ByteWise

Welcome to Episode 9 of the ByteWise Podcast, where we tackle the often complex and misunderstood world of vendor management. Whether you know it as TPRM (Third-Party Risk Management), VDD (Vendor Due Diligence), VRM (Vendor Risk Management), or simply VM, understanding how to effectively manage your third-party vendors is crucial for every organization.
In today's business landscape, it's nearly impossible to find an organization that doesn't rely on third-party vendors to conduct business. This reliance, while beneficial, introduces various challenges and complexities, especially when it comes to vendor management. From slowing down projects to forcing additional scrutiny through questions, the initial stages of vendor interaction, often beginning with the Request for Proposal (RFP) process, are critical.
Vendor management faces its fair share of pushback, but why is it so essential? Third parties introduce a multitude of risks to organizations, with cyber risk leading the pack. Cyber breaches caused by third parties are not just a concern; they're a significant threat. However, the risks don't stop there. We delve into reputational risks, such as the impact of outsourced call centers on customer experience, operational risks affecting business continuity, strategic risks to organizational goals, and financial risks, including legal liabilities.
As we wrap up this episode, we set the stage for our next discussion, where we'll dive deeper into the specifics of vendor risk management, exploring the key factors and strategies for mitigating these risks effectively.
Thank you for tuning into the ByteWise Podcast. If you're grappling with the challenges of vendor management or looking to refine your approach, this episode is packed with insights and advice to guide you through understanding the why, so you can gain organization buy-in. 
Remember to subscribe to the ByteWise Podcast for more in-depth discussions on technology, information security, and risk management. See you in the next episode!

Welcome to another episode of ByteWise, where today's discussion ventures into the intertwined worlds of Artificial Intelligence (AI) and cybersecurity. We're thrilled to welcome our first-ever guest, Kip Boyle, a leading figure in cyber resilience. As the CEO of Cyber Risk Opportunities and a recognized thought leader, Kip brings a wealth of knowledge on the topic of AI.
In this episode, we dive into the ethical, legal, and practical considerations vital for companies as they develop and deploy AI technologies. Kip shares his approach to balancing innovation with the necessity of safeguarding user data, providing insights into navigating these challenges based on his extensive experience.
Our conversation also explores strategies for businesses to stay competitive in the rapidly evolving AI landscape, especially for those incorporating AI into their operations for the first time. Kip emphasizes the importance of AI literacy across all organizational levels and shares how the NIST AI Framework can be a valuable tool for guiding ethical and secure AI integration.
As we delve deeper, the discussion turns to the significance of continuous learning and adaptability in keeping pace with AI advancements. Kip offers practical advice on fostering a culture of innovation and resilience, highlighting specific initiatives he has undertaken within his organization to promote AI literacy and implementation.
Finally, we tackle the critical topic of vendor due diligence and the challenges of determining if third parties use public versions of AI. Kip provides actionable tips for assessing potential cybersecurity risks during vendor evaluations, ensuring organizations can make informed decisions when selecting partners.
This episode is packed with invaluable insights for anyone interested in the intersection of AI and cybersecurity. Kip's expertise illuminates the path forward for organizations looking to harness AI's power responsibly and effectively. As we conclude, we invite our listeners to connect with Kip on LinkedIn to discover more about his work and contributions to the cybersecurity community.
 
Join us for this enlightening conversation on ByteWise, as we explore how AI and cybersecurity disciplines enable organizations to thrive in a digital age. Stay tuned for more exciting topics in our upcoming episodes.
 
Kip Boyle on LinkedIn
https://www.linkedin.com/in/kipboyle/
 
Daniel Miessler’s open source project called “Fabric” is a framework for augmenting humans using AI
https://github.com/danielmiessler/fabric/blob/main/README.md
 
NIST AI RMF
https://www.nist.gov/itl/ai-risk-management-framework
 
To be published on April 12, 2024
EP 153: NIST AI Risk Management Framework, part 1
https://www.cr-map.com/153
 
To be published on April 26, 2024
EP 154: NIST AI Risk Management Framework, part 2
https://www.cr-map.com/154
 
 

Welcome to our latest podcast episode, where we dive into the exciting world of Artificial Intelligence (AI). We start off by explaining what AI is all about, making it easy for everyone to understand. Our expert guests help break down the basics, showing how AI is not just for tech experts but for anyone interested in the future of technology.
We then move on to bust some of the biggest myths about AI. There's a lot of misinformation out there, and we tackle it head-on, explaining why some of the fears about AI are overblown and why it's not the solution to every problem. This part of the episode is all about separating fact from fiction, helping our listeners get a clear picture of what AI really means for our world.
This episode is a great introduction to AI for anyone curious about how it's going to shape our future. Whether you're completely new to the topic or already have some knowledge, there's something for everyone. Join us as we explore the fascinating world of AI, cutting through the hype to get to the heart of why it's a topic worth paying attention to.

Welcome back to our podcast series on technical debt! In this episode, we delve deeper into the roots, challenges, and ownership surrounding this pervasive issue in organizations. If you missed the last episode, be sure to catch up on that before diving into this one.
Technical debt doesn't just appear out of nowhere; it often has its roots in various factors such as tight deadlines, evolving requirements, lack of collaboration, or inexperienced developers. We discuss how shortcuts, quick fixes, and rushed decision-making contribute to the accumulation of technical debt over time.
Who owns the responsibility of fixing technical debt? Is it solely the developers' responsibility, or does it extend to project managers, product owners, or even higher management? We explore the importance of a collective mindset towards technical debt resolution and how assigning ownership can facilitate a more effective resolution process.
Unearthing the underlying causes of technical debt is crucial for devising effective strategies to tackle it. We share some methods and tools for identifying the root causes, includingretrospectives and feedback loops.
Technical debt presents a myriad of challenges, from decreased productivity and increased maintenance costs to degraded system performance and heightened risk of bugs and failures. We discuss some of the biggest challenges teams face when dealing with technical debt and strategies for overcoming them.
In wrapping up, we emphasize the importance of understanding the root causes of technical debt, fostering a culture of shared ownership, and involving the entire organization in addressing this critical issue. Join us for our next episode, where we'll dive into practical strategies and best practices for managing and mitigating technical debt effectively.
Thank you for tuning in to another episode of our podcast. Don't forget to subscribe, and please leave us a review if you enjoyed the content. Until next time!

In this episode we take on a topic that, while often overlooked, significantly affects nearly every organization: technical debt.
At the outset, we give you a brief overview of what to expect from today’s discussion, highlighting the importance of understanding technical debt, not just for developers and IT professionals but for anyone involved in the ecosystem. 
We start by defining technical debt. Much like financial debt, technical debt accumulates interest, in this case, in the form of unitended consequences that sap productivity and resources. We explore the nuances between intentional and unintentional technical debt, and the implications they carry.
The conversation then shifts to the impact of technical debt on organizations. Through real-world examples, we discuss how it can hinder new features, escalate bugs, and inflate operational costs, ultimately affecting an organization's bottom line. 
Expanding the conversation, we tie technical debt to other disciplines such as project management, business continuity and vendor management. The discussion also touches on the delicate balance between pushing for innovation and the necessity of maintenance, offering guidance on how to strike the right chord.
Thank you for tuning in and being part of our journey through the digital landscape. Let’s keep the conversation going and transform the way we think about and handle technical debt, together.

In this insightful episode of the ByteWise podcast, we delve into the intricate world of risk management, information security, and IT, exploring their pivotal roles within the organizational structure. "Where Do We Belong?" sheds light on the various organizational charts that shape these critical functions and their integration into the broader corporate landscape. Our discussion navigates through the diverse models of org charts, from centralized to decentralized, and hybrid approaches, examining the unique advantages and challenges each presents.
Listeners will gain an understanding of how the positioning of risk management, information security, and IT within an organization can significantly influence their effectiveness and authority. We dissect the implications of each org chart layout on the ability to influence decision-making processes, foster interdepartmental collaboration, and secure buy-in from key stakeholders.
Join us as we unravel the complexities of organizational design, its impact on the strategic roles of risk management, information security, and IT, and the best practices for maximizing their influence within your company. Whether you're a C-suite executive, a manager in the tech space, or an IT professional, this episode offers valuable insights into aligning your organizational structure with your strategic objectives for optimal performance and security.

This episode of "ByteWise" is dedicated to a critical issue faced by risk and technology professionals: gaining organizational buy-in for their initiatives. 
We begin by exploring why securing buy-in is particularly challenging in the fields of risk and technology. From the rapid pace of technological change to the often intangible nature of risk management benefits, we dissect the factors that make stakeholders hesitant. We also discuss the communication gap that frequently exists between tech/risk professionals and decision-makers, who may not always have a technical background.
Our conversation also includes advice on building a compelling narrative that addresses the specific concerns and interests of board members and executive management. We'll cover the importance of speaking their language, focusing on strategic objectives, and demonstrating how risk and technology initiatives are essential for the organization's growth and stability.
This episode is a must-listen for any risk or technology professional looking to effectively navigate the complex landscape of organizational politics and secure the necessary support for their projects.
Tune in to "ByteWise" for insightful advice and strategies to help you bridge the gap between your risk and technology initiatives and the stakeholders who can make them happen. Remember to subscribe for more episodes with expert insights into the world of risk and technology management.
Join the conversation! 
ByteWise Podcast
 

In this episode of "ByteWise," we're simplifying the complex world of audits and assessments. If you've ever wondered about the differences between an audit, a risk assessment, a vulnerability assessment, a penetration test, and a vulnerability test, then this is the episode for you. We're going back to basics to explain what each of these terms means, how they differ, and why they're important.
We'll guide you through the purposes of each evaluation, from audits that check for compliance, to risk assessments that identify potential threats, and to pen tests that simulate cyberattacks. Our discussion is designed to be accessible and informative, perfect for those who are curious how the different disciplines view these tools.
We also touch on the typical sequence of these evaluations and their practical applications in a real-world setting.  So, whether you're just looking to brush up on your knowledge or fine-tune your understanding of these tools, tune in to "ByteWise." Don't forget to subscribe for more insights into technology, information security, and risk management.
Join the conversation! 
ByteWise Podcast

Welcome to episode 1 of ByteWise, where we unravel the (con)fusion between Technology and Risk Management.  
In this episode, we're diving into the heart of our podcast's mission: exploring the synergistic relationship between Technology, Information Security, and Risk Management.
Your hosts, a team of seasoned professionals from each of these critical fields, come together to share their unique stories and experiences. We delve into our personal journeys in tech, the evolving landscape of information security, and the critical role of risk management in today's digital world. Our discussion is not just about what we do, but how these three domains come together to form a collaborative triangle, essential for navigating the complexities of the modern tech environment.
We also take a moment to introduce ourselves, giving you a glimpse into who we are, our professional backgrounds, and why we believe this conversation is crucial. This episode sets the stage for why this topic is not just relevant, but necessary for ongoing discussion in our rapidly changing world.
As we unpack our insights and lessons learned, we aim to illuminate the interconnectedness of these disciplines and how they can, and should, work together. Whether you're a tech enthusiast, a security professional, or a risk management expert, this episode offers a unique perspective on the convergence of these fields and why it matters.
Join the conversation!  
ByteWise on LinkedIn
Connect with your hosts!
Daniela
Brian
Glen