is the story of how I started to use AI to help with running and securing my home network. I call it vibe ops, in analogy to vibe programming. This post is going to be obsolete very soon, even though it is already the second version … My home network plays an additional role as a nice lab, and in the process of better securing it, preferably with Zero Trust Architectures, I am doing some experiments. ...

Three books on Zero Trust, and when you should read them

‘But where do we start?’ The question hung in the air of my training session, asked by many of the attendants. Mind you, these are experienced people with many years of cyber security experience. But turning Zero Trust from an abstract concept into concrete action? That’s where everyone gets stuck. I know that feeling well. Years ago, I joined my first Zero Trust working group, swimming in a sea of frameworks, agency guidelines, and vendor whitepapers. I even had the privilege of attending sessions with John Kindervag, the father of Zero Trust himself. Yet the gap between theory and implementation remained stubbornly wide. ...

Saas Security: a Simple Checklist

The security of your SaaS cloud solutions starts with the review of three major areas. Practically all companies are using SaaS providers in one way or another. SaaS includes Services such as Trello for project management, Microsoft 365, and e.g. specialized solutions for marketing intelligence services. The sky is the limit. Most companies using are using hundreds of SaaS solutions. Here are 3 tips to start with. Maturity match The first thing to worry about is if the maturity of the provider matches your risk appetite. Are they good enough for your use case? If you are working with a mission-critical SaaS solution, you want to make sure that the provider is mature. You can start finding out if that is the case is by looking at their certifications. An example could be the ISO 27000 series certification for IT risk management, or similar. Most mature cloud providers have dozens of certifications. On the other end of the spectrum, you may want to work with a provider that is not so mature, but that is delivering a very innovative solution of great business benefit to your company. That benefit, that competitive edge, may warrant a greater risk appetite. So start with that maturity match first. ...