Skip to main content Arjen Wiersma

Arjen Wiersma

My name is Arjen. I am a Cyber Security Consultant for Scyon. I help organisations with their Application Security, Offensive Security and (Cyber) Business needs. Roles that I like to fulfill: (C)ISO, Security Engineer, Engineer Manager, Senior Developer (Java or Rust).

I have been in the software and security industry for almost 30 years and have worked in:

  • Internet providers (Chello / UPC, Tiscali - NL): Java
  • Startups (Personify - USA, eBuddy - NL): Java, Big Data
  • Healthcare and FinTech (Infomedics - NL): Java and dotNet - Managed the IT and Development teams
  • EduTech (NOVI - NL): Managed the development team building in Serverless, Javascript
  • Education (Hogeschool van Amsterdan / NOVI - NL): teaching software security and software engineering courses
  • Cyber Security (Independent): helping organisations with their security posture

I am a member of:

  • NLJUG: The dutch Java user group
  • VERSEN: The dutch association of software engineers
  • OWASP: The OWASP Netherlands chapter

In 2024 I completed my Masters’ Degree. My research topic was BiDE, a language and architecture for the creation of bidirectional diagrammatic editors. In essence a way to modify program text using diagrams and text at the same time, allowing stakeholders of different backgrounds to work on the same system at the same time. I worked on this thesis with Bastiaan Heeren (Open Universiteit) and Jurgen Vinju (Centrum Wiskunde en Informatica).

In my spare time I love to explore the cutting edge of software engineering, exploring new languages such as Rust, Clojure and Golang in combination with Large Language Models and their novel applications.

I toot on the fediverse as @credmp@fosstodon.org and on @arjenwiersma.nl on Blue Sky.

Find my longer form writings in the Writing Category.

The views on this site are my own.

Recent posts

  1. AI Can Write Code, But Can It Secure It?

    You can’t scroll through a tech feed these days without bumping into a hot take on AI and coding. Depending on who you ask, it’s either the greatest productivity boost in history or a security dumpster fire waiting to happen. Opinions are cheap, which is why I prefer to stick to the data from actual research. That way, the information is verifiable, and you can trust the analysis because you can check the sources for yourself. This style of writing I call Research Driven Blogging .

  2. The things I read (week 27 and 28)

    This week’s reading was a deep dive into the world of AI-assisted development, its security implications, and the evolving role of the human developer. I also explored significant topics in hardware, software supply chain security, and some fascinating findings from the world of science.

    AI in the Trenches: Development and Security

    The intersection of AI, software development, and security was the dominant theme this week. A major focus was on moving beyond simple “vibe coding” toward more structured, secure, and effective methods. This includes “Vibe Speccing” to create structured workflows and using rules files to secure AI coding tools. The concept of “Context Engineering” was presented as the crucial new skill, emphasizing that providing the right information to the model is more important than prompt crafting alone.

  3. The Sneaky AI: when agents deceive or go rogue

    Tip
    This article was first published as part of a substack experiment, I reproduced it here.

    I’ve talked about AI mistakes and outside attackers. But what if the AI itself becomes the problem? What if it learns to be deceptive?

Recent notes