My name is Ayman and I'm an Addict

Vibe coding rant, vCISO vs Fractional CISO, and more

Author

Ayman Elsawah
July 20, 2025

Table of Contents

📢 If you are a CISO or security manager looking to go out on your own, the next live cohort of Fractional CISO Success starts tomorrow! Learn about marketing, sales, pricing, and delivering a successful service!

I’m An Addict

You know that feeling?

When you meet someone amazing and you just can’t stop thinking about them. 🥰

When you get that new game and can’t stop playing. 🎮

When you get that new car and just want drive, doesn’t matter where. 🏎️

Well, that’s the feeling I’ve had when I discovered vibe coding! 🤖

It was off to a slow, but steady start, but then when I really got into it, wow! I literally couldn’t stop doing it.

I skipped meals. Lost sleep. Ignored friends.

I just kept coding.

I’m so happy to be “coding” again.

I used to have this feeling when I was scripting before, building tools and apps. Always excited for that next feature or function.

Now this is 10x or even 100x faster. It’s all the good stuff, without the bad stuff.

Less troubleshooting.

Easier git rebasing and cleanup. (TIL: git push --force-with-lease vs –force)

Less environmental headaches.

Easy error catching implementation.

More coding.

Everyone I’ve talked to who’s tried it says the same thing: It’s addicting.

This is was me today writing this article and vibe coding. (Single origin coffee of course!)

It’s not without its faults.

In fact, it’s good to have some technical understanding when doing it.

You do need to babysit the agents and course correct as needed.

You are still the captain and in charge.

How is this relevant for security leaders?

It brings you closer to your engineers. You can understand their build and deployment environment better.

Take a template and build it using the same infrastructure they use.

Take the source code and ask the agent anything about it.

You can understand their mistakes, because you will make them too.

Best part? You can ask the agent STUPID QUESTIONS.

You can ask why it decided to do this X or Y.

You can have it explain the code line by line.

You can ask if a decision it made could be better.

You can tell it it might be wrong, and it won’t look at you weird.

I’ve learned so much in the past week. I’m so grateful.

Even getting a template app to work in production had its challenges using an agent.

If it was by hand, it would have taken forever and I would have given up!

Software has been democratized. You’re only limited by your imagination.

WARNING: Vibe coding is dangerous  for those with SNTS (Shiny New Tool Syndrome), Builders, and Tinkerers.

What’s The Difference Between vCISO and Fractional CISO

I get this question all the time. Here is my take.

In essence they are the same thing!

However, because of abuse of the phrase by inexperienced people and MSSPs, I don’t use it anymore.

It’s gotten a bad rap.

I recommend and only use the term Fractional CISO. It’s more accurate and descriptive.

You see, when a company needs a part-time or temporary CISO, which is essentially what this role is, they still need a CISO.

The trick is they don’t need it all at the same time.

An experienced vCISO / Fractional CISO has done it all. Board presentations, Incident Response, GRC, Security Architecture & Engineering, Client meetings, and managing / growing the team.

So let’s not be too hasty judging someone who is a “vCISO”. They may have more experience than your average CISO.

Society, Tech, and AI

Unpacking Claude’s System Prompt

Something worth reading. Behind all this AI is just… people and their thoughts.

Unpacking Claude's System Prompt

Chatbots Are More Than Just Their Models.

www.oreilly.com/radar/unpacking-claudes-system-prompt

Oauth & MCP

For the first time I saw a YT ad that was a technical talk given by an engineer! Fascinating! The ad was by Stytch!

(Yes, I know I don’t have premium)

A CISO asked me recently about securing MCP servers, so I mentioned cloudflare had a framework they published recently. Stytch has one as well, with an example!

You know what I’m going to say right? Try it out yourself.

A 3 second search on Github and I found this: https://github.com/coleam00/remote-mcp-server-with-auth

You know I’ll be playing with it!

AI Rabbit Hole Videos

Thankfully to some really smart friends and YouTube I’ve been able to stay up to speed on all the AI developments. However these next few videos (and some spare time) really got me going. I’m sharing some of the videos that were helpful for me:

AI Rabbit Hole

A google doc with some YT videos

docs.google.com/document/d/135tTGozK3aliPvos2aOy5qX_YcHgHHxz1sTkH0fc4Zo/edit?tab=t.0

Fin

That’s all folks. If you liked anything in here, feel free to forward to friends or just hit reply and let know. If you’ve started vibe coding recently, would love to hear what you’re working on!

Reply

or to participate.

© 2025 The Security Cafe.

Privacy policy

Terms of use

Powered by beehiiv