ByteWise

Welcome back to ByteWise! In this episode, we're all about unraveling the tangled web of acronyms we encounter in our professional lives. We'll tackle the challenges of understanding technical jargon and delve into the various meanings and uses of common acronyms across different fields – from technology to information security to risk management.We'll discuss how acronyms like VPN, IAM, SOC, SIM, SSL, PAM, CISO, ZTNA, CTR, ERM, ORM, IRM, GRC, BCP, BCM, and DR are used in everyday conversations and explore their significance in various industries. We also address the challenges of navigating a world filled with acronyms, especially for non-technical individuals.Join us as we emphasize the importance of clear communication and avoiding excessive jargon to ensure everyone understands the conversation.Feel free to reach out to us on LinkedIn for further discussions or questions.https://www.linkedin.com/in/parkerdaniela/https://www.linkedin.com/in/brian-tallon/https://www.linkedin.com/in/glen-sorensen/

In this episode of ByteWise Podcast, Daniela, Brian, and Glen dive into the world of Agile ceremonies and discuss how these practices can be used to improve teamwork and productivity in any setting. They share real-world examples of how planning poker, time boxing, lean coffee, and daily stand-ups have helped their teams collaborate more effectively, make better decisions, and stay focused on their goals. Tune in to discover how these "Agile secret sauce" rituals can unlock the potential of your team, no matter your industry or role.Connect with us on LinkedIn and share your thoughts on Agile. We'd love to hear how you've implemented Agile principles in your own work and the challenges you've faced.https://www.linkedin.com/in/parkerdaniela/https://www.linkedin.com/in/brian-tallon/https://www.linkedin.com/in/glen-sorensen/ Here are links to resources mentioned in the episode, including books and articles on Agile methodologies, to help you deepen your understanding and apply Agile principles in your own projects.Original Agile Manifesto: https://www.agilealliance.org/agile101/the-agile-manifesto/12 Principles behind the Agile Manifesto: https://www.agilealliance.org/agile101/12-principles-behind-the-agile-manifesto/Why Agile: https://kissflow.com/project/agile/benefits-of-agile/Retrospectives: https://www.notonlycode.org/effective-retrospective/Blameless Retrospectives: https://www.goretro.ai/post/how-to-run-a-blameless-sprint-retrospectivePlanning Poker: https://www.atlassian.com/blog/platform/scrum-poker-for-agile-projectsTimebox: https://www.wrike.com/agile-guide/faq/what-is-timebox/Lean Coffee: https://agilecoffee.com/leancoffee/Agile for Everybody: https://www.amazon.com/Agile-Everybody-Creating-Customer-First-Organizations/dp/1492033510Join us in two weeks for our next episode, where we'll tackle common tech acronyms and where you might learn something you didn't know about cooking spray. Be sure to subscribe to ByteWise Podcast so you don't miss it!

Welcome back to ByteWise! In this episode, our very own Agile expert Brian shares his 20 years of experience and knowledge in the field. Brian provides a clear definition of Agile, emphasizing its core principles of breaking down work into manageable chunks, continuous collaboration, and continuous improvement. We learn that Agile is more than just a set of ceremonies or tools - it's a mindset that can be applied beyond software development to various aspects of work and project management.
Discover the importance of retrospectives as a key Agile practice for fostering continuous improvement. We explore how retrospectives provide a safe space for teams to discuss what worked well and what needs improvement, ultimately leading to better processes and outcomes.We also discuss the crucial role of leadership in creating a blameless culture where team members feel safe to share their experiences and suggestions openly. This fosters a collaborative environment where everyone feels valued and empowered to contribute to the team's success.
Learn how Agile prioritizes customer satisfaction through early and continuous delivery of value. We explore how involving end-users early in the process can lead to better outcomes and reduce pushback, ultimately saving time and frustration for everyone involved.Brian shares practical advice on implementing Agile, suggesting starting small with your own team and gradually expanding to other Agile practices. He emphasizes the importance of focusing on continuous improvement and aligning your actions with Agile values and principles.Stay tuned for our next episode, where we'll explore specific Agile tools and ceremonies and how they can be applied to various business scenarios.
Connect with us on LinkedIn and share your thoughts on Agile. We'd love to hear how you've implemented Agile principles in your own work and the challenges you've faced.
https://www.linkedin.com/in/parkerdaniela/
https://www.linkedin.com/in/brian-tallon/
https://www.linkedin.com/in/glen-sorensen/
 
Here are links to resources mentioned in the episode, including books and articles on Agile methodologies, to help you deepen your understanding and apply Agile principles in your own projects.Original Agile Manifesto:  https://www.agilealliance.org/agile101/the-agile-manifesto/
12 Principles behind the Agile Manifesto: https://www.agilealliance.org/agile101/12-principles-behind-the-agile-manifesto/
Why Agile:  https://kissflow.com/project/agile/benefits-of-agile/
Retrospectives:  https://www.notonlycode.org/effective-retrospective/
Blameless Retrospectives:  https://www.goretro.ai/post/how-to-run-a-blameless-sprint-retrospective
Planning Poker:  https://www.atlassian.com/blog/platform/scrum-poker-for-agile-projects
Timebox:  https://www.wrike.com/agile-guide/faq/what-is-timebox/
Lean Coffee:  https://agilecoffee.com/leancoffee/
Agile for Everybody: https://www.amazon.com/Agile-Everybody-Creating-Customer-First-Organizations/dp/1492033510

In this episode of ByteWise, we take a deeper dive into the intricacies of vendor due diligence, illuminating not only its vital components but also the insights it yields and, more importantly, what remains beyond its scope. 
We explore the fundamental elements of vendor due diligence, including financial, operational, legal, and compliance assessments. Our hosts provide a nuanced understanding of how these components work together to offer a comprehensive view of potential vendors' practices, reliability, and business alignment. 
This episode delves into the critical aspects that due diligence processes often overlook, discussing the potential risks and undisclosed information that can lurk unseen. We emphasize the importance of looking beyond the surface and the compliance checkbox to uncover these hidden dangers, offering strategies for a more thorough investigation.
Our hosts also advocate for viewing vendor due diligence from various perspectives to fully grasp its implications. By considering different angles—from the financial to the operational and beyond—businesses can achieve a well-rounded view of their potential partners, leading to more informed decision-making.
This episode is an invaluable resource for anyone looking to navigate the complexities of vendor risk management more holisticallhy, offering key insights into making the most of vendor due diligence processes. Whether you’re a seasoned professional or new to the field, "Uncovering the Unknown: The Limits and Revelations of Vendor Due Diligence" provides essential knowledge for anyone looking to enhance their due diligence practices.

Welcome to Episode 9 of the ByteWise Podcast, where we tackle the often complex and misunderstood world of vendor management. Whether you know it as TPRM (Third-Party Risk Management), VDD (Vendor Due Diligence), VRM (Vendor Risk Management), or simply VM, understanding how to effectively manage your third-party vendors is crucial for every organization.
In today's business landscape, it's nearly impossible to find an organization that doesn't rely on third-party vendors to conduct business. This reliance, while beneficial, introduces various challenges and complexities, especially when it comes to vendor management. From slowing down projects to forcing additional scrutiny through questions, the initial stages of vendor interaction, often beginning with the Request for Proposal (RFP) process, are critical.
Vendor management faces its fair share of pushback, but why is it so essential? Third parties introduce a multitude of risks to organizations, with cyber risk leading the pack. Cyber breaches caused by third parties are not just a concern; they're a significant threat. However, the risks don't stop there. We delve into reputational risks, such as the impact of outsourced call centers on customer experience, operational risks affecting business continuity, strategic risks to organizational goals, and financial risks, including legal liabilities.
As we wrap up this episode, we set the stage for our next discussion, where we'll dive deeper into the specifics of vendor risk management, exploring the key factors and strategies for mitigating these risks effectively.
Thank you for tuning into the ByteWise Podcast. If you're grappling with the challenges of vendor management or looking to refine your approach, this episode is packed with insights and advice to guide you through understanding the why, so you can gain organization buy-in. 
Remember to subscribe to the ByteWise Podcast for more in-depth discussions on technology, information security, and risk management. See you in the next episode!

Welcome to another episode of ByteWise, where today's discussion ventures into the intertwined worlds of Artificial Intelligence (AI) and cybersecurity. We're thrilled to welcome our first-ever guest, Kip Boyle, a leading figure in cyber resilience. As the CEO of Cyber Risk Opportunities and a recognized thought leader, Kip brings a wealth of knowledge on the topic of AI.
In this episode, we dive into the ethical, legal, and practical considerations vital for companies as they develop and deploy AI technologies. Kip shares his approach to balancing innovation with the necessity of safeguarding user data, providing insights into navigating these challenges based on his extensive experience.
Our conversation also explores strategies for businesses to stay competitive in the rapidly evolving AI landscape, especially for those incorporating AI into their operations for the first time. Kip emphasizes the importance of AI literacy across all organizational levels and shares how the NIST AI Framework can be a valuable tool for guiding ethical and secure AI integration.
As we delve deeper, the discussion turns to the significance of continuous learning and adaptability in keeping pace with AI advancements. Kip offers practical advice on fostering a culture of innovation and resilience, highlighting specific initiatives he has undertaken within his organization to promote AI literacy and implementation.
Finally, we tackle the critical topic of vendor due diligence and the challenges of determining if third parties use public versions of AI. Kip provides actionable tips for assessing potential cybersecurity risks during vendor evaluations, ensuring organizations can make informed decisions when selecting partners.
This episode is packed with invaluable insights for anyone interested in the intersection of AI and cybersecurity. Kip's expertise illuminates the path forward for organizations looking to harness AI's power responsibly and effectively. As we conclude, we invite our listeners to connect with Kip on LinkedIn to discover more about his work and contributions to the cybersecurity community.
 
Join us for this enlightening conversation on ByteWise, as we explore how AI and cybersecurity disciplines enable organizations to thrive in a digital age. Stay tuned for more exciting topics in our upcoming episodes.
 
Kip Boyle on LinkedIn
https://www.linkedin.com/in/kipboyle/
 
Daniel Miessler’s open source project called “Fabric” is a framework for augmenting humans using AI
https://github.com/danielmiessler/fabric/blob/main/README.md
 
NIST AI RMF
https://www.nist.gov/itl/ai-risk-management-framework
 
To be published on April 12, 2024
EP 153: NIST AI Risk Management Framework, part 1
https://www.cr-map.com/153
 
To be published on April 26, 2024
EP 154: NIST AI Risk Management Framework, part 2
https://www.cr-map.com/154
 
 

Welcome to our latest podcast episode, where we dive into the exciting world of Artificial Intelligence (AI). We start off by explaining what AI is all about, making it easy for everyone to understand. Our expert guests help break down the basics, showing how AI is not just for tech experts but for anyone interested in the future of technology.
We then move on to bust some of the biggest myths about AI. There's a lot of misinformation out there, and we tackle it head-on, explaining why some of the fears about AI are overblown and why it's not the solution to every problem. This part of the episode is all about separating fact from fiction, helping our listeners get a clear picture of what AI really means for our world.
This episode is a great introduction to AI for anyone curious about how it's going to shape our future. Whether you're completely new to the topic or already have some knowledge, there's something for everyone. Join us as we explore the fascinating world of AI, cutting through the hype to get to the heart of why it's a topic worth paying attention to.

Welcome back to our podcast series on technical debt! In this episode, we delve deeper into the roots, challenges, and ownership surrounding this pervasive issue in organizations. If you missed the last episode, be sure to catch up on that before diving into this one.
Technical debt doesn't just appear out of nowhere; it often has its roots in various factors such as tight deadlines, evolving requirements, lack of collaboration, or inexperienced developers. We discuss how shortcuts, quick fixes, and rushed decision-making contribute to the accumulation of technical debt over time.
Who owns the responsibility of fixing technical debt? Is it solely the developers' responsibility, or does it extend to project managers, product owners, or even higher management? We explore the importance of a collective mindset towards technical debt resolution and how assigning ownership can facilitate a more effective resolution process.
Unearthing the underlying causes of technical debt is crucial for devising effective strategies to tackle it. We share some methods and tools for identifying the root causes, includingretrospectives and feedback loops.
Technical debt presents a myriad of challenges, from decreased productivity and increased maintenance costs to degraded system performance and heightened risk of bugs and failures. We discuss some of the biggest challenges teams face when dealing with technical debt and strategies for overcoming them.
In wrapping up, we emphasize the importance of understanding the root causes of technical debt, fostering a culture of shared ownership, and involving the entire organization in addressing this critical issue. Join us for our next episode, where we'll dive into practical strategies and best practices for managing and mitigating technical debt effectively.
Thank you for tuning in to another episode of our podcast. Don't forget to subscribe, and please leave us a review if you enjoyed the content. Until next time!

In this episode we take on a topic that, while often overlooked, significantly affects nearly every organization: technical debt.
At the outset, we give you a brief overview of what to expect from today’s discussion, highlighting the importance of understanding technical debt, not just for developers and IT professionals but for anyone involved in the ecosystem. 
We start by defining technical debt. Much like financial debt, technical debt accumulates interest, in this case, in the form of unitended consequences that sap productivity and resources. We explore the nuances between intentional and unintentional technical debt, and the implications they carry.
The conversation then shifts to the impact of technical debt on organizations. Through real-world examples, we discuss how it can hinder new features, escalate bugs, and inflate operational costs, ultimately affecting an organization's bottom line. 
Expanding the conversation, we tie technical debt to other disciplines such as project management, business continuity and vendor management. The discussion also touches on the delicate balance between pushing for innovation and the necessity of maintenance, offering guidance on how to strike the right chord.
Thank you for tuning in and being part of our journey through the digital landscape. Let’s keep the conversation going and transform the way we think about and handle technical debt, together.

In this insightful episode of the ByteWise podcast, we delve into the intricate world of risk management, information security, and IT, exploring their pivotal roles within the organizational structure. "Where Do We Belong?" sheds light on the various organizational charts that shape these critical functions and their integration into the broader corporate landscape. Our discussion navigates through the diverse models of org charts, from centralized to decentralized, and hybrid approaches, examining the unique advantages and challenges each presents.
Listeners will gain an understanding of how the positioning of risk management, information security, and IT within an organization can significantly influence their effectiveness and authority. We dissect the implications of each org chart layout on the ability to influence decision-making processes, foster interdepartmental collaboration, and secure buy-in from key stakeholders.
Join us as we unravel the complexities of organizational design, its impact on the strategic roles of risk management, information security, and IT, and the best practices for maximizing their influence within your company. Whether you're a C-suite executive, a manager in the tech space, or an IT professional, this episode offers valuable insights into aligning your organizational structure with your strategic objectives for optimal performance and security.