ByteWise

In this first part of a two-episode series, Daniela, Glen, and Brian welcome Monty Fowler and Mark Dallmeier from AspireSix to talk about the concept of "Executive Debt."
Monty and Mark, seasoned leaders with extensive experience in startups and consulting, introduce executive debt as the accumulation of negative long-term consequences resulting from short-sighted decisions made by organizational leadership. They share the fascinating origin story of the term, born from a conversation about technical debt and the surprising realization of the concept's absence in existing business literature.
The conversation explores the very definition of executive debt, drawing parallels to technical debt's creation through prioritizing immediate needs over future implications. Monty and Mark highlight several key symptoms of executive debt, including a resistance to new strategies, a detachment from market realities, and an "invented here" mentality that stifles innovation. They further explain the damaging ripple effect of executive debt throughout an organization, impacting everything from financial performance and operational efficiency to employee morale and overall culture, often leading to disengagement and a fear of change.
The guests contrast these issues with the attributes of high-performing companies, emphasizing the importance of a healthy culture built on trust, open communication, and a willingness to embrace diverse ideas. They also touch upon the intriguing relationship between executive debt and technical debt, suggesting that poor leadership decisions often pave the way for technical shortcomings. Drawing on their extensive experience, Monty and Mark illustrate the concept with real-world examples, particularly within the realm of cybersecurity and risk management, and discuss the challenges internal teams face in addressing these deeply ingrained issues. The episode concludes with a teaser for the second part, promising a deeper dive into strategies for identifying and overcoming executive debt.
Connect with our guests: 
Monty Fowler
Mark Dallmeier
https://aspiresix.com/

Are you truly prepared for when disaster strikes? In this ByteWise episode, Daniela, Glen, and Brian draw on their front-line experience to demystify tabletop exercises and reveal their power to transform your organization's crisis response. Beyond theoretical discussions, they share hard-earned lessons from leading real-world simulations, including a recent large-scale ransomware exercise with over 100 participants. Listen in to gain actionable strategies you can implement today to stress-test your plans, identify critical gaps, and build a culture of resilience.
Key Topics:
Why Tabletops Matter: Discover how these exercises go beyond theory to expose hidden assumptions, pressure-test decision-making, and validate business continuity plans.
Incident Response Pitfalls: Learn to avoid common mistakes that can cripple your response, including communication breakdowns, ill-defined roles, and the urge to ""rush to recovery.""
Mastering the Tabletop: Get practical guidance on designing and facilitating effective simulations, from balancing participation to managing challenging attendees.
The Human Factor: Explore strategies for simulating the psychological and emotional toll of a crisis, a critical element often overlooked in planning.
From Exercise to Action: Turn lessons learned into tangible improvements by establishing a regular exercise cadence and implementing a robust follow-up process.
Who should listen?
This episode is a must-listen for technology, risk and resilience professionals, and anyone responsible for ensuring their organization's continuity of operations. Whether you're a seasoned incident responder or new to the field, our hosts provide the deep insights you need to level up your preparedness.

Daniela, Brian, and Glen delve into the difficulties of getting organizations to prioritize and support risk management, IT, and information security. They discuss how departmental silos, conflicting priorities, and a lack of understanding can lead to these areas being marginalized. The conversation explores the tension between documenting risks and the need for action, the importance of relationship-building to bridge communication gaps, and the challenge of shifting organizational mindsets. The hosts emphasize that securing buy-in is an ongoing process, requiring persistence, proactive engagement, and a recognition that organizational change takes time and may necessitate seeking alignment elsewhere.
 

Welcome back to ByteWise! Today, with the episode launching on April Fool's Day, we're diving into the world of phishing tests. It's a topic that often straddles the line between a security measure and, let's be honest, a workplace prank. We're here to discuss how these tests have evolved, moving from potentially punitive tools to a more nuanced approach. Glen kicks us off by defining phishing as a subset of social engineering, focusing on email-based manipulation. He outlines the common tactics cybercriminals use, like malicious links and fraudulent requests.
We then delve into how the approach to phishing tests has changed. Initially, they were often predictable and monthly, but now, they're more random and ad-hoc. Glen explains how fear-based approaches have been counterproductive, damaging trust between employees and the IT/security team. We share personal anecdotes, like Daniela's memorable e-card phishing test experience, to illustrate this evolution.
The conversation shifts to moving beyond punitive measures. We discuss why mandatory training videos and disciplinary actions are ineffective, and instead, we emphasize the importance of clear reporting processes and effective training. We also touch on the necessity of including everyone, even IT, in these tests. Glen suggests focusing on varied training methods, like webinars and bite-sized modules, and creating a supportive environment for reporting suspicious activities.
We emphasize the importance of clear reporting and communication, ensuring employees know how and where to report suspicious activity. The gray area of dealing with repeat offenders is explored, discussing the balance between employee development and organizational risk. We discuss the importance of having a policy for repeat offenders.
Finally, we discuss fostering a security-aware culture, moving away from fear-based approaches and building trust. We emphasize the role of the IT/security team as a resource and the importance of friendly, approachable security personnel. Daniela wraps up the episode with final thoughts and a reminder to stay vigilant, especially on April Fool's Day.
Key Takeaways:
Phishing tests should be educational tools, not punitive measures.
Building a security-aware culture requires trust and open communication.
Clear reporting processes are essential for effective security.
Resources:
https://tech.co/news/study-workplace-phishing-tests-success-rate
https://www.usenix.org/system/files/usenixsecurity24-schops.pdf
 
 

Ever wonder if your disaster recovery (DR) plan would actually work when you need it? Daniela, Brian, and Glen cut through the jargon and get real about DR, focusing on the security gaps you might be missing. They unpack why backups aren't a silver bullet, how problems can lurk in your recovery plans, and why relying solely on cyber insurance can leave you exposed.
What You'll Learn:
Backups: Not Your Security Blanket: Glen explains why hackers target backups and how to fortify them. Think of it as securing the vault, not just the money.
Cloud Caution: Brian warns against putting all your eggs in the cloud basket. Learn why you need your own data copies and how to make that happen.
Ransomware's Hidden Threat: Glen reveals the scary truth: infected backups can re-infect your systems. Discover how to spot and eliminate this risk.
Insurance Reality Check: Daniela and Brian break down what your cyber insurance really covers. Don't get caught off guard when you need it most.
Recovery is a Team Sport: Daniela emphasizes that DR isn't just an IT problem. Learn how to involve everyone and why your team's input is crucial. Especially the people who work with the systems daily.
Actionable DR Tips: Get practical advice on testing your DR plan, identifying critical systems (BIA), and building a resilient recovery strategy.
Key Takeaways:
Don't assume your backups are safe. Proactively secure them.
Diversify your data storage. Don't rely solely on cloud providers.
Scan backups for malware. Assume the worst.
Understand your cyber insurance policy's limitations.
Involve your entire team in DR planning.
Test your plan regularly. Real-world events are unpredictable.
A BIA, Business Impact Analysis, is your road map.
 

In this episode, Daniela welcomes Treena Reilkoff, an expert in conflict management and resilient risk mitigation, to discuss the human side of risk management. Treena shares her insights on how trauma and stress can manifest in the workplace, the importance of creating a psychologically safe environment, and practical strategies for leaders and employees to navigate challenging situations.
Treena emphasizes the need for trauma-informed practices in organizations, highlighting the importance of recognizing the signs of trauma and stress, and having systems in place to support employees who have experienced a critical incident. She also discusses the concept of resilient leadership, which involves not only bouncing back from adversity but also learning from it and preparing for future challenges.
The conversation touches on the cost of conflict, both in terms of financial impact and the toll it takes on employees' well-being. Treena provides practical communication strategies that can be used to de-escalate conflict and support employees in need.
Finally, Treena encourages listeners to educate themselves about implicit bias and its potential impact on decision-making and workplace culture.
Resources:
TLR Solutions for Conflict: https://tlrsolutions4conflict.ca/
Implicit Bias Test - Harvard University: https://implicit.harvard.edu/implicit/takeatestv2.html
Connect with Treena Reilkoff:
LinkedIn:https://www.linkedin.com/in/treenareilkoff-tlr-solutions4conflict/
Website: https://tlrsolutions4conflict.ca/
Key Topics:
Trauma-informed conflict management
The impact of trauma and stress on the workplace
The importance of psychological safety
Resilient leadership
The cost of conflict
Practical communication strategies
Implicit bias

Daniela and Brian tackle the topic of disaster recovery (DR). They define DR, discuss its importance, and explore how it relates to business continuity. They also delve into the role of cloud computing, the importance of backups, and the challenges of testing and budgeting for DR.
Key Takeaways:
DR is a subset of business continuity: It focuses on the technology component of recovery.
DR is not just for major disasters: It applies to any disruptive event that impacts your technology and data.
Every business needs a DR plan: No matter how small, every organization relies on technology and needs a plan to recover it.
Cloud computing can help, but it's not foolproof: While cloud services can transfer some risk, organizations still need to consider their own DR needs.
Backups are essential: Having copies of your data and systems is crucial for recovery.
Testing is key: Regularly testing your DR plan is the only way to ensure it will work when you need it.
Budgeting for DR can be challenging: But it's a critical investment in your organization's resilience.
Connect with Us! 
Brian Tallon
Daniela Parker
Glen Sorensen
 

This episode of ByteWise Podcast features Mark Carroll, a senior business executive and founder of the Masters of Science in Enterprise Risk Management program at Boston University. Mark discusses the evolution of risk management, the importance of understanding operational risk, and the critical skills needed for success in the field. He also shares insights into the unique aspects of the BU Risk Management Program and offers advice for those considering a career in risk management.
Key Takeaways:
The Genesis and Evolution of Risk Management:Mark Carroll discusses the inspiration behind BU's Enterprise Risk Management program, addressing the gap in comprehensive risk education, and how the field has evolved from an insurance focus to a holistic, enterprise-wide approach incorporating security, business continuity, and supply chain resilience.
Navigating the "Resilience" Buzzword and Emerging Risks:Mark shares his perspective on the overuse of "resilience" and the need for tangible changes in practice. He also emphasizes understanding the root causes of emerging risks, even as they manifest differently, and the importance of critically evaluating and debunking perceived risks.
Key Skills and Career Paths in Risk Management:Mark identifies curiosity, challenging assumptions, and deep business understanding as crucial skills for risk managers. He also describes the diverse career paths BU graduates pursue, leveraging their rounded business education and risk expertise in roles across supply chain, finance, and operations.
The BU Risk Management Program: A Unique Approach:Mark highlights the program's focus on operational risk (differentiated from market/credit risk), its field-based approach drawing on instructors' practical experience, and its emphasis on harmonizing various risk disciplines within an organization.
Advice for Aspiring Risk Managers:Mark emphasizes continuous learning, adaptability, and understanding business operations to effectively identify and manage risks, offering valuable guidance for those entering the field.
Resources:
Connect with Mark on LinkedIn
Boston University MS Enterprise Risk Management
 

In this episode of ByteWise, we welcome our first international guest, Klaus Agnoletti, a security professional with 20 years of experience and a passion for improving security policies. Klaus discusses why security policies are often overlooked, the importance of clear and concise language, and how AI can be used to create more effective policies. He also shares his insights on the cultural differences in approaching security policies and the importance of open communication.
Key Takeaways:
Readability is crucial: Security policies should be written in simple, easy-to-understand language to ensure that everyone in the organization can comprehend and follow them.
Inclusivity fosters a security culture: Using inclusive language in policies helps to create a sense of shared responsibility for security across the organization.
AI can be a valuable tool: AI tools can assist in writing, analyzing, and maintaining consistency across security documents.  
 
Don't be afraid to challenge the status quo: If a policy doesn't make sense, speak up! Open communication is essential for creating effective security practices.
Cultural differences matter: Different cultures may have varying approaches to following and enforcing policies. Understanding these differences can improve communication and compliance.
Resources:
Connect with Klaus! 
Website
LinkedIn
Klaus Agnoletti's LinkedIn Articles:
Can AI make security policies more human?
Simplicity is your best security tool
Security Policies: when did we decide they had to be boring and written by lawyers?
LIX Score
Connect with your Hosts:
Daniela
Glen
Brian
Call to Action:
Review your organization's security policies and consider how they can be improved for readability and inclusivity.
Experiment with AI tools to help with policy writing and analysis.
Foster a culture of open communication around security policies.
Subscribe to ByteWise

In this episode of ByteWise, Daniela Parker connects with Margaret J. Millett, winner of the 2023 BCI Lifetime Achievement Award, to discuss her remarkable journey in business continuity management. Margaret shares valuable insights on navigating the ever-changing landscape of risk, emphasizing the need for adaptability, continuous learning, and strong leadership support. They delve into the challenges of securing executive buy-in and board engagement, highlighting the importance of clear communication and demonstrating the value of business continuity in mitigating a wide range of disruptions. This insightful conversation explores the evolving nature of risk, from cybersecurity and supply chain disruptions to the growing impact of climate change, and underscores the need for integrated, holistic approaches to resilience.
Margaret and Daniela also discuss the importance of breaking down silos between disciplines like cybersecurity and business continuity, recognizing that these areas are interconnected and require collaborative efforts. They touch on the unique challenges faced by women in the field and offer advice for those entering this dynamic profession, emphasizing the value of mentorship and continuous self-advocacy. Throughout the episode, Margaret shares her perspectives on common misconceptions about business continuity and encourages listeners to embrace a proactive approach to risk management and live each day to the fullest.
Key Takeaways:
Adaptability is key: The business continuity landscape is constantly evolving, requiring professionals to stay informed and embrace new challenges.
Leadership buy-in is crucial: Securing support from executives and boards is essential for building and maintaining strong resilience programs.
Break down the silos: Cybersecurity, business continuity, and other disciplines must work together to create a holistic approach to risk management.
Embrace mentorship: Guidance from experienced professionals can be invaluable for navigating the challenges and opportunities in this field.
Live with intention: Don't take any day for granted and approach your work with passion and purpose.
Connect with Margaret! 
For the video, head on over to our YouTube account!