ByteWise

It's the last episode of 2024 and the ByteWise crew is taking a look back at the year that was! Join Daniela, Brian, and Glen for a casual conversation about their biggest takeaways from the past year, including the rise of AI, the evolving Agile landscape, and the importance of collaboration and communication in organizations.
Key Takeaways:
AI is here to stay. While the initial hype may be fading, AI tools like ChatGPT and Gemini are proving to be valuable assets. The team discusses the importance of understanding AI's capabilities and limitations, as well as the need for organizational guardrails to mitigate potential risks.
Agile is more than just speed. Brian emphasizes the need for a reset in the Agile community, focusing on the holistic benefits of Agile methodologies beyond just faster delivery. The team highlights the importance of customer centricity, continuous improvement, and realistic expectations when implementing Agile.
Collaboration is key. The hosts reflect on the unique synergy they experienced while working together, emphasizing the importance of cross-functional collaboration between risk, InfoSec, and IT teams. They stress the need for open communication, understanding different perspectives, and breaking down silos within organizations.
Cybersecurity is everyone's responsibility. The team discusses the persistent misconception that smaller organizations are not targets for cyberattacks. They stress the importance of understanding and quantifying risk, and using effective communication strategies to engage employees and promote a security-conscious culture.
Looking Ahead to 2025:
The ByteWise team is excited for what 2025 holds, with plans for new guests, engaging topics, and continued exploration of the ever-evolving world of cybersecurity, risk management, and technology.

Join us as we chat with Eddie Miro, a cybersecurity expert with an unconventional path into the field. From dial-up tech support to teaching at community colleges and creating games for DefCon, Eddie shares his unique journey and insights.
We delve into the world of Capture the Flag competitions, discuss the challenges of breaking into cybersecurity, and get Eddie's advice for aspiring professionals. Plus, we explore the importance of community and mentorship in the cybersecurity world.
Key Takeaways:
Multiple Paths to Cybersecurity: Eddie emphasizes that there's no single "right" way to enter cybersecurity. College, certifications, home labs, and community involvement all offer valuable avenues.
The Power of Community: Active participation in the cybersecurity community, including attending conferences, volunteering, and networking, can open doors and provide essential support.
CTFs as Learning Tools: Capture the Flag competitions offer a fun and engaging way to develop cybersecurity skills and gain practical experience.
Overcoming Hiring Hurdles: Eddie provides tips for navigating the cybersecurity job market, including tailoring resumes, networking, and seeking referrals.
Cybersecurity for Everyone: Even those in non-technical roles can benefit from a basic understanding of cybersecurity concepts. Eddie offers up some helpful tips. 
 
Resources:
Antisyphon Training: https://www.antisyphontraining.com/
Octopus Game: https://defcon.social/@OctopusGame
DEF CON: https://defcon.org/
Cyber Skyline: https://cyberskyline.com/
National Cyber League: https://nationalcyberleague.org/
CTFtime: https://ctftime.org/
 
Connect with Eddie Miro:
LinkedIn: https://www.linkedin.com/in/theedmiroshow/

In this episode of ByteWise, Daniela, Brian, and Glen tackle the ever-present challenge of prioritization, especially as the year ends and new goals loom. They discuss the difficulties of prioritizing in a shared organizational structure, where everyone believes their work is the most important. The conversation explores the importance of saying "no," managing expectations, and aligning projects with strategic goals. They also delve into practical strategies for staying focused and productive, including minimizing distractions, using planning poker for prioritization, and taking time for self-care.
Key Takeaways:
Prioritization is tough: Everyone thinks their work is the most critical, making objective prioritization difficult.
Saying "no" is crucial: Learn to decline projects that don't align with strategic goals or are consistently low priority.
Focus on a few things: Trying to do everything often leads to doing nothing well.
Context switching kills productivity: Minimize distractions and interruptions to maintain focus.
Use planning poker: This tool helps teams collaboratively prioritize tasks and projects.
Align with strategic goals: Connect your work to the organization's overall objectives to increase its perceived value.
Document everything: Keep records of decisions and recommendations, especially when your advice is overruled.
Take care of yourself: Prioritize your well-being to avoid burnout and maintain productivity.
Resources Mentioned:
Planning Poker
Related Episodes:
The Agile Secret Sauce
Call to Action:
How do you prioritize your work? Share your tips and strategies in the comments!
Connect with ByteWise:
Website
Follow us on LinkedIn

Guest: Bill Peters, Chief Experience Officer at TAPCO Credit Union
Episode Summary:
In this episode of ByteWise, we're joined by Bill Peters, Chief Experience Officer at TAPCO Credit Union. Bill shares his insights on how to effectively manage technology, risk, privacy, and security while prioritizing the member experience. He emphasizes the importance of:
Collaboration: Breaking down silos and partnering with stakeholders across the organization, including the board, IT, and risk management.
Early Evaluation: Incorporating privacy and security considerations from the very beginning when evaluating new technologies and vendors.
Member Focus: Using data to understand member behavior and needs, but always prioritizing member privacy and security.
Continuous Learning: Investing in board and staff education to stay ahead of emerging technologies and threats.
AI for Efficiency: Leveraging AI to increase efficiency and free up staff for more complex tasks and relationship building.
Bill also provides valuable advice for new CXOs, emphasizing the importance of asking questions, being curious, and building trust and vulnerability within teams.
Key Takeaways:
CXOs need to be well-versed in technology, risk, privacy, and security to effectively lead their organizations.
Collaboration is essential for successful technology implementation and risk management.
Data can be a powerful tool for understanding member needs, but privacy and security must be prioritized.
AI can be a game-changer for efficiency, but it's important to manage employee concerns and expectations.
Continuous learning and development are crucial for both board members and staff.
Connect:
Bill Peters
TAPCO Credit Union

Unlocking Influence
In this episode of ByteWise, Daniela and Glen dive into the often-overlooked importance of sales skills in risk management. They go beyond the spreadsheets and data analysis to reveal why understanding client needs, building trust, and nurturing long-term relationships are crucial for success in this field.
Daniela and Glen explore the dynamics of vendor relationships, the role of technology in business decisions, and the essential need for clear communication between internal teams and external consultants. This insightful conversation highlights the power of translating risk assessments into strategic benefits and fostering genuine resilience within organizations.
Key Takeaways:
Sales skills are not just for salespeople: Risk managers need to be persuasive communicators to effectively convey their message and influence decision-making.
Empathy is key: Understanding client pain points and perspectives is crucial for developing tailored risk solutions.
Trust is the foundation: Building strong relationships with stakeholders, both internal and external, requires trust and transparency.
Think long-term: Risk management is not a one-off activity; it requires a long-term perspective and ongoing relationship management.
Vendor engagement is crucial: Vendors need to engage with all stakeholders, not just the IT department, to understand the broader business context.
Empower your internal team: Equipping internal employees with sales skills and processes can improve communication and collaboration.
Leverage external expertise: External consultants can bring valuable credibility and insights to enhance risk management efforts.
Relationships matter: Cultivating and maintaining relationships is essential for long-term success in risk management.
Ask the right questions: Effective communication starts with asking insightful questions to truly understand client needs and concerns.
Translate assessments into action: Risk assessments should be translated into tangible strategic benefits to drive meaningful change within organizations.
What to do next:
Subscribe to Bytewise Podcast on your favorite platform.
Share this episode with colleagues and friends in the risk management and technology fields.
Leave a review and tell us what you think of the show!
We hope you enjoyed this episode of Bytewise! Tune in next time for more insightful discussions on the intersection of technology and risk management.

Join Daniela, Brian, and Glen as they dissect Glen's recent conference experiences. Glen shares insights from Secure World and Wild West Hackin' Fest, highlighting the ongoing struggle to effectively manage AI risks, the persistent gap between business leaders and cybersecurity professionals, and the need for better communication and collaboration across departments. They discuss the challenges of technical debt, the ransomware epidemic, and the importance of investing in detection and response mechanisms. 
Key Takeaways:
AI Governance Gap: While AI is a hot topic, there's a lack of focus on organizational governance and risk management.
Communication Breakdown: A chasm remains between business leaders and cybersecurity professionals, hindering effective risk communication and decision-making.
Tool Overload: An overreliance on tools and technology without proper strategy and communication is a common pitfall.
Ransomware Reality: Ransomware remains a significant threat, highlighting the need for stronger preventative measures and investment in detection and response.
Small and Medium Businesses: Smaller organizations often struggle to find cybersecurity solutions that fit their needs and budgets.
Shifting Focus: There's a growing recognition of the need to move beyond prevention and invest more in detection, response, and recovery.
Breaking Down Silos: Increased collaboration between security, legal, risk management, and other departments is crucial for effective cybersecurity.
Resources Mentioned:
https://www.secureworld.io
https://wildwesthackinfest.com
Call to Action:
Think beyond tools and technology. Focus on strategy, communication, and collaboration.
Invest in detection and response mechanisms to minimize the impact of cyberattacks.
Break down silos and foster communication between departments.
Consider attending cybersecurity conferences to stay informed and network with peers.
Connect with ByteWise:
https://bytewise.podbean.com/
https://www.linkedin.com/company/bytewise-podcast/
 
 

In this episode of ByteWise, Glen and Brian discuss the nuances of hiring in the tech industry. They emphasize the importance of finding candidates who are a good cultural fit and have the potential to grow, even over those with perfect qualifications on paper. They delve into the limitations of relying solely on certifications and degrees, highlighting the value of real-world experience and problem-solving skills.
The hosts also encourage tech professionals to develop business acumen and bridge the communication gap with business leaders. Additionally, they discuss the benefits of remote work and the importance of trust and leadership in managing remote teams, while critiquing the trend of companies forcing employees back to the office full-time.
Key Takeaways:
Prioritize cultural fit and potential for growth when hiring.
Look for candidates with intellectual curiosity, problem-solving skills, and a willingness to learn.
Encourage tech professionals to develop business acumen.
Embrace remote work and trust employees.
Avoid rushing the hiring process and focus on finding the right fit.
What to do next:
Subscribe to ByteWise on your favorite podcast platform.
Share this episode with your colleagues and friends in the tech industry.
Leave a review and let us know what you think of the show!
We hope you enjoyed this episode of ByteWise. Tune in next time for more insights and discussions on the intersection of technology and business.

Guest: Mark Moore, VP Fraud Strategy and Prevention 
 
Episode Highlights:
The Fraud-Tech Fusion: Mark shares his unique journey from InfoSec to Fraud, highlighting the increasing overlap between cybersecurity and fraud prevention in today's digital landscape.
Outsmarting the Scammers: From the resurgence of check fraud on Telegram to sophisticated multi-layered attacks, Mark reveals the latest tactics fraudsters are using and how to stay one step ahead.
Building a Proactive Defense: It's not just about "whack-a-mole" anymore! Learn how Mark builds proactive fraud prevention strategies, emphasizing the importance of data analysis, collaboration with marketing and digital teams, and utilizing tools like LinkedIn and DefenseStorm's newsletter to stay informed.
The Ideal Fraud Fighter: Forget the stereotypes! Curiosity, humor, adaptability, and resilience are the key traits Mark looks for when building his team. He also shares insights on using the SFIA framework for effective hiring and training.
Navigating the Org Chart: Where does fraud prevention fit best within an organization? Mark discusses the pros and cons of embedding fraud teams within IT, risk management, or operations, emphasizing the need for flexibility and understanding each organization's unique strengths.
Key Takeaways:
The lines between fraud and cybersecurity are blurring, necessitating closer collaboration between these fields.
Data is key in both fraud and marketing, making cross-departmental partnerships essential.
Soft skills like curiosity, adaptability, and resilience are just as important as technical skills in fraud prevention.
Building a proactive fraud defense requires staying informed, utilizing the right tools, and understanding the evolving tactics of fraudsters.
The ideal organizational structure for fraud prevention varies depending on the company's strengths and culture.
Resources:
International Association of Financial Crimes Investigators
Northwest Fraud Investigators Association
Association of Certified Financial Crime Specialists
Center for Financial Professionals
DefenseStorm
Connect with Mark!
 
 
 

October is looming, and for many, that means the dreaded annual cybersecurity training. But on this week's ByteWise,we're here to tell you it doesn't have to be a snoozefest!
We kick off with Daniela's newfound obsession: the Darknet Diaries podcast. It's a thrilling deep dive into the underbelly of the internet, perfect for getting in the cybersecurity mindset. (Just maybe don't listen to it before bed!)
Then, we tackle the big question: How can we make cybersecurity awareness fun? Forget those click-through slideshows.We're talking:
The "Inside Man" - a binge-worthy series that had employees begging for more.
A treasure hunt that turned the office into a playful battleground.
A phishing contest that pitted departments against each other (with hilarious results).
Roundtable discussions that tapped into employee expertise and offered the chance to win prizes.
"Feature Friday" - a simple but effective way to put a human face on security.
And for the truly adventurous: tabletop exercises with a Dungeons & Dragons twist!
We also share a treasure trove of free resources to get you started. So, ditch the boring webinars and turn October into a month of cybersecurity excitement! Your employees (and your data) will thank you.
Links & Resources:
All the goodies mentioned in the episode:
CISA Cybersecurity Awareness Month (free)
National Cybersecurity Alliance (free)
KnowBe4 - Home of the "Inside Man"
Wizer (great alternative for training and phishing)
Hackback Gaming
Ready to level up your cybersecurity awareness? Subscribe to ByteWise today!
Subscribe!

In this episode of ByteWise Podcast, Daniela, Brian, and Glen chat with Jeff Owen, Chief Operating Officer at Rochdale, a credit union services organization (CUSO) specializing in enterprise risk management (ERM). They delve into the often misunderstood concepts of risk appetite and risk tolerance, emphasizing their importance in the information security and technology space. Jeff shares his insights on defining ERM, establishing risk appetite statements, and integrating them into strategic decision-making. He also discusses the challenges of gaining buy-in for risk management initiatives and provides actionable advice for incorporating risk appetite statements into cybersecurity strategies.
Key Takeaways:
Defining ERM: Jeff emphasizes the importance of understanding ERM's objectives before jumping into discussions, highlighting the need for a holistic approach that considers the biggest risks tied to organizational objectives.
Risk Appetite vs. Risk Tolerance: Jeff differentiates between risk appetite (broad, qualitative view of acceptable risk) and risk tolerance (detailed, quantitative boundaries on specific risks).
Establishing Risk Appetite Statements: Jeff outlines a step-by-step process involving dialogue between the board and executive team, incorporating risk categories and objectives, and creating hypothetical scenarios to gauge risk tolerance.
Communicating Risk Appetite Statements: Jeff stresses the importance of communicating risk appetite statements to decision-makers across the organization, ensuring they understand and can leverage them in their roles.
Cyber Risk Appetite: Jeff acknowledges the increased focus on cyber risk from regulators and boards and discusses incorporating cyber risk as a separate risk category in risk appetite statements.
Integrating Risk Appetite with Strategy: Jeff highlights the value of integrating risk appetite conversations into strategic planning to proactively address risks and opportunities.
Following Up on Risk Appetite Statements: Jeff suggests identifying measurable risk tolerances, tracking adherence to them, and establishing processes to address breaches.
Example Risk Appetite Statement: Jeff shares an example risk appetite statement that balances an aggressive strategic plan for partnering with innovative technology providers with the importance of protecting member data and maintaining member confidence.
Guest Information:
Jeff Owen, Chief Operating Officer at Rochdale
LinkedIn: Jeff Owen
Email: jowen@rochdaleparagon.com