In this insightful episode of ByteWise, Brian switches roles to interview Glen and Daniela about a common challenge: overcoming skepticism and objections from leadership when trying to secure investment for crucial projects, particularly in information security. They dive into common pushbacks like "we're too small to be a target," "we can't afford it," or "it won't happen to us," providing practical strategies, real-world examples, and valuable frameworks to help listeners build compelling cases and gain buy-in from their board or CEO.

Throughout the discussion, Glen and Daniela tackle these common hurdles by debunking myths that organizations are "too small to target" or "can't afford" necessary protections. They emphasize that all businesses are vulnerable, often due to perceived weaker defenses or as stepping stones to larger targets, and stress the importance of using education, hard numbers, case studies, and quantifying potential financial losses (e.g., compared to net income or insurance limitations) to overcome these objections. Effectively communicating risk involves leveraging established frameworks like NIST or ISO, presenting simple yet relevant metrics tailored to the audience (especially the board) to drive action, and clearly articulating the current state, desired outcomes, and the tangible impact of proposed investments. Ultimately, success lies in a blend of data-driven arguments, strategic communication—including knowing your audience and anticipating their questions—and personal resilience, which involves patience, not taking rejection personally, and being well-prepared to advocate effectively when opportunities arise.

Remember, don't let initial skepticism derail your vital initiatives; use these strategies to build an undeniable case for what your organization truly needs. With persistence, data-driven insights, and a clear understanding of your audience, you can transform those objections into impactful approvals.

This shocking episode of ByteWise uncovers the emerging threat of deepfakes being used in remote job interviews. Daniela, Glen, and Brian discuss how AI-generated fake identities are deceiving hiring managers, potentially granting malicious actors access to sensitive company data and infrastructure.

They explore the technical aspects, motivations behind this fraud, and the limitations of traditional hiring practices and background checks. The conversation highlights the need for heightened awareness, updated verification techniques (both technical and soft skills-based), and robust ongoing monitoring to combat this evolving security risk in the remote work era.

Listen now to understand this critical new threat and how to protect your organization!

Resources

https://www.pindrop.com/article/targeted-by-deepfake-candidates/

https://www.hrdive.com/news/fake-job-applicant-deepfake-70-minutes/745924/

https://www.hr-brew.com/stories/2025/03/31/recruiter-interview-ai-deepfake

This episode dives into actionable strategies for tackling "executive debt" – the accumulation of flawed decision-making and unchallenged assumptions at the leadership level. Hosts Daniela, Monty Fowler, and Mark Dallmeier explore how companies can move beyond traditional, gut-based approaches to goal setting by leveraging data and AI for more informed strategic planning.

They discuss the importance of self-assessments in identifying symptoms of executive debt and the dangers of operating under unexamined assumptions. The conversation highlights the critical link between clear communication of strategic goals and fostering organizational buy-in, as well as the negative impact of dismissive leadership on talent and culture.

Listeners will learn the value of connecting individual work to overarching company objectives and hear a real-world example of a leader successfully changing their behavior. The episode emphasizes the necessity of leaders being open to feedback and embracing change to overcome executive debt. Practical advice is also shared for employees navigating organizations affected by this issue.

Ultimately, the episode stresses that overcoming executive debt requires a shift towards data-driven decisions, open communication, and a willingness for leaders to be self-aware and adaptable.

Connect with our guests:

Monty Fowler

Mark Dallmeier

In this first part of a two-episode series, Daniela, Glen, and Brian welcome Monty Fowler and Mark Dallmeier from AspireSix to talk about the concept of "Executive Debt."

Monty and Mark, seasoned leaders with extensive experience in startups and consulting, introduce executive debt as the accumulation of negative long-term consequences resulting from short-sighted decisions made by organizational leadership. They share the fascinating origin story of the term, born from a conversation about technical debt and the surprising realization of the concept's absence in existing business literature.

The conversation explores the very definition of executive debt, drawing parallels to technical debt's creation through prioritizing immediate needs over future implications. Monty and Mark highlight several key symptoms of executive debt, including a resistance to new strategies, a detachment from market realities, and an "invented here" mentality that stifles innovation. They further explain the damaging ripple effect of executive debt throughout an organization, impacting everything from financial performance and operational efficiency to employee morale and overall culture, often leading to disengagement and a fear of change.

The guests contrast these issues with the attributes of high-performing companies, emphasizing the importance of a healthy culture built on trust, open communication, and a willingness to embrace diverse ideas. They also touch upon the intriguing relationship between executive debt and technical debt, suggesting that poor leadership decisions often pave the way for technical shortcomings. Drawing on their extensive experience, Monty and Mark illustrate the concept with real-world examples, particularly within the realm of cybersecurity and risk management, and discuss the challenges internal teams face in addressing these deeply ingrained issues. The episode concludes with a teaser for the second part, promising a deeper dive into strategies for identifying and overcoming executive debt.

Connect with our guests:

Monty Fowler

Mark Dallmeier

https://aspiresix.com/

Are you truly prepared for when disaster strikes? In this ByteWise episode, Daniela, Glen, and Brian draw on their front-line experience to demystify tabletop exercises and reveal their power to transform your organization's crisis response. Beyond theoretical discussions, they share hard-earned lessons from leading real-world simulations, including a recent large-scale ransomware exercise with over 100 participants. Listen in to gain actionable strategies you can implement today to stress-test your plans, identify critical gaps, and build a culture of resilience.

Key Topics:

• Why Tabletops Matter: Discover how these exercises go beyond theory to expose hidden assumptions, pressure-test decision-making, and validate business continuity plans.

• Incident Response Pitfalls: Learn to avoid common mistakes that can cripple your response, including communication breakdowns, ill-defined roles, and the urge to ""rush to recovery.""

• Mastering the Tabletop: Get practical guidance on designing and facilitating effective simulations, from balancing participation to managing challenging attendees.

• The Human Factor: Explore strategies for simulating the psychological and emotional toll of a crisis, a critical element often overlooked in planning.

• From Exercise to Action: Turn lessons learned into tangible improvements by establishing a regular exercise cadence and implementing a robust follow-up process.

Who should listen?

This episode is a must-listen for technology, risk and resilience professionals, and anyone responsible for ensuring their organization's continuity of operations. Whether you're a seasoned incident responder or new to the field, our hosts provide the deep insights you need to level up your preparedness.

Daniela, Brian, and Glen delve into the difficulties of getting organizations to prioritize and support risk management, IT, and information security. They discuss how departmental silos, conflicting priorities, and a lack of understanding can lead to these areas being marginalized. The conversation explores the tension between documenting risks and the need for action, the importance of relationship-building to bridge communication gaps, and the challenge of shifting organizational mindsets. The hosts emphasize that securing buy-in is an ongoing process, requiring persistence, proactive engagement, and a recognition that organizational change takes time and may necessitate seeking alignment elsewhere.

Welcome back to ByteWise! Today, with the episode launching on April Fool's Day, we're diving into the world of phishing tests. It's a topic that often straddles the line between a security measure and, let's be honest, a workplace prank. We're here to discuss how these tests have evolved, moving from potentially punitive tools to a more nuanced approach. Glen kicks us off by defining phishing as a subset of social engineering, focusing on email-based manipulation. He outlines the common tactics cybercriminals use, like malicious links and fraudulent requests.

We then delve into how the approach to phishing tests has changed. Initially, they were often predictable and monthly, but now, they're more random and ad-hoc. Glen explains how fear-based approaches have been counterproductive, damaging trust between employees and the IT/security team. We share personal anecdotes, like Daniela's memorable e-card phishing test experience, to illustrate this evolution.

The conversation shifts to moving beyond punitive measures. We discuss why mandatory training videos and disciplinary actions are ineffective, and instead, we emphasize the importance of clear reporting processes and effective training. We also touch on the necessity of including everyone, even IT, in these tests. Glen suggests focusing on varied training methods, like webinars and bite-sized modules, and creating a supportive environment for reporting suspicious activities.

We emphasize the importance of clear reporting and communication, ensuring employees know how and where to report suspicious activity. The gray area of dealing with repeat offenders is explored, discussing the balance between employee development and organizational risk. We discuss the importance of having a policy for repeat offenders.

Finally, we discuss fostering a security-aware culture, moving away from fear-based approaches and building trust. We emphasize the role of the IT/security team as a resource and the importance of friendly, approachable security personnel. Daniela wraps up the episode with final thoughts and a reminder to stay vigilant, especially on April Fool's Day.

Key Takeaways:

• Phishing tests should be educational tools, not punitive measures.
• Building a security-aware culture requires trust and open communication.
• Clear reporting processes are essential for effective security.

Resources:

https://tech.co/news/study-workplace-phishing-tests-success-rate

https://www.usenix.org/system/files/usenixsecurity24-schops.pdf

Ever wonder if your disaster recovery (DR) plan would actually work when you need it? Daniela, Brian, and Glen cut through the jargon and get real about DR, focusing on the security gaps you might be missing. They unpack why backups aren't a silver bullet, how problems can lurk in your recovery plans, and why relying solely on cyber insurance can leave you exposed.

What You'll Learn:

• Backups: Not Your Security Blanket: Glen explains why hackers target backups and how to fortify them. Think of it as securing the vault, not just the money.
• Cloud Caution: Brian warns against putting all your eggs in the cloud basket. Learn why you need your own data copies and how to make that happen.
• Ransomware's Hidden Threat: Glen reveals the scary truth: infected backups can re-infect your systems. Discover how to spot and eliminate this risk.
• Insurance Reality Check: Daniela and Brian break down what your cyber insurance really covers. Don't get caught off guard when you need it most.
• Recovery is a Team Sport: Daniela emphasizes that DR isn't just an IT problem. Learn how to involve everyone and why your team's input is crucial. Especially the people who work with the systems daily.
• Actionable DR Tips: Get practical advice on testing your DR plan, identifying critical systems (BIA), and building a resilient recovery strategy.

Key Takeaways:

• Don't assume your backups are safe. Proactively secure them.
• Diversify your data storage. Don't rely solely on cloud providers.
• Scan backups for malware. Assume the worst.
• Understand your cyber insurance policy's limitations.
• Involve your entire team in DR planning.
• Test your plan regularly. Real-world events are unpredictable.
• A BIA, Business Impact Analysis, is your road map.