Guest: Mark Moore, VP Fraud Strategy and Prevention

Episode Highlights:

• The Fraud-Tech Fusion: Mark shares his unique journey from InfoSec to Fraud, highlighting the increasing overlap between cybersecurity and fraud prevention in today's digital landscape.
• Outsmarting the Scammers: From the resurgence of check fraud on Telegram to sophisticated multi-layered attacks, Mark reveals the latest tactics fraudsters are using and how to stay one step ahead.
• Building a Proactive Defense: It's not just about "whack-a-mole" anymore! Learn how Mark builds proactive fraud prevention strategies, emphasizing the importance of data analysis, collaboration with marketing and digital teams, and utilizing tools like LinkedIn and DefenseStorm's newsletter to stay informed.
• The Ideal Fraud Fighter: Forget the stereotypes! Curiosity, humor, adaptability, and resilience are the key traits Mark looks for when building his team. He also shares insights on using the SFIA framework for effective hiring and training.
• Navigating the Org Chart: Where does fraud prevention fit best within an organization? Mark discusses the pros and cons of embedding fraud teams within IT, risk management, or operations, emphasizing the need for flexibility and understanding each organization's unique strengths.

Key Takeaways:

• The lines between fraud and cybersecurity are blurring, necessitating closer collaboration between these fields.
• Data is key in both fraud and marketing, making cross-departmental partnerships essential.
• Soft skills like curiosity, adaptability, and resilience are just as important as technical skills in fraud prevention.
• Building a proactive fraud defense requires staying informed, utilizing the right tools, and understanding the evolving tactics of fraudsters.
• The ideal organizational structure for fraud prevention varies depending on the company's strengths and culture.

Resources:

International Association of Financial Crimes Investigators

Northwest Fraud Investigators Association

Association of Certified Financial Crime Specialists

Center for Financial Professionals

DefenseStorm

Connect with Mark!

October is looming, and for many, that means the dreaded annual cybersecurity training. But on this week's ByteWise,we're here to tell you it doesn't have to be a snoozefest!

We kick off with Daniela's newfound obsession: the Darknet Diaries podcast. It's a thrilling deep dive into the underbelly of the internet, perfect for getting in the cybersecurity mindset. (Just maybe don't listen to it before bed!)

Then, we tackle the big question: How can we make cybersecurity awareness fun? Forget those click-through slideshows.We're talking:

• The "Inside Man" - a binge-worthy series that had employees begging for more.
• A treasure hunt that turned the office into a playful battleground.
• A phishing contest that pitted departments against each other (with hilarious results).
• Roundtable discussions that tapped into employee expertise and offered the chance to win prizes.
• "Feature Friday" - a simple but effective way to put a human face on security.
• And for the truly adventurous: tabletop exercises with a Dungeons & Dragons twist!

We also share a treasure trove of free resources to get you started. So, ditch the boring webinars and turn October into a month of cybersecurity excitement! Your employees (and your data) will thank you.

Links & Resources:

• All the goodies mentioned in the episode:
  • CISA Cybersecurity Awareness Month (free)
  • National Cybersecurity Alliance (free)
  • KnowBe4 - Home of the "Inside Man"
  • Wizer (great alternative for training and phishing)
  • Hackback Gaming
• Ready to level up your cybersecurity awareness? Subscribe to ByteWise today!
  • Subscribe!

In this episode of ByteWise Podcast, Daniela, Brian, and Glen chat with Jeff Owen, Chief Operating Officer at Rochdale, a credit union services organization (CUSO) specializing in enterprise risk management (ERM). They delve into the often misunderstood concepts of risk appetite and risk tolerance, emphasizing their importance in the information security and technology space. Jeff shares his insights on defining ERM, establishing risk appetite statements, and integrating them into strategic decision-making. He also discusses the challenges of gaining buy-in for risk management initiatives and provides actionable advice for incorporating risk appetite statements into cybersecurity strategies.

Key Takeaways:

• Defining ERM: Jeff emphasizes the importance of understanding ERM's objectives before jumping into discussions, highlighting the need for a holistic approach that considers the biggest risks tied to organizational objectives.
• Risk Appetite vs. Risk Tolerance: Jeff differentiates between risk appetite (broad, qualitative view of acceptable risk) and risk tolerance (detailed, quantitative boundaries on specific risks).
• Establishing Risk Appetite Statements: Jeff outlines a step-by-step process involving dialogue between the board and executive team, incorporating risk categories and objectives, and creating hypothetical scenarios to gauge risk tolerance.
• Communicating Risk Appetite Statements: Jeff stresses the importance of communicating risk appetite statements to decision-makers across the organization, ensuring they understand and can leverage them in their roles.
• Cyber Risk Appetite: Jeff acknowledges the increased focus on cyber risk from regulators and boards and discusses incorporating cyber risk as a separate risk category in risk appetite statements.
• Integrating Risk Appetite with Strategy: Jeff highlights the value of integrating risk appetite conversations into strategic planning to proactively address risks and opportunities.
• Following Up on Risk Appetite Statements: Jeff suggests identifying measurable risk tolerances, tracking adherence to them, and establishing processes to address breaches.
• Example Risk Appetite Statement: Jeff shares an example risk appetite statement that balances an aggressive strategic plan for partnering with innovative technology providers with the importance of protecting member data and maintaining member confidence.

Guest Information:

Jeff Owen, Chief Operating Officer at Rochdale

• LinkedIn: Jeff Owen
• Email: jowen@rochdaleparagon.com

Turning Lemons into Lemonade!

In this episode of ByteWise, Daniela, Brian, and Glen dive into the concept of "never letting a good crisis go to waste." They explore how organizations can leverage incidents, both big and small, to drive positive change and strengthen their security posture.

Topics Discussed:

• The concept of "never letting a good crisis go to waste": Origin of the phrase, how it applies to risk management and incident response.
• Optimism bias: The tendency to underestimate the likelihood of negative events. How it can hinder proactive risk management.
• Learning from incidents: Whether they happen to your organization or someone else, every incident is a learning opportunity.
• Practical ways to leverage crises:
  • Sharing news articles and translating them into actionable insights for decision makers.
  • Conducting tabletop exercises and simulations to identify weaknesses and test assumptions.
  • Conducting blameless retrospectives to learn from your own incidents and prevent them from happening again.
• The importance of communication: Clearly communicating the potential impact of incidents to decision makers and translating technical jargon into understandable language.
• Remember that everyone is vulnerable to cyber attacks: Don't underestimate the risk to your organization.
• The importance of cyber resilience: Investing in cyber resilience is crucial, but it's also important to acknowledge that organizations can be victims of crimes.
• The role of third-party risk: A significant percentage of incidents are caused by third-party vendors.

Key Takeaways:

• Incidents, whether big or small, can be used to drive positive change and improve your organization's security posture.
• Don't let optimism bias prevent you from taking proactive steps to mitigate risk.
• Learn from the mistakes of others and use their experiences to strengthen your own defenses.
• Communicate clearly and effectively with decision makers to ensure that your concerns are heard and addressed.

Share your thoughts on the episode and let us know how you've leveraged crises to drive positive change in your organization.

In this episode of ByteWise, Daniela, Brian, and Glenn discuss the ongoing tension between convenience and security in our personal and professional lives. They explore the risks associated with popular conveniences like one-click purchases, facial recognition, and smart home devices, emphasizing the importance of reading privacy policies and being mindful of our digital footprint.

The conversation shifts to the workplace, highlighting challenges like the use of personal devices, email autofill, and cloud-based tools. They stress the need for transparency between employees and IT/security teams, finding a balance between user experience and security, and providing employees with the right tools to do their jobs securely.

The hosts also touch on the benefits of password managers and single sign-on, the risks of using personal phones for work, and the role of mobile device management (MDM). They conclude by reminding listeners to question the cost of "free" apps and services, emphasizing that convenience should not come at the expense of privacy and security.

Key Takeaways:

• Convenience vs. Security: The episode explores the constant tension between convenience and security in both personal and professional lives, highlighting the trade-offs we make for ease of use.
• Digital Footprint & Privacy Concerns: The hosts discuss the risks of leaving a massive digital footprint, with our data being collected and potentially exploited by various entities.
• Workplace Challenges: The conversation shifts to the workplace, focusing on the challenges of balancing convenience and security when using personal devices, email autofill, and cloud-based tools.
• Transparency & Communication: The importance of open communication between employees and IT/security professionals is emphasized to ensure a secure and efficient work environment.
• Tools for Security & Convenience: The hosts discuss tools like password managers and single sign-on that can enhance both security and convenience.
• Personal Devices & Work: The risks associated with using personal phones for work, such as potential legal issues, are explored, along with the role of mobile device management (MDM) in mitigating these risks.
• The Hidden Cost of Convenience: The episode concludes by reminding listeners to question the cost of "free" apps and services, emphasizing that convenience often comes at the price of privacy and security.

Enjoyed this episode on balancing convenience and security? Help us spread the word! Share this episode with your friends and colleagues, and don't forget to subscribe to ByteWise for more insightful discussions on how to connect the dots between risk management, technology, and information security.

In this episode, Daniela, Brian, and Glen dive into the complex relationship between innovation and security with special guest Scott Daukas. They discuss common misconceptions between innovators and risk/security professionals, how to bridge the gap, and the importance of collaboration in building a secure and innovative future. The conversation also explores legacy systems, strategic planning, and the value of early involvement in the innovation process.

Key Takeaways:

• Misconceptions: Innovators are often seen as mavericks disregarding risk, while risk/security professionals are sometimes perceived as roadblocks to progress.
• Bridging the Gap: Education, collaboration, and fostering a culture of shared goals are key to breaking down silos and building trust.
• Early Involvement: Bringing risk and security professionals into innovation discussions early on helps identify potential vulnerabilities and create more resilient products.
• Strategic Planning: Integrating risk management into strategic planning ensures that security considerations are part of the big picture and not just an afterthought.
• Legacy Systems: These pose challenges for innovation, but organizations can adapt by identifying systems of record, utilizing APIs, and strategically investing in upgrades.
• The How, Not the No: Risk and security teams can focus on finding solutions rather than just saying no to new technologies.
• Relationships Matter: Building strong relationships and understanding each other's perspectives leads to better communication and faster decision-making.

Guest:

Scott Daukas, Principal at One Washington Financial, brings over 25 years of experience in the credit union industry, specializing in innovation and strategy.

To our listeners:

Reach out to those who you might typically view as being in opposition to your goals. Engage in conversation, seek to understand their perspective, and discover common ground to drive innovation and security together.

Remember: By fostering collaboration and understanding, we can create a more secure and innovative future.

Welcome back to ByteWise! In this episode, we're all about unraveling the tangled web of acronyms we encounter in our professional lives. We'll tackle the challenges of understanding technical jargon and delve into the various meanings and uses of common acronyms across different fields – from technology to information security to risk management.

We'll discuss how acronyms like VPN, IAM, SOC, SIM, SSL, PAM, CISO, ZTNA, CTR, ERM, ORM, IRM, GRC, BCP, BCM, and DR are used in everyday conversations and explore their significance in various industries. We also address the challenges of navigating a world filled with acronyms, especially for non-technical individuals.

Join us as we emphasize the importance of clear communication and avoiding excessive jargon to ensure everyone understands the conversation.

Feel free to reach out to us on LinkedIn for further discussions or questions.

https://www.linkedin.com/in/parkerdaniela/

https://www.linkedin.com/in/brian-tallon/

https://www.linkedin.com/in/glen-sorensen/

In this episode of ByteWise Podcast, Daniela, Brian, and Glen dive into the world of Agile ceremonies and discuss how these practices can be used to improve teamwork and productivity in any setting.

They share real-world examples of how planning poker, time boxing, lean coffee, and daily stand-ups have helped their teams collaborate more effectively, make better decisions, and stay focused on their goals. Tune in to discover how these "Agile secret sauce" rituals can unlock the potential of your team, no matter your industry or role.

Connect with us on LinkedIn and share your thoughts on Agile. We'd love to hear how you've implemented Agile principles in your own work and the challenges you've faced.

https://www.linkedin.com/in/parkerdaniela/

https://www.linkedin.com/in/brian-tallon/

https://www.linkedin.com/in/glen-sorensen/

Here are links to resources mentioned in the episode, including books and articles on Agile methodologies, to help you deepen your understanding and apply Agile principles in your own projects.

Original Agile Manifesto: https://www.agilealliance.org/agile101/the-agile-manifesto/

12 Principles behind the Agile Manifesto: https://www.agilealliance.org/agile101/12-principles-behind-the-agile-manifesto/

Why Agile: https://kissflow.com/project/agile/benefits-of-agile/

Retrospectives: https://www.notonlycode.org/effective-retrospective/

Blameless Retrospectives: https://www.goretro.ai/post/how-to-run-a-blameless-sprint-retrospective

Planning Poker: https://www.atlassian.com/blog/platform/scrum-poker-for-agile-projects

Timebox: https://www.wrike.com/agile-guide/faq/what-is-timebox/

Lean Coffee: https://agilecoffee.com/leancoffee/

Agile for Everybody: https://www.amazon.com/Agile-Everybody-Creating-Customer-First-Organizations/dp/1492033510

Join us in two weeks for our next episode, where we'll tackle common tech acronyms and where you might learn something you didn't know about cooking spray. Be sure to subscribe to ByteWise Podcast so you don't miss it!