ByteWise

Welcome back to ByteWise! In this episode, our very own Agile expert Brian shares his 20 years of experience and knowledge in the field. Brian provides a clear definition of Agile, emphasizing its core principles of breaking down work into manageable chunks, continuous collaboration, and continuous improvement. We learn that Agile is more than just a set of ceremonies or tools - it's a mindset that can be applied beyond software development to various aspects of work and project management.
Discover the importance of retrospectives as a key Agile practice for fostering continuous improvement. We explore how retrospectives provide a safe space for teams to discuss what worked well and what needs improvement, ultimately leading to better processes and outcomes.We also discuss the crucial role of leadership in creating a blameless culture where team members feel safe to share their experiences and suggestions openly. This fosters a collaborative environment where everyone feels valued and empowered to contribute to the team's success.
Learn how Agile prioritizes customer satisfaction through early and continuous delivery of value. We explore how involving end-users early in the process can lead to better outcomes and reduce pushback, ultimately saving time and frustration for everyone involved.Brian shares practical advice on implementing Agile, suggesting starting small with your own team and gradually expanding to other Agile practices. He emphasizes the importance of focusing on continuous improvement and aligning your actions with Agile values and principles.Stay tuned for our next episode, where we'll explore specific Agile tools and ceremonies and how they can be applied to various business scenarios.
Connect with us on LinkedIn and share your thoughts on Agile. We'd love to hear how you've implemented Agile principles in your own work and the challenges you've faced.
https://www.linkedin.com/in/parkerdaniela/
https://www.linkedin.com/in/brian-tallon/
https://www.linkedin.com/in/glen-sorensen/
 
Here are links to resources mentioned in the episode, including books and articles on Agile methodologies, to help you deepen your understanding and apply Agile principles in your own projects.Original Agile Manifesto:  https://www.agilealliance.org/agile101/the-agile-manifesto/
12 Principles behind the Agile Manifesto: https://www.agilealliance.org/agile101/12-principles-behind-the-agile-manifesto/
Why Agile:  https://kissflow.com/project/agile/benefits-of-agile/
Retrospectives:  https://www.notonlycode.org/effective-retrospective/
Blameless Retrospectives:  https://www.goretro.ai/post/how-to-run-a-blameless-sprint-retrospective
Planning Poker:  https://www.atlassian.com/blog/platform/scrum-poker-for-agile-projects
Timebox:  https://www.wrike.com/agile-guide/faq/what-is-timebox/
Lean Coffee:  https://agilecoffee.com/leancoffee/
Agile for Everybody: https://www.amazon.com/Agile-Everybody-Creating-Customer-First-Organizations/dp/1492033510

In this episode of ByteWise, we take a deeper dive into the intricacies of vendor due diligence, illuminating not only its vital components but also the insights it yields and, more importantly, what remains beyond its scope. 
We explore the fundamental elements of vendor due diligence, including financial, operational, legal, and compliance assessments. Our hosts provide a nuanced understanding of how these components work together to offer a comprehensive view of potential vendors' practices, reliability, and business alignment. 
This episode delves into the critical aspects that due diligence processes often overlook, discussing the potential risks and undisclosed information that can lurk unseen. We emphasize the importance of looking beyond the surface and the compliance checkbox to uncover these hidden dangers, offering strategies for a more thorough investigation.
Our hosts also advocate for viewing vendor due diligence from various perspectives to fully grasp its implications. By considering different angles—from the financial to the operational and beyond—businesses can achieve a well-rounded view of their potential partners, leading to more informed decision-making.
This episode is an invaluable resource for anyone looking to navigate the complexities of vendor risk management more holisticallhy, offering key insights into making the most of vendor due diligence processes. Whether you’re a seasoned professional or new to the field, "Uncovering the Unknown: The Limits and Revelations of Vendor Due Diligence" provides essential knowledge for anyone looking to enhance their due diligence practices.

Welcome to Episode 9 of the ByteWise Podcast, where we tackle the often complex and misunderstood world of vendor management. Whether you know it as TPRM (Third-Party Risk Management), VDD (Vendor Due Diligence), VRM (Vendor Risk Management), or simply VM, understanding how to effectively manage your third-party vendors is crucial for every organization.
In today's business landscape, it's nearly impossible to find an organization that doesn't rely on third-party vendors to conduct business. This reliance, while beneficial, introduces various challenges and complexities, especially when it comes to vendor management. From slowing down projects to forcing additional scrutiny through questions, the initial stages of vendor interaction, often beginning with the Request for Proposal (RFP) process, are critical.
Vendor management faces its fair share of pushback, but why is it so essential? Third parties introduce a multitude of risks to organizations, with cyber risk leading the pack. Cyber breaches caused by third parties are not just a concern; they're a significant threat. However, the risks don't stop there. We delve into reputational risks, such as the impact of outsourced call centers on customer experience, operational risks affecting business continuity, strategic risks to organizational goals, and financial risks, including legal liabilities.
As we wrap up this episode, we set the stage for our next discussion, where we'll dive deeper into the specifics of vendor risk management, exploring the key factors and strategies for mitigating these risks effectively.
Thank you for tuning into the ByteWise Podcast. If you're grappling with the challenges of vendor management or looking to refine your approach, this episode is packed with insights and advice to guide you through understanding the why, so you can gain organization buy-in. 
Remember to subscribe to the ByteWise Podcast for more in-depth discussions on technology, information security, and risk management. See you in the next episode!

Welcome to another episode of ByteWise, where today's discussion ventures into the intertwined worlds of Artificial Intelligence (AI) and cybersecurity. We're thrilled to welcome our first-ever guest, Kip Boyle, a leading figure in cyber resilience. As the CEO of Cyber Risk Opportunities and a recognized thought leader, Kip brings a wealth of knowledge on the topic of AI.
In this episode, we dive into the ethical, legal, and practical considerations vital for companies as they develop and deploy AI technologies. Kip shares his approach to balancing innovation with the necessity of safeguarding user data, providing insights into navigating these challenges based on his extensive experience.
Our conversation also explores strategies for businesses to stay competitive in the rapidly evolving AI landscape, especially for those incorporating AI into their operations for the first time. Kip emphasizes the importance of AI literacy across all organizational levels and shares how the NIST AI Framework can be a valuable tool for guiding ethical and secure AI integration.
As we delve deeper, the discussion turns to the significance of continuous learning and adaptability in keeping pace with AI advancements. Kip offers practical advice on fostering a culture of innovation and resilience, highlighting specific initiatives he has undertaken within his organization to promote AI literacy and implementation.
Finally, we tackle the critical topic of vendor due diligence and the challenges of determining if third parties use public versions of AI. Kip provides actionable tips for assessing potential cybersecurity risks during vendor evaluations, ensuring organizations can make informed decisions when selecting partners.
This episode is packed with invaluable insights for anyone interested in the intersection of AI and cybersecurity. Kip's expertise illuminates the path forward for organizations looking to harness AI's power responsibly and effectively. As we conclude, we invite our listeners to connect with Kip on LinkedIn to discover more about his work and contributions to the cybersecurity community.
 
Join us for this enlightening conversation on ByteWise, as we explore how AI and cybersecurity disciplines enable organizations to thrive in a digital age. Stay tuned for more exciting topics in our upcoming episodes.
 
Kip Boyle on LinkedIn
https://www.linkedin.com/in/kipboyle/
 
Daniel Miessler’s open source project called “Fabric” is a framework for augmenting humans using AI
https://github.com/danielmiessler/fabric/blob/main/README.md
 
NIST AI RMF
https://www.nist.gov/itl/ai-risk-management-framework
 
To be published on April 12, 2024
EP 153: NIST AI Risk Management Framework, part 1
https://www.cr-map.com/153
 
To be published on April 26, 2024
EP 154: NIST AI Risk Management Framework, part 2
https://www.cr-map.com/154
 
 

Welcome to our latest podcast episode, where we dive into the exciting world of Artificial Intelligence (AI). We start off by explaining what AI is all about, making it easy for everyone to understand. Our expert guests help break down the basics, showing how AI is not just for tech experts but for anyone interested in the future of technology.
We then move on to bust some of the biggest myths about AI. There's a lot of misinformation out there, and we tackle it head-on, explaining why some of the fears about AI are overblown and why it's not the solution to every problem. This part of the episode is all about separating fact from fiction, helping our listeners get a clear picture of what AI really means for our world.
This episode is a great introduction to AI for anyone curious about how it's going to shape our future. Whether you're completely new to the topic or already have some knowledge, there's something for everyone. Join us as we explore the fascinating world of AI, cutting through the hype to get to the heart of why it's a topic worth paying attention to.

Welcome back to our podcast series on technical debt! In this episode, we delve deeper into the roots, challenges, and ownership surrounding this pervasive issue in organizations. If you missed the last episode, be sure to catch up on that before diving into this one.
Technical debt doesn't just appear out of nowhere; it often has its roots in various factors such as tight deadlines, evolving requirements, lack of collaboration, or inexperienced developers. We discuss how shortcuts, quick fixes, and rushed decision-making contribute to the accumulation of technical debt over time.
Who owns the responsibility of fixing technical debt? Is it solely the developers' responsibility, or does it extend to project managers, product owners, or even higher management? We explore the importance of a collective mindset towards technical debt resolution and how assigning ownership can facilitate a more effective resolution process.
Unearthing the underlying causes of technical debt is crucial for devising effective strategies to tackle it. We share some methods and tools for identifying the root causes, includingretrospectives and feedback loops.
Technical debt presents a myriad of challenges, from decreased productivity and increased maintenance costs to degraded system performance and heightened risk of bugs and failures. We discuss some of the biggest challenges teams face when dealing with technical debt and strategies for overcoming them.
In wrapping up, we emphasize the importance of understanding the root causes of technical debt, fostering a culture of shared ownership, and involving the entire organization in addressing this critical issue. Join us for our next episode, where we'll dive into practical strategies and best practices for managing and mitigating technical debt effectively.
Thank you for tuning in to another episode of our podcast. Don't forget to subscribe, and please leave us a review if you enjoyed the content. Until next time!

In this episode we take on a topic that, while often overlooked, significantly affects nearly every organization: technical debt.
At the outset, we give you a brief overview of what to expect from today’s discussion, highlighting the importance of understanding technical debt, not just for developers and IT professionals but for anyone involved in the ecosystem. 
We start by defining technical debt. Much like financial debt, technical debt accumulates interest, in this case, in the form of unitended consequences that sap productivity and resources. We explore the nuances between intentional and unintentional technical debt, and the implications they carry.
The conversation then shifts to the impact of technical debt on organizations. Through real-world examples, we discuss how it can hinder new features, escalate bugs, and inflate operational costs, ultimately affecting an organization's bottom line. 
Expanding the conversation, we tie technical debt to other disciplines such as project management, business continuity and vendor management. The discussion also touches on the delicate balance between pushing for innovation and the necessity of maintenance, offering guidance on how to strike the right chord.
Thank you for tuning in and being part of our journey through the digital landscape. Let’s keep the conversation going and transform the way we think about and handle technical debt, together.

In this insightful episode of the ByteWise podcast, we delve into the intricate world of risk management, information security, and IT, exploring their pivotal roles within the organizational structure. "Where Do We Belong?" sheds light on the various organizational charts that shape these critical functions and their integration into the broader corporate landscape. Our discussion navigates through the diverse models of org charts, from centralized to decentralized, and hybrid approaches, examining the unique advantages and challenges each presents.
Listeners will gain an understanding of how the positioning of risk management, information security, and IT within an organization can significantly influence their effectiveness and authority. We dissect the implications of each org chart layout on the ability to influence decision-making processes, foster interdepartmental collaboration, and secure buy-in from key stakeholders.
Join us as we unravel the complexities of organizational design, its impact on the strategic roles of risk management, information security, and IT, and the best practices for maximizing their influence within your company. Whether you're a C-suite executive, a manager in the tech space, or an IT professional, this episode offers valuable insights into aligning your organizational structure with your strategic objectives for optimal performance and security.

This episode of "ByteWise" is dedicated to a critical issue faced by risk and technology professionals: gaining organizational buy-in for their initiatives. 
We begin by exploring why securing buy-in is particularly challenging in the fields of risk and technology. From the rapid pace of technological change to the often intangible nature of risk management benefits, we dissect the factors that make stakeholders hesitant. We also discuss the communication gap that frequently exists between tech/risk professionals and decision-makers, who may not always have a technical background.
Our conversation also includes advice on building a compelling narrative that addresses the specific concerns and interests of board members and executive management. We'll cover the importance of speaking their language, focusing on strategic objectives, and demonstrating how risk and technology initiatives are essential for the organization's growth and stability.
This episode is a must-listen for any risk or technology professional looking to effectively navigate the complex landscape of organizational politics and secure the necessary support for their projects.
Tune in to "ByteWise" for insightful advice and strategies to help you bridge the gap between your risk and technology initiatives and the stakeholders who can make them happen. Remember to subscribe for more episodes with expert insights into the world of risk and technology management.
Join the conversation! 
ByteWise Podcast
 

In this episode of "ByteWise," we're simplifying the complex world of audits and assessments. If you've ever wondered about the differences between an audit, a risk assessment, a vulnerability assessment, a penetration test, and a vulnerability test, then this is the episode for you. We're going back to basics to explain what each of these terms means, how they differ, and why they're important.
We'll guide you through the purposes of each evaluation, from audits that check for compliance, to risk assessments that identify potential threats, and to pen tests that simulate cyberattacks. Our discussion is designed to be accessible and informative, perfect for those who are curious how the different disciplines view these tools.
We also touch on the typical sequence of these evaluations and their practical applications in a real-world setting.  So, whether you're just looking to brush up on your knowledge or fine-tune your understanding of these tools, tune in to "ByteWise." Don't forget to subscribe for more insights into technology, information security, and risk management.
Join the conversation! 
ByteWise Podcast