ByteWise

Turning Lemons into Lemonade!
In this episode of ByteWise, Daniela, Brian, and Glen dive into the concept of "never letting a good crisis go to waste." They explore how organizations can leverage incidents, both big and small, to drive positive change and strengthen their security posture.
Topics Discussed:
The concept of "never letting a good crisis go to waste": Origin of the phrase, how it applies to risk management and incident response.
Optimism bias: The tendency to underestimate the likelihood of negative events. How it can hinder proactive risk management.
Learning from incidents: Whether they happen to your organization or someone else, every incident is a learning opportunity.
Practical ways to leverage crises:
Sharing news articles and translating them into actionable insights for decision makers.
Conducting tabletop exercises and simulations to identify weaknesses and test assumptions.
Conducting blameless retrospectives to learn from your own incidents and prevent them from happening again.
The importance of communication: Clearly communicating the potential impact of incidents to decision makers and translating technical jargon into understandable language.
Remember that everyone is vulnerable to cyber attacks: Don't underestimate the risk to your organization.
The importance of cyber resilience: Investing in cyber resilience is crucial, but it's also important to acknowledge that organizations can be victims of crimes.
The role of third-party risk: A significant percentage of incidents are caused by third-party vendors.
Key Takeaways:
Incidents, whether big or small, can be used to drive positive change and improve your organization's security posture.
Don't let optimism bias prevent you from taking proactive steps to mitigate risk.
Learn from the mistakes of others and use their experiences to strengthen your own defenses.
Communicate clearly and effectively with decision makers to ensure that your concerns are heard and addressed.
Share your thoughts on the episode and let us know how you've leveraged crises to drive positive change in your organization.

In this episode of ByteWise, Daniela, Brian, and Glenn discuss the ongoing tension between convenience and security in our personal and professional lives. They explore the risks associated with popular conveniences like one-click purchases, facial recognition, and smart home devices, emphasizing the importance of reading privacy policies and being mindful of our digital footprint.
The conversation shifts to the workplace, highlighting challenges like the use of personal devices, email autofill, and cloud-based tools. They stress the need for transparency between employees and IT/security teams, finding a balance between user experience and security, and providing employees with the right tools to do their jobs securely.
The hosts also touch on the benefits of password managers and single sign-on, the risks of using personal phones for work, and the role of mobile device management (MDM). They conclude by reminding listeners to question the cost of "free" apps and services, emphasizing that convenience should not come at the expense of privacy and security.
Key Takeaways:
Convenience vs. Security: The episode explores the constant tension between convenience and security in both personal and professional lives, highlighting the trade-offs we make for ease of use.
Digital Footprint & Privacy Concerns: The hosts discuss the risks of leaving a massive digital footprint, with our data being collected and potentially exploited by various entities.
Workplace Challenges: The conversation shifts to the workplace, focusing on the challenges of balancing convenience and security when using personal devices, email autofill, and cloud-based tools.
Transparency & Communication: The importance of open communication between employees and IT/security professionals is emphasized to ensure a secure and efficient work environment.
Tools for Security & Convenience: The hosts discuss tools like password managers and single sign-on that can enhance both security and convenience.
Personal Devices & Work: The risks associated with using personal phones for work, such as potential legal issues, are explored, along with the role of mobile device management (MDM) in mitigating these risks.
The Hidden Cost of Convenience: The episode concludes by reminding listeners to question the cost of "free" apps and services, emphasizing that convenience often comes at the price of privacy and security.
Enjoyed this episode on balancing convenience and security? Help us spread the word! Share this episode with your friends and colleagues, and don't forget to subscribe to ByteWise for more insightful discussions on how to connect the dots between risk management, technology, and information security. 

In this episode, Daniela, Brian, and Glen dive into the complex relationship between innovation and security with special guest Scott Daukas. They discuss common misconceptions between innovators and risk/security professionals, how to bridge the gap, and the importance of collaboration in building a secure and innovative future. The conversation also explores legacy systems, strategic planning, and the value of early involvement in the innovation process.Key Takeaways:Misconceptions: Innovators are often seen as mavericks disregarding risk, while risk/security professionals are sometimes perceived as roadblocks to progress.Bridging the Gap: Education, collaboration, and fostering a culture of shared goals are key to breaking down silos and building trust.Early Involvement: Bringing risk and security professionals into innovation discussions early on helps identify potential vulnerabilities and create more resilient products.Strategic Planning: Integrating risk management into strategic planning ensures that security considerations are part of the big picture and not just an afterthought.Legacy Systems: These pose challenges for innovation, but organizations can adapt by identifying systems of record, utilizing APIs, and strategically investing in upgrades.The How, Not the No: Risk and security teams can focus on finding solutions rather than just saying no to new technologies.Relationships Matter: Building strong relationships and understanding each other's perspectives leads to better communication and faster decision-making.Guest:Scott Daukas, Principal at One Washington Financial, brings over 25 years of experience in the credit union industry, specializing in innovation and strategy.To our listeners:Reach out to those who you might typically view as being in opposition to your goals. Engage in conversation, seek to understand their perspective, and discover common ground to drive innovation and security together.Remember: By fostering collaboration and understanding, we can create a more secure and innovative future.

Welcome back to ByteWise! In this episode, we're all about unraveling the tangled web of acronyms we encounter in our professional lives. We'll tackle the challenges of understanding technical jargon and delve into the various meanings and uses of common acronyms across different fields – from technology to information security to risk management.We'll discuss how acronyms like VPN, IAM, SOC, SIM, SSL, PAM, CISO, ZTNA, CTR, ERM, ORM, IRM, GRC, BCP, BCM, and DR are used in everyday conversations and explore their significance in various industries. We also address the challenges of navigating a world filled with acronyms, especially for non-technical individuals.Join us as we emphasize the importance of clear communication and avoiding excessive jargon to ensure everyone understands the conversation.Feel free to reach out to us on LinkedIn for further discussions or questions.https://www.linkedin.com/in/parkerdaniela/https://www.linkedin.com/in/brian-tallon/https://www.linkedin.com/in/glen-sorensen/

In this episode of ByteWise Podcast, Daniela, Brian, and Glen dive into the world of Agile ceremonies and discuss how these practices can be used to improve teamwork and productivity in any setting. They share real-world examples of how planning poker, time boxing, lean coffee, and daily stand-ups have helped their teams collaborate more effectively, make better decisions, and stay focused on their goals. Tune in to discover how these "Agile secret sauce" rituals can unlock the potential of your team, no matter your industry or role.Connect with us on LinkedIn and share your thoughts on Agile. We'd love to hear how you've implemented Agile principles in your own work and the challenges you've faced.https://www.linkedin.com/in/parkerdaniela/https://www.linkedin.com/in/brian-tallon/https://www.linkedin.com/in/glen-sorensen/ Here are links to resources mentioned in the episode, including books and articles on Agile methodologies, to help you deepen your understanding and apply Agile principles in your own projects.Original Agile Manifesto: https://www.agilealliance.org/agile101/the-agile-manifesto/12 Principles behind the Agile Manifesto: https://www.agilealliance.org/agile101/12-principles-behind-the-agile-manifesto/Why Agile: https://kissflow.com/project/agile/benefits-of-agile/Retrospectives: https://www.notonlycode.org/effective-retrospective/Blameless Retrospectives: https://www.goretro.ai/post/how-to-run-a-blameless-sprint-retrospectivePlanning Poker: https://www.atlassian.com/blog/platform/scrum-poker-for-agile-projectsTimebox: https://www.wrike.com/agile-guide/faq/what-is-timebox/Lean Coffee: https://agilecoffee.com/leancoffee/Agile for Everybody: https://www.amazon.com/Agile-Everybody-Creating-Customer-First-Organizations/dp/1492033510Join us in two weeks for our next episode, where we'll tackle common tech acronyms and where you might learn something you didn't know about cooking spray. Be sure to subscribe to ByteWise Podcast so you don't miss it!

Welcome back to ByteWise! In this episode, our very own Agile expert Brian shares his 20 years of experience and knowledge in the field. Brian provides a clear definition of Agile, emphasizing its core principles of breaking down work into manageable chunks, continuous collaboration, and continuous improvement. We learn that Agile is more than just a set of ceremonies or tools - it's a mindset that can be applied beyond software development to various aspects of work and project management.
Discover the importance of retrospectives as a key Agile practice for fostering continuous improvement. We explore how retrospectives provide a safe space for teams to discuss what worked well and what needs improvement, ultimately leading to better processes and outcomes.We also discuss the crucial role of leadership in creating a blameless culture where team members feel safe to share their experiences and suggestions openly. This fosters a collaborative environment where everyone feels valued and empowered to contribute to the team's success.
Learn how Agile prioritizes customer satisfaction through early and continuous delivery of value. We explore how involving end-users early in the process can lead to better outcomes and reduce pushback, ultimately saving time and frustration for everyone involved.Brian shares practical advice on implementing Agile, suggesting starting small with your own team and gradually expanding to other Agile practices. He emphasizes the importance of focusing on continuous improvement and aligning your actions with Agile values and principles.Stay tuned for our next episode, where we'll explore specific Agile tools and ceremonies and how they can be applied to various business scenarios.
Connect with us on LinkedIn and share your thoughts on Agile. We'd love to hear how you've implemented Agile principles in your own work and the challenges you've faced.
https://www.linkedin.com/in/parkerdaniela/
https://www.linkedin.com/in/brian-tallon/
https://www.linkedin.com/in/glen-sorensen/
 
Here are links to resources mentioned in the episode, including books and articles on Agile methodologies, to help you deepen your understanding and apply Agile principles in your own projects.Original Agile Manifesto:  https://www.agilealliance.org/agile101/the-agile-manifesto/
12 Principles behind the Agile Manifesto: https://www.agilealliance.org/agile101/12-principles-behind-the-agile-manifesto/
Why Agile:  https://kissflow.com/project/agile/benefits-of-agile/
Retrospectives:  https://www.notonlycode.org/effective-retrospective/
Blameless Retrospectives:  https://www.goretro.ai/post/how-to-run-a-blameless-sprint-retrospective
Planning Poker:  https://www.atlassian.com/blog/platform/scrum-poker-for-agile-projects
Timebox:  https://www.wrike.com/agile-guide/faq/what-is-timebox/
Lean Coffee:  https://agilecoffee.com/leancoffee/
Agile for Everybody: https://www.amazon.com/Agile-Everybody-Creating-Customer-First-Organizations/dp/1492033510

In this episode of ByteWise, we take a deeper dive into the intricacies of vendor due diligence, illuminating not only its vital components but also the insights it yields and, more importantly, what remains beyond its scope. 
We explore the fundamental elements of vendor due diligence, including financial, operational, legal, and compliance assessments. Our hosts provide a nuanced understanding of how these components work together to offer a comprehensive view of potential vendors' practices, reliability, and business alignment. 
This episode delves into the critical aspects that due diligence processes often overlook, discussing the potential risks and undisclosed information that can lurk unseen. We emphasize the importance of looking beyond the surface and the compliance checkbox to uncover these hidden dangers, offering strategies for a more thorough investigation.
Our hosts also advocate for viewing vendor due diligence from various perspectives to fully grasp its implications. By considering different angles—from the financial to the operational and beyond—businesses can achieve a well-rounded view of their potential partners, leading to more informed decision-making.
This episode is an invaluable resource for anyone looking to navigate the complexities of vendor risk management more holisticallhy, offering key insights into making the most of vendor due diligence processes. Whether you’re a seasoned professional or new to the field, "Uncovering the Unknown: The Limits and Revelations of Vendor Due Diligence" provides essential knowledge for anyone looking to enhance their due diligence practices.

Welcome to Episode 9 of the ByteWise Podcast, where we tackle the often complex and misunderstood world of vendor management. Whether you know it as TPRM (Third-Party Risk Management), VDD (Vendor Due Diligence), VRM (Vendor Risk Management), or simply VM, understanding how to effectively manage your third-party vendors is crucial for every organization.
In today's business landscape, it's nearly impossible to find an organization that doesn't rely on third-party vendors to conduct business. This reliance, while beneficial, introduces various challenges and complexities, especially when it comes to vendor management. From slowing down projects to forcing additional scrutiny through questions, the initial stages of vendor interaction, often beginning with the Request for Proposal (RFP) process, are critical.
Vendor management faces its fair share of pushback, but why is it so essential? Third parties introduce a multitude of risks to organizations, with cyber risk leading the pack. Cyber breaches caused by third parties are not just a concern; they're a significant threat. However, the risks don't stop there. We delve into reputational risks, such as the impact of outsourced call centers on customer experience, operational risks affecting business continuity, strategic risks to organizational goals, and financial risks, including legal liabilities.
As we wrap up this episode, we set the stage for our next discussion, where we'll dive deeper into the specifics of vendor risk management, exploring the key factors and strategies for mitigating these risks effectively.
Thank you for tuning into the ByteWise Podcast. If you're grappling with the challenges of vendor management or looking to refine your approach, this episode is packed with insights and advice to guide you through understanding the why, so you can gain organization buy-in. 
Remember to subscribe to the ByteWise Podcast for more in-depth discussions on technology, information security, and risk management. See you in the next episode!

Welcome to another episode of ByteWise, where today's discussion ventures into the intertwined worlds of Artificial Intelligence (AI) and cybersecurity. We're thrilled to welcome our first-ever guest, Kip Boyle, a leading figure in cyber resilience. As the CEO of Cyber Risk Opportunities and a recognized thought leader, Kip brings a wealth of knowledge on the topic of AI.
In this episode, we dive into the ethical, legal, and practical considerations vital for companies as they develop and deploy AI technologies. Kip shares his approach to balancing innovation with the necessity of safeguarding user data, providing insights into navigating these challenges based on his extensive experience.
Our conversation also explores strategies for businesses to stay competitive in the rapidly evolving AI landscape, especially for those incorporating AI into their operations for the first time. Kip emphasizes the importance of AI literacy across all organizational levels and shares how the NIST AI Framework can be a valuable tool for guiding ethical and secure AI integration.
As we delve deeper, the discussion turns to the significance of continuous learning and adaptability in keeping pace with AI advancements. Kip offers practical advice on fostering a culture of innovation and resilience, highlighting specific initiatives he has undertaken within his organization to promote AI literacy and implementation.
Finally, we tackle the critical topic of vendor due diligence and the challenges of determining if third parties use public versions of AI. Kip provides actionable tips for assessing potential cybersecurity risks during vendor evaluations, ensuring organizations can make informed decisions when selecting partners.
This episode is packed with invaluable insights for anyone interested in the intersection of AI and cybersecurity. Kip's expertise illuminates the path forward for organizations looking to harness AI's power responsibly and effectively. As we conclude, we invite our listeners to connect with Kip on LinkedIn to discover more about his work and contributions to the cybersecurity community.
 
Join us for this enlightening conversation on ByteWise, as we explore how AI and cybersecurity disciplines enable organizations to thrive in a digital age. Stay tuned for more exciting topics in our upcoming episodes.
 
Kip Boyle on LinkedIn
https://www.linkedin.com/in/kipboyle/
 
Daniel Miessler’s open source project called “Fabric” is a framework for augmenting humans using AI
https://github.com/danielmiessler/fabric/blob/main/README.md
 
NIST AI RMF
https://www.nist.gov/itl/ai-risk-management-framework
 
To be published on April 12, 2024
EP 153: NIST AI Risk Management Framework, part 1
https://www.cr-map.com/153
 
To be published on April 26, 2024
EP 154: NIST AI Risk Management Framework, part 2
https://www.cr-map.com/154
 
 

Welcome to our latest podcast episode, where we dive into the exciting world of Artificial Intelligence (AI). We start off by explaining what AI is all about, making it easy for everyone to understand. Our expert guests help break down the basics, showing how AI is not just for tech experts but for anyone interested in the future of technology.
We then move on to bust some of the biggest myths about AI. There's a lot of misinformation out there, and we tackle it head-on, explaining why some of the fears about AI are overblown and why it's not the solution to every problem. This part of the episode is all about separating fact from fiction, helping our listeners get a clear picture of what AI really means for our world.
This episode is a great introduction to AI for anyone curious about how it's going to shape our future. Whether you're completely new to the topic or already have some knowledge, there's something for everyone. Join us as we explore the fascinating world of AI, cutting through the hype to get to the heart of why it's a topic worth paying attention to.