ByteWise

This episode of ByteWise Podcast features Mark Carroll, a senior business executive and founder of the Masters of Science in Enterprise Risk Management program at Boston University. Mark discusses the evolution of risk management, the importance of understanding operational risk, and the critical skills needed for success in the field. He also shares insights into the unique aspects of the BU Risk Management Program and offers advice for those considering a career in risk management.
Key Takeaways:
The Genesis and Evolution of Risk Management:Mark Carroll discusses the inspiration behind BU's Enterprise Risk Management program, addressing the gap in comprehensive risk education, and how the field has evolved from an insurance focus to a holistic, enterprise-wide approach incorporating security, business continuity, and supply chain resilience.
Navigating the "Resilience" Buzzword and Emerging Risks:Mark shares his perspective on the overuse of "resilience" and the need for tangible changes in practice. He also emphasizes understanding the root causes of emerging risks, even as they manifest differently, and the importance of critically evaluating and debunking perceived risks.
Key Skills and Career Paths in Risk Management:Mark identifies curiosity, challenging assumptions, and deep business understanding as crucial skills for risk managers. He also describes the diverse career paths BU graduates pursue, leveraging their rounded business education and risk expertise in roles across supply chain, finance, and operations.
The BU Risk Management Program: A Unique Approach:Mark highlights the program's focus on operational risk (differentiated from market/credit risk), its field-based approach drawing on instructors' practical experience, and its emphasis on harmonizing various risk disciplines within an organization.
Advice for Aspiring Risk Managers:Mark emphasizes continuous learning, adaptability, and understanding business operations to effectively identify and manage risks, offering valuable guidance for those entering the field.
Resources:
Connect with Mark on LinkedIn
Boston University MS Enterprise Risk Management
 

In this episode of ByteWise, we welcome our first international guest, Klaus Agnoletti, a security professional with 20 years of experience and a passion for improving security policies. Klaus discusses why security policies are often overlooked, the importance of clear and concise language, and how AI can be used to create more effective policies. He also shares his insights on the cultural differences in approaching security policies and the importance of open communication.
Key Takeaways:
Readability is crucial: Security policies should be written in simple, easy-to-understand language to ensure that everyone in the organization can comprehend and follow them.
Inclusivity fosters a security culture: Using inclusive language in policies helps to create a sense of shared responsibility for security across the organization.
AI can be a valuable tool: AI tools can assist in writing, analyzing, and maintaining consistency across security documents.  
 
Don't be afraid to challenge the status quo: If a policy doesn't make sense, speak up! Open communication is essential for creating effective security practices.
Cultural differences matter: Different cultures may have varying approaches to following and enforcing policies. Understanding these differences can improve communication and compliance.
Resources:
Connect with Klaus! 
Website
LinkedIn
Klaus Agnoletti's LinkedIn Articles:
Can AI make security policies more human?
Simplicity is your best security tool
Security Policies: when did we decide they had to be boring and written by lawyers?
LIX Score
Connect with your Hosts:
Daniela
Glen
Brian
Call to Action:
Review your organization's security policies and consider how they can be improved for readability and inclusivity.
Experiment with AI tools to help with policy writing and analysis.
Foster a culture of open communication around security policies.
Subscribe to ByteWise

In this episode of ByteWise, Daniela Parker connects with Margaret J. Millett, winner of the 2023 BCI Lifetime Achievement Award, to discuss her remarkable journey in business continuity management. Margaret shares valuable insights on navigating the ever-changing landscape of risk, emphasizing the need for adaptability, continuous learning, and strong leadership support. They delve into the challenges of securing executive buy-in and board engagement, highlighting the importance of clear communication and demonstrating the value of business continuity in mitigating a wide range of disruptions. This insightful conversation explores the evolving nature of risk, from cybersecurity and supply chain disruptions to the growing impact of climate change, and underscores the need for integrated, holistic approaches to resilience.
Margaret and Daniela also discuss the importance of breaking down silos between disciplines like cybersecurity and business continuity, recognizing that these areas are interconnected and require collaborative efforts. They touch on the unique challenges faced by women in the field and offer advice for those entering this dynamic profession, emphasizing the value of mentorship and continuous self-advocacy. Throughout the episode, Margaret shares her perspectives on common misconceptions about business continuity and encourages listeners to embrace a proactive approach to risk management and live each day to the fullest.
Key Takeaways:
Adaptability is key: The business continuity landscape is constantly evolving, requiring professionals to stay informed and embrace new challenges.
Leadership buy-in is crucial: Securing support from executives and boards is essential for building and maintaining strong resilience programs.
Break down the silos: Cybersecurity, business continuity, and other disciplines must work together to create a holistic approach to risk management.
Embrace mentorship: Guidance from experienced professionals can be invaluable for navigating the challenges and opportunities in this field.
Live with intention: Don't take any day for granted and approach your work with passion and purpose.
Connect with Margaret! 
For the video, head on over to our YouTube account!
 

It's the last episode of 2024 and the ByteWise crew is taking a look back at the year that was! Join Daniela, Brian, and Glen for a casual conversation about their biggest takeaways from the past year, including the rise of AI, the evolving Agile landscape, and the importance of collaboration and communication in organizations.
Key Takeaways:
AI is here to stay. While the initial hype may be fading, AI tools like ChatGPT and Gemini are proving to be valuable assets. The team discusses the importance of understanding AI's capabilities and limitations, as well as the need for organizational guardrails to mitigate potential risks.
Agile is more than just speed. Brian emphasizes the need for a reset in the Agile community, focusing on the holistic benefits of Agile methodologies beyond just faster delivery. The team highlights the importance of customer centricity, continuous improvement, and realistic expectations when implementing Agile.
Collaboration is key. The hosts reflect on the unique synergy they experienced while working together, emphasizing the importance of cross-functional collaboration between risk, InfoSec, and IT teams. They stress the need for open communication, understanding different perspectives, and breaking down silos within organizations.
Cybersecurity is everyone's responsibility. The team discusses the persistent misconception that smaller organizations are not targets for cyberattacks. They stress the importance of understanding and quantifying risk, and using effective communication strategies to engage employees and promote a security-conscious culture.
Looking Ahead to 2025:
The ByteWise team is excited for what 2025 holds, with plans for new guests, engaging topics, and continued exploration of the ever-evolving world of cybersecurity, risk management, and technology.

Join us as we chat with Eddie Miro, a cybersecurity expert with an unconventional path into the field. From dial-up tech support to teaching at community colleges and creating games for DefCon, Eddie shares his unique journey and insights.
We delve into the world of Capture the Flag competitions, discuss the challenges of breaking into cybersecurity, and get Eddie's advice for aspiring professionals. Plus, we explore the importance of community and mentorship in the cybersecurity world.
Key Takeaways:
Multiple Paths to Cybersecurity: Eddie emphasizes that there's no single "right" way to enter cybersecurity. College, certifications, home labs, and community involvement all offer valuable avenues.
The Power of Community: Active participation in the cybersecurity community, including attending conferences, volunteering, and networking, can open doors and provide essential support.
CTFs as Learning Tools: Capture the Flag competitions offer a fun and engaging way to develop cybersecurity skills and gain practical experience.
Overcoming Hiring Hurdles: Eddie provides tips for navigating the cybersecurity job market, including tailoring resumes, networking, and seeking referrals.
Cybersecurity for Everyone: Even those in non-technical roles can benefit from a basic understanding of cybersecurity concepts. Eddie offers up some helpful tips. 
 
Resources:
Antisyphon Training: https://www.antisyphontraining.com/
Octopus Game: https://defcon.social/@OctopusGame
DEF CON: https://defcon.org/
Cyber Skyline: https://cyberskyline.com/
National Cyber League: https://nationalcyberleague.org/
CTFtime: https://ctftime.org/
 
Connect with Eddie Miro:
LinkedIn: https://www.linkedin.com/in/theedmiroshow/

In this episode of ByteWise, Daniela, Brian, and Glen tackle the ever-present challenge of prioritization, especially as the year ends and new goals loom. They discuss the difficulties of prioritizing in a shared organizational structure, where everyone believes their work is the most important. The conversation explores the importance of saying "no," managing expectations, and aligning projects with strategic goals. They also delve into practical strategies for staying focused and productive, including minimizing distractions, using planning poker for prioritization, and taking time for self-care.
Key Takeaways:
Prioritization is tough: Everyone thinks their work is the most critical, making objective prioritization difficult.
Saying "no" is crucial: Learn to decline projects that don't align with strategic goals or are consistently low priority.
Focus on a few things: Trying to do everything often leads to doing nothing well.
Context switching kills productivity: Minimize distractions and interruptions to maintain focus.
Use planning poker: This tool helps teams collaboratively prioritize tasks and projects.
Align with strategic goals: Connect your work to the organization's overall objectives to increase its perceived value.
Document everything: Keep records of decisions and recommendations, especially when your advice is overruled.
Take care of yourself: Prioritize your well-being to avoid burnout and maintain productivity.
Resources Mentioned:
Planning Poker
Related Episodes:
The Agile Secret Sauce
Call to Action:
How do you prioritize your work? Share your tips and strategies in the comments!
Connect with ByteWise:
Website
Follow us on LinkedIn

Guest: Bill Peters, Chief Experience Officer at TAPCO Credit Union
Episode Summary:
In this episode of ByteWise, we're joined by Bill Peters, Chief Experience Officer at TAPCO Credit Union. Bill shares his insights on how to effectively manage technology, risk, privacy, and security while prioritizing the member experience. He emphasizes the importance of:
Collaboration: Breaking down silos and partnering with stakeholders across the organization, including the board, IT, and risk management.
Early Evaluation: Incorporating privacy and security considerations from the very beginning when evaluating new technologies and vendors.
Member Focus: Using data to understand member behavior and needs, but always prioritizing member privacy and security.
Continuous Learning: Investing in board and staff education to stay ahead of emerging technologies and threats.
AI for Efficiency: Leveraging AI to increase efficiency and free up staff for more complex tasks and relationship building.
Bill also provides valuable advice for new CXOs, emphasizing the importance of asking questions, being curious, and building trust and vulnerability within teams.
Key Takeaways:
CXOs need to be well-versed in technology, risk, privacy, and security to effectively lead their organizations.
Collaboration is essential for successful technology implementation and risk management.
Data can be a powerful tool for understanding member needs, but privacy and security must be prioritized.
AI can be a game-changer for efficiency, but it's important to manage employee concerns and expectations.
Continuous learning and development are crucial for both board members and staff.
Connect:
Bill Peters
TAPCO Credit Union

Unlocking Influence
In this episode of ByteWise, Daniela and Glen dive into the often-overlooked importance of sales skills in risk management. They go beyond the spreadsheets and data analysis to reveal why understanding client needs, building trust, and nurturing long-term relationships are crucial for success in this field.
Daniela and Glen explore the dynamics of vendor relationships, the role of technology in business decisions, and the essential need for clear communication between internal teams and external consultants. This insightful conversation highlights the power of translating risk assessments into strategic benefits and fostering genuine resilience within organizations.
Key Takeaways:
Sales skills are not just for salespeople: Risk managers need to be persuasive communicators to effectively convey their message and influence decision-making.
Empathy is key: Understanding client pain points and perspectives is crucial for developing tailored risk solutions.
Trust is the foundation: Building strong relationships with stakeholders, both internal and external, requires trust and transparency.
Think long-term: Risk management is not a one-off activity; it requires a long-term perspective and ongoing relationship management.
Vendor engagement is crucial: Vendors need to engage with all stakeholders, not just the IT department, to understand the broader business context.
Empower your internal team: Equipping internal employees with sales skills and processes can improve communication and collaboration.
Leverage external expertise: External consultants can bring valuable credibility and insights to enhance risk management efforts.
Relationships matter: Cultivating and maintaining relationships is essential for long-term success in risk management.
Ask the right questions: Effective communication starts with asking insightful questions to truly understand client needs and concerns.
Translate assessments into action: Risk assessments should be translated into tangible strategic benefits to drive meaningful change within organizations.
What to do next:
Subscribe to Bytewise Podcast on your favorite platform.
Share this episode with colleagues and friends in the risk management and technology fields.
Leave a review and tell us what you think of the show!
We hope you enjoyed this episode of Bytewise! Tune in next time for more insightful discussions on the intersection of technology and risk management.

Join Daniela, Brian, and Glen as they dissect Glen's recent conference experiences. Glen shares insights from Secure World and Wild West Hackin' Fest, highlighting the ongoing struggle to effectively manage AI risks, the persistent gap between business leaders and cybersecurity professionals, and the need for better communication and collaboration across departments. They discuss the challenges of technical debt, the ransomware epidemic, and the importance of investing in detection and response mechanisms. 
Key Takeaways:
AI Governance Gap: While AI is a hot topic, there's a lack of focus on organizational governance and risk management.
Communication Breakdown: A chasm remains between business leaders and cybersecurity professionals, hindering effective risk communication and decision-making.
Tool Overload: An overreliance on tools and technology without proper strategy and communication is a common pitfall.
Ransomware Reality: Ransomware remains a significant threat, highlighting the need for stronger preventative measures and investment in detection and response.
Small and Medium Businesses: Smaller organizations often struggle to find cybersecurity solutions that fit their needs and budgets.
Shifting Focus: There's a growing recognition of the need to move beyond prevention and invest more in detection, response, and recovery.
Breaking Down Silos: Increased collaboration between security, legal, risk management, and other departments is crucial for effective cybersecurity.
Resources Mentioned:
https://www.secureworld.io
https://wildwesthackinfest.com
Call to Action:
Think beyond tools and technology. Focus on strategy, communication, and collaboration.
Invest in detection and response mechanisms to minimize the impact of cyberattacks.
Break down silos and foster communication between departments.
Consider attending cybersecurity conferences to stay informed and network with peers.
Connect with ByteWise:
https://bytewise.podbean.com/
https://www.linkedin.com/company/bytewise-podcast/
 
 

In this episode of ByteWise, Glen and Brian discuss the nuances of hiring in the tech industry. They emphasize the importance of finding candidates who are a good cultural fit and have the potential to grow, even over those with perfect qualifications on paper. They delve into the limitations of relying solely on certifications and degrees, highlighting the value of real-world experience and problem-solving skills.
The hosts also encourage tech professionals to develop business acumen and bridge the communication gap with business leaders. Additionally, they discuss the benefits of remote work and the importance of trust and leadership in managing remote teams, while critiquing the trend of companies forcing employees back to the office full-time.
Key Takeaways:
Prioritize cultural fit and potential for growth when hiring.
Look for candidates with intellectual curiosity, problem-solving skills, and a willingness to learn.
Encourage tech professionals to develop business acumen.
Embrace remote work and trust employees.
Avoid rushing the hiring process and focus on finding the right fit.
What to do next:
Subscribe to ByteWise on your favorite podcast platform.
Share this episode with your colleagues and friends in the tech industry.
Leave a review and let us know what you think of the show!
We hope you enjoyed this episode of ByteWise. Tune in next time for more insights and discussions on the intersection of technology and business.