Podcasts about Maturity model

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   In this episode, Justin interviews Sadig Hajiyev, SOCAR Türkiye, Risk & Compliance Group Director, about SOCAR Turkiye and winning the RIMS ERM Global Award of Distinction. Sadig speaks of their ERM transformation that shifted SOCAR Türkiye from a compliance-oriented approach to an integrated, strategy-driven system, and a pivotal change. Sadig explains how they keep the ERM cohesive for business leaders, enabling decision-making. Sadig comments on external shocks that pressure-tested the program, showing the organization's true resilience and how it adapted its ERM approach. He speaks of one innovation with the biggest measurable impact. Justin and Sadig discuss SOCAR Türkiye's maturity jumping from a level-3 "repeatable" program to a level-5 "leading practice" in just a few years, supported by both the RIMS RMM and internal surveys, and how they are sustaining that momentum, having reached the top tier. Listen for words of wisdom and encouragement for risk practitioners.   Key Takeaways: [:01] About RIMS and RIMScast. [:17] About this episode of RIMScast. Our guest today is Sadig Hajiyev. He is the Risk & Compliance Group Director for SOCAR Türkiye, and he was one of two recipients of the RIMS Global ERM Award of Distinction. [:47] We will talk about the unique characteristics of his ERM Program and his unique risk philosophies. But first… [:55] The next RIMS-CRMP-FED Exam Prep with AFERM will be held on December 3rd and 4th. The next RIMS-CRMP Exam Prep with PARIMA will be held on December 4th and 5th. These are virtual courses. [1:12] Links to these courses can be found through the Certifications page of RIMS.org and through this episode's show notes. [1:19] RIMS Virtual Workshops! "Managing Data for ERM" will be led again by Pat Saporito. That session will start on December 11th. Registration closes on December 10th. RIMS members always enjoy deep discounts on the virtual workshops. [1:38] The full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's notes. [1:50] The RIMS CRO Certificate Program in Advanced Enterprise Risk Management is hosted by the famous James Lam. This is a live, virtual program that helps elevate your expertise and career in ERM. [2:02] You can enroll now for the next cohort, which will be held over 12 weeks from January through March of 2026. Registration closes on January 5th. Or Spring ahead, and register for the cohort that will be held from April through June of 2026. Registration closes on April 6th. [2:22] Links to registration and enrollment are in this episode's show notes. [2:27] This episode was recorded at the RIMS ERM Conference 2025. We've covered a lot of ERM ground in the last few episodes, and for those who want to catch up, I've included a link to the RIMS ERM Special Digital Edition of Risk Management magazine in this episode's notes. [2:50] RIMScast ERM coverage is linked as well. Enhance your ERM knowledge with RIMS. [2:56] On with the show! This special episode was recorded live from Seattle at the RIMS ERM Conference 2025. [3:05] It was one of the best-attended ERM Conferences in RIMS history, with hundreds of ERM practitioners and students from around the world connecting, learning, and celebrating. [3:17] In RIMS tradition, we awarded the RIMS Global ERM Awards of Distinction. This year, there were two winners, one of which was SOCAR Türkiye, a pioneering energy company based in Turkey. The company's ERM program wowed our judges. [3:34] Accepting the award is Sadig Hajiyev. He is the Risk & Compliance Group Director. As you will hear, he took the ERM Program to the next level. Since we were in person, it was the perfect time to sit down and speak with him after receiving his award. [3:49] We're going to learn all about the program and Sadig's unique risk philosophies. Let's get to it! [3:53] Interview! Sadig Hajiyev, welcome to RIMScast! [4:18] Sadig says winning the award is a great feeling! Knowing someone here understands the value of the ERM Program and appreciates it is great! He shared photos and his reflections with his organization and got many congratulations, even though it was almost midnight in Turkey! [5:09] Saig explains that SOCAR is a global company, based in Azerbaijan, with more than 100K people working in Turkey. They have refineries and petrochemical facilities working together. They are also in the energy trading business. They have terminals. [5:34] They have multiple sectors, including fiber optic cables. They are doing so much in Turkey. SOCAR Türkiye is the biggest single-point investment in the history of Turkey, worth around $20 billion U.S. [6:01] Sadig's department is 15 people, including compliance professionals. They have a resource pool of experts and allocate teams as needed. [6:16] In 2022, SOCAR Türkiye shifted from a compliance-oriented approach to an integrated, strategy-driven system. [6:29] SOCAR Türkiye does international business. It is highly dependent on international trade regulations, especially trade sanction regulations. Being compliant is not sufficient for SOCAR Türkiye. Sadig says sanction regulations are very dynamic, and you should be adaptive to them. [6:57] Sadig says adaptation should be risk-based. At that time, SOCAR Türkiye started to implement risk-based compliance studies and approaches to make healthier decisions. They understood that it was the right decision. [7:21] SOCAR Türkiye has a modular ERM framework that spans Scenario Analysis, Risk and Control Self-Assessments (RCSAs), Regulatory Attestation Cycles, the ISO 22301, and the Resilience Maturity Model. [7:42] Justin asks how Sadig keeps them cohesive and digestible so that his leaders in SOCAR know that ERM is enabling decision-making. Sadig says it's not easy. They all met the needs that came up. [8:14] The risk leader needs to understand the context of the company. Being very close to the first line, Sadig does not believe there is value in going to the C-Suite and asking what they expect of risk management. They have no idea. [8:33] Sadig says it's more important to have a smooth discussion with them. At that point, the skill of the risk manager comes in to understand the context there and find out what would work best for this need. By that, you are supporting the company's decision-making. [9:05] Sadig is a boxer. He keeps telling his team that risk management shouldn't be very friendly. Conversations shouldn't be easy or enjoyable. Discussions should be disruptive. Sadig risk is the department asking, if zombies are coming and invading our vault, what will happen? [9:47] Risk leaders are the ones at the table to trigger those discussions and have the tough conversations. At that time, a leader's personality and personal brand are important. Managers should understand you are not doing it just to disrupt. [10:08] You are doing it for the company's sake, to make the decision-makers consider all the aspects, risks, threats, and opportunities. [10:43] SOCAR Türkiye faced significant external shocks in the last couple of years: security incidents, sanctions, and energy price volatility that pressure tested the ERM Program, but the company demonstrated resilience. [11:11] Each of these incidents had its own dynamics that made the ERM Program learn or find a way to adapt. [11:29] Turkey is a country with a very diverse range of uncertainties: political, economic, and geographical. The oil and gas sector is under pressure from international regulations, the climate, and more. There are so many issues going around. [11:51] Facing real-time instances can be disruptive and impactful on daily business. The most important thing is the ability to adapt. It's the top management's job to adapt. Risk management is about the future. If something happens, risk management is there to support. [12:23] Quick Break! RISKWORLD 2026 will be held from May 3rd through the 6th in Philadelphia, Pennsylvania. RISKWORLD attracts more than 10,000 risk professionals from across the globe. It's time to Connect, Cultivate, and Collaborate wth them. Booth sales are open now! [12:45] Registration is open for RIMS members now, as well. General registration and speaker registration will open on December 3rd. [12:53] Links are in this episode's show notes, and this year, when you purchase one Full-Conference Pass by December 2nd, you can add a second Full-Conference Pass at 50% off, through December 31st. [13:07] When an eligible member selects a Full-Conference Pass while registering online, a Promo Code will be generated on the Review step of the registration form. [13:05] This code will also be included in the Confirmation Email. It may be shared with a second eligible member from the same company or same email domain, and receive that 50% discount. Bring a colleague for 50% off. This is available to organizational and individual RIMS members. [13:32] Links are in this episode's show notes. [13:35] Let's Return to My Interview with 2025 RIMS ERM Global Award of Distinction Winner Sadig Hajiyev! [13:46] Justin speaks of SOCAR Türkiye's impressive innovations, dynamic risk appetite metrics tied to EBITDA (Earnings Before Interest, Taxes, Depreciation, and Amortization), an AI Geopolitical Scenario Engine, and a Resilience Scorecard linked to Capital Allocation. [14:10] Justin says he thinks all of this helped drive SOCAR Türkiye's nomination to the winning category. Justin asks which one brought the biggest measurable impact. [14:20] For the biggest financial result, Sadig says it was the assumption studies SOCAR Türkiye implemented to its financial projection. Sadig believes risk managers look at a range of values. [14:50] Sadig says, like quantum physics, it's not one or zero. It can be one or zero in different contexts and times. The assumption studies proved that, in context, for a set point of time, a long-term financial projection is useless. Sadig focuses on short-term targets and planning. [15:21] Sadig says short-term planning is annual to less than five years. Sadig believes the assumption studies had a measurable financial impact. [15:34] Justin notes that SOCAR Türkiye's Maturity jumped from a Level 3 Repeatable Program to a Level 5 Leading Practice in just a few years, supported by the RIMS Risk Maturity Model and internal surveys. [15:53] Justin asks what cultural or leadership behaviors Sadig believes were essential to achieving that Level 5 performance. Sadig says it is prioritization. They have a well-developed metric to model, mostly inspired by the RIMS Maturity Model, with tailored components added. [16:29] Sadig says SOCAR Türkiye conducts a biannual Maturity Survey with its target audience, the risk champions, decision-makers, and C-Suite. [16:41] The SOCAR Türkiye ERM Program defined its Maturity Model with the participation of an external auditor. They were missing the implementation of the GRC Platform, the digitalization of the whole system, strategy embedding, and risk-based budgeting. [17:04] The ERM Program prepared a roadmap to link up with the GRC Platform, implemented the roadmap, and defined the latest state as a fixed level. [17:27] Having achieved the top tier, the ERM Program is still chasing new things to do. Now, they are focusing first on incident management and second on captives. [17:46] For incidents, it's easy to collect information based on the declaration, but Sadig is dreaming about eliminating the human factor from incident recording to have a very objective and transparent information base. [18:03] The ERM Program has already worked on it to link the incident information to the risk assessment. This can automate the risk assessment based on the incident results or impacts. [18:18] The next step is finding how to monetize the maturity level of risk management. This idea brought SOCAR Türkiye to implement captives. [18:37] SOCAR Türkiye has a tremendous amount of budget allocated to insurance. They can rely on, to a certain threshold, the ability to manage risks in a controlled environment, in the effort to optimize their insurance program and budget. Captives are the future. [19:07] Justin comments that the RIMS 2025 Risk Manager of the Year is the Captive Manager for her organization, Hyatt. The trend is that a lot of people are going toward captives to self-insure. It can be a revenue generator. [19:27] Sadig adds that the move to captives is not just to put risk management in more of a position of strategy or as a budget supporter. It's because of the risk environment. There are new risks emerging and evolving. [19:46] Sadig believes these new risks will be uninsurable in the near future because of AI and new cyber risks. The insurance sector is not able to adapt quickly enough to create a pool to insure the risk all around the world. The responsibility will stay with companies and captives. [20:31] Sadig's final words on the value of ERM: Risk managers in the company are the only people who take the future in a systematic way. The future is always important, never urgent, but when it comes, it's already here. [20:49] The board and the C-Suite rely on risk managers to be able to have better insight before the future comes. [21:03] Justin says teşekkürler (thanks)! It's been a real pleasure to meet you, and congratulations again! [21:11] Special thanks again to Sadig Hajiyev for joining us here on RIMScast. This episode was produced live on-site at the RIMS ERM Conference in Seattle. Our coverage of the RIMS ERM Conference will continue in the next installment of RIMScast with two interviews in one episode! [21:28] Be sure to visit the RIMS LinkedIn page for all sorts of photos, videos, and coverage of this fantastic event! We had a great time, and we look forward to seeing you next year in Washington, D.C., for the RIMS ERM Conference 2026. [21:44] Plug Time! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in the show notes. [22:13] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [22:31] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [22:48] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [23:05] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [23:19] Justin Smulison is the Business Content Manager at RIMS. Please remember to subscribe to RIMScast on your favorite podcasting app. You can email us at Content@RIMS.org. [23:31] Practice good risk management, stay safe, and thank you again for your continuous support!   Links: RIMS-CRO Certificate Program In Advanced Enterprise Risk Management | Jan‒March 2026 Cohort | Led by James Lam RISK PAC | RIMS Advocacy | RIMS Legislative Summit SAVE THE DATE — March 18‒19, 2026 RIMS-Certified Risk Management Professional (RIMS-CRMP) RISKWORLD 2026 Registration — Open for Members! Reserve your booth at RISKWORLD 2026! The Strategic and Enterprise Risk Center RIMS Diversity Equity Inclusion Council RIMS Risk Management magazine | Contribute RIMS ERM Special Edition 2025 RIMS Now SOCAR Türkiye Upcoming RIMS Webinars: RIMS.org/Webinars   Upcoming RIMS-CRMP Prep Virtual Workshops: RIMS-CRMP-FED Exam Prep with AFERM Virtual Workshop — December 3‒4 RIMS-CRMP Exam Prep with PARIMA — December 4‒5, 2025 Full RIMS-CRMP Prep Course Schedule "Leveraging Data and Analytics for Continuous Risk Management (Part I)" | Dec 4. See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Related RIMScast Episodes: "Risk Rotation with Lori Flaherty and Bill Coller of Paychex" "Energizing ERM with Kellee Ann Richards-St. Clair" "AI and the Future of Risk with Dan Chuparkoff" (RIMS ERM Conference Keynote) "Talking ERM: From Geopolitical Whiplash to Leadership Buy-In" with Chrystina Howard of Hub "Shawn Punancy of Delta Flies High With ERM" "Tom Brandt on Growing Your Career and Organization with ERM" "James Lam on ERM, Strategy, and the Modern CRO" "Risk Quantification Through Value-Based Frameworks"   Sponsored RIMScast Episodes: "Secondary Perils, Major Risks: The New Face of Weather-Related Challenges" | Sponsored by AXA XL (New!) "The ART of Risk: Rethinking Risk Through Insight, Design, and Innovation" | Sponsored by Alliant "Mastering ERM: Leveraging Internal and External Risk Factors" | Sponsored by Diligent "Cyberrisk: Preparing Beyond 2025" | Sponsored by Alliant "The New Reality of Risk Engineering: From Code Compliance to Resilience" | Sponsored by AXA XL "Change Management: AI's Role in Loss Control and Property Insurance" | Sponsored by Global Risk Consultants, a TÜV SÜD Company "Demystifying Multinational Fronting Insurance Programs" | Sponsored by Zurich "Understanding Third-Party Litigation Funding" | Sponsored by Zurich "What Risk Managers Can Learn From School Shootings" | Sponsored by Merrill Herzog "Simplifying the Challenges of OSHA Recordkeeping" | Sponsored by Medcor "How Insurance Builds Resilience Against An Active Assailant Attack" | Sponsored by Merrill Herzog "Third-Party and Cyber Risk Management Tips" | Sponsored by Alliant   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS President Kristen Peed!   RIMS Events, Education, and Services: RIMS Risk Maturity Model®   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guest: Sadig Hajiyev, Risk & Compliance Group Director, SOCAR Türkiye   Production and engineering provided by Podfly.  

 Defense contractors, including space industry companies who are doing work with the Department of Defense, have requirements in their contracts right now to implement cybersecurity requirements to various degrees.  Those requirements have been in contracts for a very long time. Unfortunately, there has never been a mechanism in those contracts to make contractors prove that they're doing those things. And over the years, there have been multiple instances where the DOD has paid the price as a result of their contractors being compromised.  That's about to change. The Cybersecurity Maturity Model Certification (CMMC) Program comes into effect on November 10, 2025. Find out more about the requirements from Jacob Horne, Chief Cybersecurity Evangelist at Summit 7. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Leadership hears “ABM” and brings years of baggage. Scrappy ABM flips the script by cutting the re-education and moving straight to results. Host Mason Cosby welcomes Myles Madden to break down how he built ABM from the ground up—again and again—by starting with a sales-led use case, running a quiet pilot with a few reps, and only socializing the wins after pipeline appears.ㅤMyles lays out the pattern: meet with a tenured sales leader, ask for the one use case that's driving revenue right now, pull five to ten real accounts, review the opportunities, and become an expert through Gong calls and external reading. From there, distribute across many channels for coverage, go deep on one or two “big bat” channels, and map one really good piece of content per stage—then validate with data. Simplicity wins: show pipeline amount and count, plus efficiency like cost to acquire $1 of pipeline, and keep teams aligned so messaging doesn't drift.ㅤ

In this episode we take a Deep Dive into the DOW's new and newly finalized Cybersecurity Maturity Model Certification rule. We discuss the new challenges and responsibilities of government counsel concerning the new CMMC rule. Learn more about The Quill & Sword series of podcasts by visiting our podcast page at https://tjaglcs.army.mil/thequillandsword. The Quill & Sword show includes featured episodes from across the JAGC, plus all episodes from our four separate shows: “Criminal Law Department Presents” (Criminal Law Department), “NSL Unscripted” (National Security Law Department), “The FAR and Beyond” (Contract & Fiscal Law Department) and “Hold My Reg” (Administrative & Civil Law Department). Connect with The Judge Advocate General's Legal Center and School by visiting our website at https://tjaglcs.army.mil/ or on Facebook (tjaglcs), Instagram (tjaglcs), or LinkedIn (school/tjaglcs).

The race to deploy AI is on, but are the cloud platforms we rely on secure by default? This episode features a practical, in-the-weeds discussion with Kyler Middleton, Principal Developer, Internal AI Solutions, Veradigm and Sai Gunaranjan, Lead Architect, Veradigm as they compare the security realities of building AI applications on the two largest cloud providers.The conversation uncovers critical security gaps you need to be aware of. Sai reveals that Azure AI defaults to sending customer data globally for processing to keep costs low, a major compliance risk that must be manually disabled . Kyler breaks down the challenges with AWS Bedrock, including the lack of resource-level security policies and a consolidated logging system that mixes all AI conversations into one place, making incident response incredibly difficult .This is an essential guide for any cloud security or platform engineer moving into the AI space. Learn about the real-world architectural patterns, the insecure defaults to watch out for, and the new skills required to transition from a Cloud Security Engineer to an AI Security Engineer.Guest Socials - ⁠⁠⁠Kyler's Linkedin + Sai's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security PodcastQuestions asked:(00:00) Introduction(02:30) Who are Kyler Middleton & Sai Gunaranjan?(03:40) Common AI Use Cases: Chatbots & Product Integration(05:15) Beyond IAM: The Full Scope of AI Security in the Cloud(07:30) The Role of the Cloud in Deploying Secure AI(13:10) AWS AI Architecture: Bedrock, Knowledge Bases & Vector Databases(15:10) Azure AI Architecture: AI Services, ML Workspaces & Foundry(21:00) The "Delete the Frontend" Problem: The Risk of Agentic AI(23:25) A Security Deep Dive into Microsoft Azure AI Services(29:20) Azure's Insecure Default: Sending Your Data Globally(31:35) A Security Deep Dive into AWS Bedrock(32:30) The Critical Gap: No Resource Policies in AWS Bedrock(33:20) AWS Bedrock's Logging Problem: A Nightmare for Incident Response(36:15) AWS vs. Azure: Which is More Secure for AI Today?(39:20) A Maturity Model for Adopting AI Security in the Cloud(44:15) From Cloud Security to AI Security Engineer: What's the Skill Gap?(48:45) Final Questions: Toddlers, Kickball, Barbecue & Ice Cream

We're taking a little break this summer while Charlie and Crissy are out recharging on vacation, but that doesn't mean the content stops!While we plan some more episodes for when they return, we're revisiting some of our favorite podcast moments from the past. Whether you're new here or a longtime listener, it's a great time to catch up, reflect, and maybe even hear something you missed the first time around!Maturity Model for Reporting: Demystified reportingHear more from us:Subscribe to us on Youtube: https://www.youtube.com/channel/UCN-x5u0G03LWmU0Ds_4zR8wSubscribe to our newsletter here: https://www.cs2marketing.com/revenue-growth-architects#subscribe-to-newsletterFollow Crissy on LinkedIn: https://www.linkedin.com/in/crveteresaunders/Follow Charlie on LinkedIn: https://www.linkedin.com/in/charliesaunders/Follow Xander on LinkedIn: https://www.linkedin.com/in/xanderbroeffle/

Send us a textWhat happens when near-death perspective and entrepreneurial drive collide? In this dynamic episode, Joey Pinz sits down with Aharon Chernin—CEO of Roost—to talk motorcycles, automation, and legacy.After a life-changing moment sparked by his son's health scare, Aharon transformed his approach to life and business. Riding Ducati motorcycles became a way to mentally disconnect—something he couldn't achieve even poolside years ago. That same need for clarity and purpose fueled his decision to launch Roost and drive automation into the DNA of the MSP industry.Aharon breaks down why automation isn't just a tech feature—it's a competitive necessity and future revenue stream. He introduces his automation maturity model, explains how MSPs often think they're further along than they are, and lays out why community-led growth beats vendor-led conferences. No fluff—just value, vision, and velocity.

Please enjoy this encore of Word Notes. A prescriptive open source software security maturity model designed to guide strategies tailored to an organization's specific risks. Audio reference link: "⁠⁠OWASPMSP - Pravir Chandra: Software Assurance Maturity Model (OpenSAMM)⁠⁠." by Pravir Chandra, OWASP MSP, 2009.

Please enjoy this encore of Word Notes. A prescriptive open source software security maturity model designed to guide strategies tailored to an organization's specific risks. Audio reference link: "⁠OWASPMSP - Pravir Chandra: Software Assurance Maturity Model (OpenSAMM)⁠." by Pravir Chandra, OWASP MSP, 2009. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week we discuss the Supply Chain Logistics Maturity Model with experts Adrian Gonzalez and Doug DeLuca. They break down the four maturity levels helping supply chain leaders understand where they stand and how to advance. Plus, insights on future trends like AI and robotics that will transform logistics management in the years ahead. Come join us as we discuss the Future of Supply Chain

Is your finance team truly driving strategic value, or are you stuck in reactive mode? Host Melissa Howatson, welcomes Peter Emerling, Director in the Digital Transformation Practice at Citrin Cooperman, to explore the finance maturity model, the four stages of finance maturity and what it takes to move from reaction to transformation. With over 18 years of experience advising businesses across industries and lifecycle stages, Peter breaks down the key components of a modern maturity model—from people and processes to data and governance—and shares practical ways finance leaders can assess where they stand and how to level up. If you're struggling with siloed systems, manual workarounds, or transformation fatigue, this episode offers a roadmap toward building a smarter, more agile finance function. Learn how you can assess your current maturity level and take concrete steps towards finance transformation that drives real business impact. Discussed in This Episode: The 4 finance maturity levels: Sustaining, Reactionary, Transforming, Innovating - Understanding where your team stands Five assessment pillars: People, Process, Technology, Data, and Governance Red flags that indicate your team may be stuck at level two How to evolve without ripping out your tech stack Real-world client examples and what drives true business impact Actionable strategies to progress through maturity stagesFor CFO insights, episode show notes, and exclusive blog content, visit thecfoshowpodcast.com.

Send us your thoughtsIn this episode of CFO 4.0, Neil Lynchehaun unpacks the Records-to-Report (R2R) maturity model and shares hard-earned insights from decades in finance transformation. He challenges traditional finance thinking and explores how finance teams can shift from compliance to strategic enablement.What's covered in this episode:Why maturity models are tools for inspiration, not evaluationThe five levels of finance maturity, from statutory compliance to strategic insightHow poor tagging and manual journals hold finance backThe mindset shift from finance-led budgeting to operational-led planningReal-time accounting, continuous close, and eliminating month-end chaosBuilding finance functions that partner with, not trail behind, the businessLinks mentioned: Previous session: Understanding the P2P Maturity CurveConnect with Hannah MunroConnect with Neil LynchehaunWhich Sage Product is Right For You Quiz!Book a discovery call  Explore other CFO 4.0 Podcast episodes here. Subscribe to our Podcast!

In this special episode of The Learning & Development Podcast, we’re turning the tables! Host of The Learning Hack podcast, John Helmer, takes over the mic to interview our very own David James about 360Learning’s new L&D Maturity Model. With a wealth of experience in the learning industry, John brings a sharp, inquisitive lens to this conversation, challenging David on why L&D needs another maturity model, how it’s been developed, and what makes it different from the many that have come before. If you’ve ever wondered how to push your team forward and make a lasting impact, this episode is for you. Take your L&D to the next level Take advantage of thousands of hours of analysis. Hundreds of conversations with industry innovators and 25+ years of hands-on global L&D leadership. It's all distilled into one framework to help you level up L&D. Access the L&D Maturity Model here - https://360learning.com/maturity-model KEY TAKEAWAYS The Maturity Model was built collaboratively. The model covers the 5 stages L&D goes through to reach maturity and become the engine that transforms their businesses. To truly impact the business, you need to anticipate business needs and train people for them in advance – the transformative stage. Stakeholders will resist your working transformatively. David explains why and how to overcome this. If you don´t understand the work you can´t deliver a solution. Open your conversations with “How´s business?” PR the hell out of everything and the impact you deliver. Use AI. David explains how. BEST MOMENTS “This is the lived experience of bouncing against stakeholders.” “It starts with the strategy rather than the learning.” “Be persistently consistent.” VALUABLE RESOURCES The Learning And Development Podcast - https://podcasts.apple.com/gb/podcast/the-learning-development-podcast/id1466927523 L&D Master Class Series: https://360learning.com/blog/l-and-d-masterclass-home John Helmer John Helmer is a writer, podcaster and communications strategy expert specialising in learning, training and education, with a focus on digital technology innovation. He runs two highly successful podcasts, The Learning Hack and Great Minds on Learning. He has led many programmes bringing together thought leaders and practitioners for knowledge sharing and debate, and writes for and edits numerous blogs, as well as producing many white papers and research reports (including articles for peer-reviewed journals). A pioneer in digital marketing, he co-created and promoted more than thirty training courses on using the internet for marketing and business. He is also a novelist, lyricist for Marillion, has been on Top of Pops, and won a Perrier Award at the Edinburgh Festival. https://www.linkedin.com/in/johnhelmer https://www.johnhelmerconsulting.com DAVID JONES David has been a People Development professional for more than 20 years, most notably as Director of Talent, Learning & OD for The Walt Disney Company across Europe, the Middle East & Africa. As well as being the Chief Learning Officer at 360Learning, David is a writer and speaker on topics around modern and digital L&D. CONTACT https://twitter.com/davidinlearning https://www.linkedin.com/in/davidjameslinkedin L&D Collective: https://360learning.com/the-l-and-d-collective https://360learning.com/blog L&D Master Class Series: https://360learning.com/blog/l-and-d-masterclass-home This Podcast has been brought to you by Disruptive Media. https://disruptivemedia.co.uk/

Creative Agency Success Show (Episode 144): “A maturity model isn't a report card, it's about understanding where your decision-making capabilities are.” - Jamie NauIn this episode of The Creative Agency Success Show, Jamie Nau and Jody Grunden pull back the curtain on how small business owners can move from just getting by to truly thriving. They've spent the last eight months crafting a maturity model designed to help you assess where your business stands in five key areas: cash management, forecasting, profitability, sales outlook, and financial reporting. But here's the thing—it's not about being perfect. It's about having a clear path forward.Imagine being able to make decisions with confidence, knowing you're moving in the right direction. That's the power of understanding where your business currently stands and what small but impactful steps you can take next.So, what's your next move? Tune in now and start building a business that works for you—not the other way around.▶️ What's a Maturity Model Anyway?Find more podcast episodes on our website: http://www.summitcpa.net/podcasts Episode resources:●       Summit Virtual CFO by Anders website: https://www.summitcpa.net/ ●       Love our content? Sign up for our newsletter: https://www.summitcpa.net/summit-news. ●       Digital Dollars and Cents: A Virtual CFO's Playbook to help Digital Companies Create a Financial Roadmap to Success, is now an audiobook! Download it here: https://vcfo.summitcpa.net/ddc   _________________________________________________________________________________________The Creative Agency Success Show helps service-based business owners master the financial side of growth. Hosted by Jamie Nau, Virtual CFO, and Jody Grunden, Partner at Anders CPAs + Advisors, the podcast dives into essential financial strategies for scaling creative agencies. With insights from industry experts and real-world experiences, episodes explore topics like cash flow management, forecasting, and financial maturity models. Backed by Summit Virtual CFO Services by Anders, this bi-weekly show provides actionable guidance for business owners navigating financial complexity. Join the conversation to build a stronger, more financially successful agency.Website: https://the-virtual-cpa-success-show-for-creative-agencies.simplecast.com/   Facebook: https://www.facebook.com/vcfobyanders   Linkedin: https://www.linkedin.com/company/vcfobyanders/  Instagram: https://www.instagram.com/vcfobyanders  YouTube: https://www.youtube.com/@vcfobyanders   X: https://x.com/vcfobyanders ________________________________________________________________________________________Jamie Nau, Summit Virtual CFO, is a seasoned financial expert with a deep understanding of business growth sta

Build Your Plan for Breakthrough On the Trail Podcast: Season 3, Episode 20Are you looking for breakthrough in an area of your life? Are you helping someone on their journey to breakthrough? In this episode, we're beginning to pull the Breakthrough series together. How can we use the B.U.I.L.D. Maturity Model as a checklist or rubric for working through our breakthrough journey? How can we apply this strategy and bulid a plan for bringing together the five engines that drive our emotions? 

Peggy Smedley and Ty Witmer, president and founder, ProjectTeam, talk about the CMMC  (cybersecurity maturity model certification) and why it is critical. He says since 2017 there have been rules in place for contractors working with the federal government to protect sensitive government data—and often it hasn't been enforced, but that enforcement starts now. They also discuss: What percentage are working toward compliance today. What needs to be compliance: people, processes, and technology? Advice for organizations working on government projects. projectteam.com  (3/11/25 - 911) IoT, Internet of Things, Peggy Smedley, artificial intelligence, machine learning, big data, digital transformation, cybersecurity, cloud, sustainability, future of work, podcast, Ty Witmer, ProjectTeam, construction This episode is available on all major streaming platforms. If you enjoyed this segment, please consider leaving a review on Apple Podcasts.

00:00 Intro01:47 Maturity Model for Reporting30:57 Testing Chatgpt Operator47:34 When to Rip & Replace Your Ops Processes?Hear more from us:Subscribe to us on Youtube: https://www.youtube.com/channel/UCN-x5u0G03LWmU0Ds_4zR8wSubscribe to our newsletter here: https://www.cs2marketing.com/revenue-growth-architects#subscribe-to-newsletterFollow Crissy on LinkedIn: https://www.linkedin.com/in/crveteresaunders/Follow Charlie on LinkedIn: https://www.linkedin.com/in/charliesaunders/Follow Xander on LinkedIn: https://www.linkedin.com/in/xanderbroeffle/

or Episode 12 of the Guardians of M365 Governance monthly webcast, Joy Apple (@JoyofSharePoint), Ragnar Heil (@ragnarh) and I welcomed our guest, Sharon Weaver (@sharoneweaver), a fellow MVP and RD and the CEO of Smarter Consulting, to discuss “Deep Dive Into the Microsoft 365 Maturity Model.” If you've been following the show, you'll probably remember that Sharon was scheduled to be on live broadcast in August but had a last-minute customer priority, so we invited her back to continue the discussion and share her work as part of the core team helping to expand the Microsoft 365 Maturity Model.Our discussion centered on the importance of governance within the Microsoft 365 ecosystem, emphasizing its role in managing content, permissions, and access while fostering a culture of effective communication and training. The M365 Maturity Model can be a valuable framework for assessing and improving governance practices. This model provides a structured approach to evaluate organizational maturity across various competencies, such as communication, security, compliance, and adoption. Key insights included the significance of understanding current maturity levels, setting actionable goals, and creating a clear path for improvement through self-assessment tools and workshops.A critical focus of our conversation was the importance of communication as a competency. It was noted that communication is often the lowest-rated competency in organizations, yet it has the greatest impact on overall success. Improving communication can act as a catalyst for advancing other competencies, helping organizations navigate critical transitions, such as moving from a basic to an intermediate level of maturity. Strategies for leveling up include providing clarity about changes, offering guidance to stakeholders, and ensuring transparency in governance processes to foster trust and collaboration.We also explored the impact of AI, particularly tools like Microsoft Copilot, on governance practices. It was suggested that organizations need mature governance and communication competencies to effectively implement AI solutions. As AI adoption accelerates, there is a growing need for AI-specific governance considerations, including transparency, accountability, and ethics. In fact, we discussed the idea of creating a new “Level 600” in the maturity model to address the advanced requirements of AI governance, highlighting the evolving nature of organizational needs as technology becomes increasingly sophisticated.

We've all had those moments, we land that huge new client – first comes the elation for winning the mandate that will transform our fortunes, and then the mild panic at how we're going to deliver.There's also times when what we do is simply just not that well understood across the organization – there might only be one internal expert, which creates a significant amount of risk for the business if they were to leave.That's where assessing – and improving – your business capability maturity becomes critical.The good news? A business capability maturity model gives you a steer on how you can go from ‘figuring it out', to something that's a solid part of your agency's remit and expertise, then to true innovation – through the prism of people, process, technology and information. In this episode, we're chatting with Mike Della Porta – an award-winning tech and operations leader who's been a COO, CTO, and CIO at one of the top independent marketing agencies in the US. Mike shares practical advice and lessons for agencies looking to scale sustainably.Here's what we dive into:What each stage of business capability maturity looks like and what to consider at each Using tech and tools to scale smarterHow to get buy-in from your leadership team if they don't understand the value of opsHow ops roles can become billable and provide value to clientsFollow Mike on LinkedIn: https://www.linkedin.com/in/mike-della-porta/Follow Harv on LinkedIn: https://www.linkedin.com/in/harvnagra/Stay up to date with regular ops insights. Subscribe to The Handbook: The Operations Newsletter.This podcast is brought to you by Scoro, where you can manage your projects, resources and finances in a single system.

God designed the infrastructure of our brains to run on relational joy. What does this mean for our daily life?In our first series of 2025, we're diving back into the B.U.I.L.D. Maturity Model from Breakthrough! and covering the important emotional engine of Increase Your Joy Bonds.If our brains run on relational joy, it's probably a good idea to know more about our relational attachments, our joy bonds. How can we increase our joy bonds and retrain our brains from defaulting to fearful attachments?In this week's episode, we're covering the Joy Elevator of the brain.Join us on the trail! P.S. If you're reading along with us in Breakthrough!, check out chapter eight. 

Send me a Text Message hereFULL SHOW NOTES https://www.microsoftinnovationpodcast.com/645 The episode shines a light on the transformative potential of Microsoft 365, particularly through its AI capabilities like Copilot. Simon Doy discusses integrating Copilot's custom solutions, highlights the importance of data security, and explains the Microsoft 365 Maturity Model's role in guiding organizations toward effective technology utilization.  • Simon cherishes time spent bouldering and engaging in meaningful family routines, such as sharing daily highlights during meals.  • A daily meditation routine helps Simon stay focused and manage a dynamic lifestyle. • He emphasizes the importance of robust data management strategies to mitigate risks, prevent data oversharing, and maintain security. • Simon co-developed a comprehensive framework to help businesses maximize Microsoft 365's potential for productivity and governance. • The role of artificial intelligence in enhancing business productivity. • Deep dives into Microsoft Copilot's functionality and real-world applications. • Examination of data security risks and effective management strategies. • Insights into the competencies and practical implementation of the Microsoft 365 Maturity Model. If you're interested in exploring these themes further, feel free to reach out to us on social media!OTHER RESOURCES  •  Acquired Podcast - https://www.acquired.fm/ •  Microsoft Research Podcast - https://www.microsoft.com/en-us/research/podcast/ai-frontiers-rethinking-intelligence-with-ashley-llorens-and-ida-momennejad/ •  Filter by the AI keyword - https://www.microsoft.com/en-us/research/podcast/?msockid=0a0c194908e364fc326c0d4d09bb6531•  Maturity Model for Microsoft 365 - https://learn.microsoft.com/en-us/microsoft-365/community/microsoft365-maturity-model--intro •  Article on some Gotchas with Copilot Studio and GPT-40 - https://simondoy.com/2024/08/01/gotchas-discovered-building-a-custom-engine-copilot-with-gpt-4o-and-copilot-studio/  DynamicsMinds is a world-class event in Slovenia that brings together Microsoft product managers, industry leaders, and dedicated users to explore the latest in Microsoft Dynamics 365, the Power Platform, and Copilot.Early bird tickets are on sale now and listeners of the Microsoft Innovation Podcast get 10% off with the code MIPVIP144bff https://www.dynamicsminds.com/register/?voucher=MIPVIP144bff 90 Day Mentoring ChallengeMicrosoft Business Applications Career Mentor for the Power Platform and Dynamics 365Support the showIf you want to get in touch with me, you can message me here on Linkedin.Thanks for listening

Hello, welcome to the Safety Culture Excellence podcast, hosted by Shawn Galloway, CEO of ProAct Safety.    This week's podcast is on the "Safety Excellence Maturity Model." Have you determined your starting point and path to safety excellence? https://proactsafety.com/solutions/consulting/cultural-and-organizational-safety-assessments       I hope you enjoy the podcast.  Have a great week!    Shawn M. Galloway See all our books available in all formats on Amazon.

Please enjoy this encore episode of Word Notes. A supply chain cybersecurity accreditation standard designed for the protection of controlled unclassified information that the U.S. Department of Defense, or DoD, will require for all contract bids by October, 2025. 

Please enjoy this encore episode of Word Notes. A supply chain cybersecurity accreditation standard designed for the protection of controlled unclassified information that the U.S. Department of Defense, or DoD, will require for all contract bids by October, 2025.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Feeling invisible in your agency's market? Settling for revenue that's merely “good enough”? Sadly, too many agencies are operating at the lowest level of revenue certainty, but not for long… In this episode, Corey reveals the Deep Specialization™ Maturity Model - a diagnostic tool and roadmap helping agency owners like you understand where they are, where they could be, and what it takes to become the go-to expert in your niche. Just like Apple didn't stop with the iPod, “good enough” is never enough in today's competitive environment. Your agency's future depends on pushing beyond your comfort zone. Don't spend another day unseen and ignored by potential buyers! Learn the Deep Specialization™ Maturity Model today and start leveling up your revenue, reputation, and results. Here's what we cover in this episode: The 4 zones of vertical maturity - Which zone are you in? How to avoid getting stuck on the “good enough line” What happens when you understand the power of developing deep specialized knowledge in a vertical market  How to become the trusted source of reliable results and guidance in your market Traits of an agency that has mastered their vertical market The #1 problem keeping agency founders stuck in the sales role Here are some actionable key takeaways for agency founders: Level 1: Generalist Agency | Level 2: Vertical Vendor | Level 3: Vertical Specialist | Level 4: Vertical Maven What is one step you could take this week to move your agency to the next level? Remember,  your agency's future depends on pushing beyond the comfortable and familiar.

Defense contractors are bracing themselves for the Pentagon's sweeping cyber security audit program. The Defense Department plans to finalize cyber security Maturity Model certification, CMMC rules early next year. For the latest on DoD's plans to help industry prepare for the program. Federal News Network's Justin Doubleday spoke with DoD chief of defense, industrial based cyber security, Stacy Bostjanick. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Defense contractors are bracing themselves for the Pentagon's sweeping cyber security audit program. The Defense Department plans to finalize cyber security Maturity Model certification, CMMC rules early next year. For the latest on DoD's plans to help industry prepare for the program. Federal News Network's Justin Doubleday spoke with DoD chief of defense, industrial based cyber security, Stacy Bostjanick. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The Pentagon is moving closer to kicking off its long awaited cyber security Maturity Model certification program. Small business advocates, though, are still worried about the high cost of CMMC compliance. Well, now there's a draft legislation coming from Capitol Hill to provide some smaller companies with a CMMC tax credit. Federal News Network's Justin Doubleday joins me with the latest. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The Pentagon is moving closer to kicking off its long awaited cyber security Maturity Model certification program. Small business advocates, though, are still worried about the high cost of CMMC compliance. Well, now there's a draft legislation coming from Capitol Hill to provide some smaller companies with a CMMC tax credit. Federal News Network's Justin Doubleday joins me with the latest. Learn more about your ad choices. Visit podcastchoices.com/adchoices

In this solo episode of the podcast, I spend a bit of time recapping a recent talk I gave together with Dan Ennis at Churn-In, ChurnZero's annual conference and also take some time to discuss the launch of the Digital CS Maturity Assessment, which you can go through by following this link for free: https://digitalcustomersuccess.com/dcsmaturity/I then go through a bit of Q&A from the Zero-In session itself! See the chapters to jump to a specific question.Chapters:00:00 - Intro01:18 - Churn-In Recap01:36 - Digital CS Maturity Assessment04:30 - How to Measure the ROI of your Digital program08:41 - Which self-service mediums are most effective in the SaaS world today that help to promote advocates and reduce support costs?13:58 - Do you have any books, podcasts or frameworks you would recommend for newbies?16:13 - “Tech Touch”, Digital SC and Scaled CS interchangeability18:21 - Incorporating contextual data in predictive modelingEnjoy! I know I sure did. Special shoutout to:- Dan Ennis: my awesome co-presenter at Churn-In- Keishla Ceasar-Jones, Malachi Hopoate, Sylvanie Tweed & Tom Battle for their great questions!Support the show+++++++++++++++++Like/Subscribe/Review:If you are getting value from the show, please follow/subscribe so that you don't miss an episode and consider leaving us a review. Website:For more information about the show or to get in touch, visit DigitalCustomerSuccess.com. Buy Alex a Cup of Coffee:This show runs exclusively on caffeine - and lots of it. If you like what we're, consider supporting our habit by buying us a cup of coffee: https://bmc.link/dcspThank you for all of your support!The Digital Customer Success Podcast is hosted by Alex Turkovic

For Episode 8 of the Guardians of M365 Governance monthly webcast, Ragnar Heil (@ragnarh), Joy Apple (@JoyOfSharePoint) and I were sorry that our planned guest, Sharon Weaver, was unable to join us this month for health reasons, but we'll be sure to add her back into the schedule soon. While we did not get to hear Sharon's perspective as a Core Team member for the M365 Maturity Model community, we did discuss the maturity model and share some of our own thoughts and experiences. This episode focused on “Leveraging the M365 Maturity Model” to enhance governance, risk, and compliance (GRC) practices. As regulatory environments grow more complex, organizations must evolve from reactive compliance efforts to a proactive approach where GRC is integrated into daily operations and strategic decision-making. We explored how the M365 Maturity Model helps organizations assess their current GRC maturity, identify gaps, and build a more resilient framework that supports both compliance and business growth. We discussed how one size does NOT fit all, and that it is important to tailor your governance framework to fit the unique needs of your organization, ensuring that compliance efforts align with your specific industry requirements and business objectives. From there, organizations can strategically use Microsoft 365 tools like Compliance Manager, Information Protection, and eDiscovery, as well as 3rd party governance solutions to streamline their management efforts and enhance operational efficiency. We also discussed how leadership plays a vital role in driving maturity, fostering a culture where governance is seen as a strategic priority and accountability is embedded at all levels. Finally, we emphasized the need for continuous improvement and adaptation in practices. The M365 Maturity Model serves as a living framework that organizations can use to regularly assess and refine their governance efforts, staying ahead of emerging risks and maintaining compliance in an ever-changing regulatory landscape. And as I mentioned last month, I'd like to once again encourage our viewers to share their own governance war stories and engage with the community within the governance community page at https://www.facebook.com/groups/m365governance.

In this interview, we sat down with Greg Smith (Head of Global Product and Solution Marketing, Certinia) to get his insights into the stages of data maturity within the AI adoption journey.Greg advices that a key distinction in the nature of data handling between generative and predictive AI. Unlike predictive AI, which primarily analyzes existing data, generative AI creates new data from existing information. This fundamental shift necessitates a robust data strategy aligned with AI objectives to maximize the technology's potential.The maturity model outlines a progression from fragmented data usage to a sophisticated, integrated approach. Organizations initially leverage external data for efficiency gains, but internal data becomes crucial for deeper insights and influencing business metrics. As AI adoption matures, a focus on closed-loop systems emerges, where predictions are continuously refined based on real-world outcomes. This journey involves both technological and cultural transformations, with early stages emphasizing technology and later stages prioritizing cultural changes such as data governance and AI skill development.The ultimate goal is to transition from efficiency gains to improved decision-making and scaled impact. ---- Greg Smith, Head of Global Product and Solution Marketing, Certinia.A primary focus of Greg's is to help services organizations of any size run a more efficient, profitable, and data-driven services organization.---- Recorded at SuperAI Singapore, 6th June 2024, 2.30pm. #mysecuritytv #ai #certinia #superai

Guest: Allyn Stott, Senior Staff Engineer, meoward.coOn LinkedIn | https://www.linkedin.com/in/whyallynOn Twitter | https://x.com/whyallyn____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of The Redefining CyberSecurity Podcast, host Sean Martin converses with Allyn Stott, who shares his insights on rethinking how we measure detection and response in cybersecurity. The episode explores the nuances of cybersecurity metrics, emphasizing that it's not just about having metrics, but having the right metrics that truly reflect the effectiveness and efficiency of a security program.Stott discusses his journey from red team operations to blue team roles, where he has focused on detection and response. His dual perspective provides a nuanced understanding of both offensive and defensive security strategies. Stott highlights a common issue in cybersecurity: the misalignment of metrics with organizational goals. He points out that many teams inherit metrics that may not accurately reflect their current state or objectives. Instead, metrics should be strategically chosen to guide decision-making and improve security posture. One of his key messages is the importance of understanding what specific metrics are meant to convey and ensuring they are directly actionable.In his framework, aptly named SAVER (Streamlined, Awareness, Vigilance, Exploration, Readiness), Stott outlines a holistic approach to security metrics. Streamlined focuses on operational efficiencies achieved through better tools and processes. Awareness pertains to the dissemination of threat intelligence and ensuring that the most critical information is shared across the organization. Vigilance involves preparing for and understanding top threats through informed threat hunting. Exploration encourages the proactive discovery of vulnerabilities and security gaps through threat hunts and incident analysis. Finally, Readiness measures the preparedness and efficacy of incident response plans, emphasizing the coverage and completeness of playbooks over mere response times.Martin and Stott also discuss the challenge of metrics in smaller organizations, where resources may be limited. Stott suggests that simplicity can be powerful, advocating for a focus on key risks and leveraging publicly available threat intelligence. His advice to smaller teams is to prioritize understanding the most significant threats and tailoring responses accordingly.The conversation underscores a critical point: metrics should not just quantify performance but also drive strategic improvements. By asking the right questions and focusing on actionable insights, cybersecurity teams can better align their efforts with their organization's broader goals.For those interested in further insights, Stott mentions his upcoming talks at B-Sides Las Vegas and Blue Team Con in Chicago, where he will expand on these concepts and share more about his Threat Detection and Response Maturity Model.In conclusion, this episode serves as a valuable guide for cybersecurity professionals looking to refine their approach to metrics, making them more meaningful and aligned with their organization's strategic objectives.___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

“We have 10 different aspects of quality, and testing is just a subset of activities in the overall quality culture. You need to have a good testing practice, but it's just a tiny part of quality culture." Janet Gregory and Selena Delesie are the co-authors of “Assessing Agile Quality Practices Using QPAM”. In this episode, we discuss how to elevate and improve our organization's quality culture and practices. Janet and Selena begin by explaining what quality culture truly entails, distinguishing it from a narrow focus on testing. They describe the QPAM model, breaking down its 10 quality aspects and 4 dimensions to provide you with a comprehensive model for assessing your quality practices. Gain insights on why social and sociotechnical aspects of quality are more critical than technical ones, and explore some quality aspects such as feedback loops, development approach, and defect management. Janet and Selena also elaborate on why they consider defect management to be of the lowest priority and provide reasoning for their decision. Whether you're a seasoned quality professional or a team leader striving for continuous improvement, this episode contains valuable takeaways to help you build a quality-driven culture that delivers high-quality results. Tune in to learn actionable tips for conducting your own quality assessment and driving quality transformation in your organization.   Listen out for: Career Journey - [00:02:10] Quality Culture - [00:04:58] Quality & Testing - [00:06:42] Quality Assessment - [00:08:37] 10 Quality Aspects - [00:11:00] The Importance of Sociotechnical - [00:13:30] QPAM is Not a Maturity Model - [00:16:11] 4 Dimensions - [00:19:52] Feedback Loops - [00:23:09] Explaining Feedback Loops - [00:25:45] Development Approach - [00:30:18] Defect Management - [00:33:03] Understanding the Problem - [00:37:19] Conducting a Quality Assessment - [00:40:26] Insights from Past Assessments - [00:44:49] 3 Tech Lead Wisdom - [00:49:04] _____ Janet Gregory's BioJanet Gregory is a testing and process consultant with DragonFire Inc. She specializes in showing agile teams how testing activities are necessary to develop good quality products. She works with teams to transition to agile development and has taught agile testing courses worldwide. She contributes articles to publications and enjoys sharing her experiences. Selena Delesie's BioAs a coach, consultant, and trainer, Selena helps leaders and executives shift into healthy leadership, business agility and to engage the strengths and passions of their team to produce a highly creative, productive and vibrant workforce. She is a published author and invited speaker on agility, quality and leadership practices. Selena is co-author, with Janet Gregory, of the books Assessing Agile Quality Practices with QPAM, and A Guide for Facilitating Quality Assessments, as well as a contributing author to other published works. Follow Janet and Selena: Janet's Twitter / X - @janetgregoryca Janet's LinkedIn - linkedin.com/in/janetgregory Janet's Website - janetgregory.ca Agile Tester - agiletester.ca Selena's LinkedIn – linkedin.com/in/selenadelesie  Quality Assessments using QPAM bundle – https://leanpub.com/b/qualityassessmentsusingqpam _____ Our Sponsors Enjoy an exceptional developer experience with JetBrains. Whatever programming language and technology you use, JetBrains IDEs provide the tools you need to go beyond simple code editing and excel as a developer.Check out FREE coding software options and special offers on jetbrains.com/store/#discounts.Make it happen. With code. Manning Publications is a premier publisher of technical books on computer and software development topics for both experienced developers and new learners alike. Manning prides itself on being independently owned and operated, and for paving the way for innovative initiatives, such as early access book content and protection-free PDF formats that are now industry standard.Get a 40% discount for Tech Lead Journal listeners by using the code techlead24 for all products in all formats. Like this episode?Show notes & transcript: techleadjournal.dev/episodes/182.Follow @techleadjournal on LinkedIn, Twitter, and Instagram.Buy me a coffee or become a patron.

On today's No Brainer, Greg and Geoff serve up a power-packed two-topic episode. In the first half, they dig into the AI Maturity Model they just released at their AI consultancy CognitivePath. Incorporating inputs from 100+ enterprise AI decision-makers, the maturity model lays out five stages and seven paths to take any organization from AI zero to AI hero. Greg and Geoff discuss why they feel the market needs a comprehensive maturity model and how business leaders can benefit from knowing where they stand. In the second part of the show, they guys switch gears and talk about Apple Intelligence. Smart move or too little too late? How might Apple's emphasis on the consumer experience and their keen understanding of the customer give them an advantage over other Big AI players? And wait, did Tim Cook just outsmart Sam Altman? (bwahahahaha). Chapters: 00:00 Introduction 02:26 Getting into the CognitivePath AI Maturity Model 07:18 Five Stages of AI Maturity 14:18 The Seven Paths to AI Maturity 20:07 Getting Into Apple Intelligence 26:01 Apple's Focus on Consumer Experience 36:15 Privacy and Simplicity in Apple Intelligence 40:32 Apple's Understanding of Consumer Wants and Needs Learn more about your ad choices. Visit megaphone.fm/adchoices

"Meet your users where they are!" - For Platform Engineering Teams that means understanding the current way your engineers work, understand their pain, and provide a solution that doesnt force them to change their behavior but provides a 10x efficiency improvement. Thats not easy to achieve but is what we discussed with Abby Bangser in our latest episodeAbby is a Team Topologies Advocate, has spent years at Thoughtworks helping organizations transform through Delivery Platforms and is now a Lead at the CNCF Platform Working Group. Tune in and hear our discussions on Why Platform Engineering is nothing new, how to avoid Platform Engineering Teams to become your next bottleneck and silo, why Platforms need to have more than one interface and why the purpose of Platform Engineering should be to bring good Developer Experience to all engineersHere all the links we discussed during this episodePlatform Engineering Maturity Model: https://tag-app-delivery.cncf.io/whitepapers/platform-eng-maturity-model/CNCF Platform Working Group: https://tag-app-delivery.cncf.io/wgs/platforms/KubeCon 2024 Talk: https://colocatedeventseu2024.sched.com/event/1YFdf/sometimes-lipstick-is-exactly-what-a-pig-needs-abby-bangser-syntasso-whitney-lee-vmwareGitHub Issue for Questionnaire: https://github.com/cncf/tag-app-delivery/issues/635Kratix: https://www.kratix.io/Abbys LinkedIn: https://www.linkedin.com/in/abbybangser/Abbys Events: https://www.paintedwavelimited.com/events 

Adam Morgan spends this episode of Real Creative Leadership breaking down his five-level creative leadership maturity model, a system designed to help creative leaders at every stage of their career find new ways to engage with their work and spark creative innovation in every aspect of their business. With decades of experience, Adam explores why creative leaders should be helping lead organizations in more than just their own department, and how a fresh perspective can transform not only design and copy, but budgets and company mission statements, too.Real Creative Leadership is a video and podcast series that helps creative leaders make an impact on the business world. The series is produced by The Stoke Group, a full-service digital marketing agency that specializes in content marketing, video, and interactive experiences. Our host, Adam Morgan, is a global brand, creative, and content leader, an Adweek Creative 100, and author of Sorry Spock, Emotions Drive Business. For more information, visit realcreativeleadership.com.#realcreativeleadership #leadership #creativity #business #industrytrends #creativetrends

Dave "CAC" Kellogg and Ray "Growth" Rike continue their discussion on the SaaS Metrics Maturity Model which includes the below five levels:Level 1: FoundationLevel 2: TrustLevel 3: Strategic LinkageLevel 4: Metrics CultureLevel 5: TrajectoryLevel 1: Lay the foundationDefinitions and calculationsPipeline stages, forecast categories, close dates, values, SaaS metricsSemantics - what do words like best case, forecast, commit and downside meanInstrument underlying systems (GL, CRM, Billing, HCM, etc)Consider Metrics CommitteeLevel 2: Build trustTemplates, templates, templatesMetrics selection & presentationHistory & context - always include footnotes on how metrics are calculatedRegular Cadence: which templates used at which meetings?Continuous improvement - fix data at the source, improve templatesLevel 3: Link Metrics to Business StrategyIdentify your top challenges Define 4-6 strategic goals - align metrics to those goalsLink department, team and individual objectives to the company metrics (OKRs)Level 4: Build a metrics cultureDemand numeracyManage to the regular metrics publishing cadenceMetrics conversations about the business impact NOT the metric calculation methodLevel 5: Agree on strategic trajectoryLong-range, driver-based modelsTimeframe: When are metrics goals targeted to be achieved, what are the milestones towards goalSequencing: Not everything at once - what is the priority order and associated timeframe for each metric's goalIf you are a creator, user or participant in how your company uses metrics to measure performance, inform decision making and/or report performance to your boss, your board and your investors this conversation will be valuable!!!See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

In this conversation, Ryan Williams and Kayne McGladrey discuss the evolving role of the CISO, the importance of governance, risk, and compliance (GRC), and the impact of AI in cybersecurity. They highlight the need for CISOs to have the full backing of their boards and the challenges they face in managing civil liability for processes they don't control. They also emphasize the importance of democratizing GRC knowledge and providing companies with tools like Hyperproof to assess and improve their cybersecurity maturity. The conversation touches on the increasing regulatory requirements and the need for companies to demonstrate compliance and accountability. The conversation explores the use of artificial intelligence (AI) in the governance, risk, and compliance (GRC) field. The guest, Kayne McGladrey, discusses the dual nature of AI, where it can both save time and raise concerns. He shares examples of how AI can be used to summarize information, generate control suggestions, and analyze large-scale signal data. However, he also highlights the ethical and practical challenges of relying too heavily on AI, such as the need for human judgment and accountability. Kayne emphasizes the importance of using AI as a tool to enhance human intelligence and focus on more meaningful tasks. Kayne's Socials: Kayne McGlandrey's LinkedIn - https://www.linkedin.com/in/kaynemcgladrey/ Hyperproof's website - https://hyperproof.io/ 11 Topics Your Section 1C of 10-K Filings Should Address - https://hyperproof.io/resource/cybersecurity-in-financial-disclosures-10-k-filings/ Please LISTEN

Dave "CAC" Kellogg and Ray "Growth" Rike discuss the 5 root causes that created the need to develop a SaaS Metrics Maturity Model for companies as they scale.The top five root causes that lead to the 15 primary problems in how companies use metrics include:There's no shared metrics foundationThere's no trustMetrics are not integral to strategyThe culture is not metrics-drivenMetrics are not being used define trajectory and long-term goalsThis episode discusses the key challenges in using metrics and the approaches to address those challenges. This discussion builds up to the introduction of the Metrics Maturity Model and the 5 levels of maturity:Level 1: FoundationLevel 2: TrustLevel 3: Strategic LinkageLevel 4: Metrics CultureLevel 5: TrajectoryIf you use, develop or just are a student of SaaS Metrics - this episode is full of insights and ideas on how to accelerate your company's metrics maturity model to level 5!!!See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Metrics are hard. Identifying which metrics to measure is even harder. So how do you get started? And how do you know when you have achieved true developer productivity zen? Like anything in life the path to mastery is a journey and today we are joined by a passionate staff engineer from Meta to share with us his theory on a developer productivity maturity model which paints a wonderful mental picture on knowing where we stand in our developer productivity journey and how companies can move through the stages. We also discuss productivity dashboards, if you actually need dashboards, how Meta thinks about developer productivity and more. Our guest, Karim Nakad, has his Masters of Computer Science from University of Wisconsin and previously worked for Amazon for SageMaker and Prime. He is currently a Staff Software Engineer at Meta making an impact in the productivity organization. He is dedicated to improving developer efficiency across the board and paving the way by generating and exposing productivity and code quality metrics across the tech industry and alongside leading experts and researchers. His excitement around improving the daily working lives of software engineers is palatable and contagious and I can't wait to dig in. I met our guest at a developer productivity engineering conference last year and when he summarized back to me the purpose of a project I was working on in such an eloquent manner I knew then he had to come on the podcast to share his thoughts and efforts around bringing happiness to engineers and building products for people. When our guest is not helping engineers move fast and be productive, he games and travels the world. He also two Macaws a green wing and a blue and gold. Enjoy! Connect with Karim: LinkedIn Twitter Threads Sponsor: Get Space: Do you know what pain points exist in your company? Install Get Space's real-time survey iteration tool now with code "buildwithpeople" and get 20% off your first year Episode correction: Karim wanted to clarify the difference and intersection between qualitative/quantitative and objective/subjective: Qualitative: Non-number data such as the subjective free-form text in surveys. Quantitative: Data that can be counted, such as subjective multiple-choice in surveys or objective system measurements. Show notes and helpful resources: DORA The SPACE framework Karim's best advice: “Anyone can be an expert you just need to read the code” Karim's everyday tool: Obsidian - note taking app Reflect note taking app The Hack language Karim says developer productivity is about creating an efficient and enjoyable experience as that is what encourages devs to do their best work To measure, rely on frameworks our there like DORA or SPACE and Karim recommends using metrics you already have to start with AutoFocus paper: Workgraph: personal focus vs. interruption for engineers at Meta - improved personal focus by over 20% KPIs rule of thumb takes two forms: Latency and Reliability An example of latency is test latency and how quickly do they complete An example of reliability is test reliability and how often your test delivers good signal Productivity Engineering Maturity Model (5 stages): Ignorance: Not know about or not prioritizing developer productivity Awareness: Forming a team focused on addressing highest pain points for example around continuous integration or testing Initiation: Merging KPIs into a common productivity goal and creating dashboards Refinement: Making recommendations on dashboards to improve productivity Mastery: Automating and integrating productivity improvements into workflows Advice for smaller companies: Keep an ear on the ground for industry research from companies like Google and Microsoft, and leverage frameworks like SPACE and DevEx to measure and improve productivity. The importance of nudging teams in the right direction rather than mandating productivity solutions, allowing teams to find their own paths to improvement. Building something cool or solving interesting problems? Want to be on this show? Send me an email at jointhepodcast@unfilteredbuild.com Podcast produced by Unfiltered Build - dream.design.develop.

Brian Childs, Managing Partner at Learning Outcomes, shares his customer education maturity model. Download the free powerups cheatsheet: https://marketingpowerups.com/062[00:00:00] The Importance of Customer Education[00:07:37] Proving ROI for Customer Training Initiatives[00:13:51] The Importance of Training Programs and Brand Positioning[00:22:19] Using Training as a Sales Qualification Tool[00:26:01] Patterns in Sales Training Program Challenges[00:30:15] The intersections between customer education and data silos[00:36:03] Top Tips for Creating a World-Class Training Program[00:39:20] Career Power-Ups and Creating a Star Map of an Organization[00:45:42] Brian Childs on Thought Industries, Moz, and Learning Outcomes

#253: As we move forward in 2024, one thing stands firm - platform engineering remains a significant focus for companies and has become a key component in the digital transformation journey. This realization drove the creation of the Platform Engineering Maturity Model, a comprehensive guide that serves organizations in various stages of their platform engineering journey. In this episode, we speak with Abby Bangser, one of the lead authors of the Platform Engineering Maturity Model published by CNCF.   Abby's contact information: X (Formerly Twitter): https://twitter.com/a_bangser LinkedIn: https://www.linkedin.com/in/abbybangser/   Platform Engineering Maturity Model https://tag-app-delivery.cncf.io/whitepapers/platform-eng-maturity-model/   YouTube channel: https://youtube.com/devopsparadox   Review the podcast on Apple Podcasts: https://www.devopsparadox.com/review-podcast/   Slack: https://www.devopsparadox.com/slack/   Connect with us at: https://www.devopsparadox.com/contact/

Have you ever felt stuck in a rut, repeating the same tasks, while knowing there is room for improvement? The Capability Maturity Model may be a way for you to start contributing to those improvements. In this podcast episode, Kevin Kline from SolarWinds walks us through how we might go from simply dealing with issues as they come, to being a contributor in decisions about the future of our organization. Listen in and learn about the levels of CMM, how they relate to those of us in data professions, and how you can apply the methodologies to become a leader who drives positive change, while doing what you love. Let us know what you think! What CMM level are you in presently? Did you get any good take-aways from today's podcast? Leave us some love ❤️ on LinkedIn, Twitter/X, Facebook, or Instagram.  The show notes for today's episode can be found at Episode 273: The Capability Maturity Model for Data Professionals. Have fun on the SQL Trail!  

The importance of CMMC (Cyber Security Maturity Model Certification) is described by Wayne Shaw, owner of Five 9s Consulting.Support the showLearn more at www.agcmo.org Please share our podcast with anyone interested in the construction industry!

If you've ever thought, "Hmm.. I'd love to 10x my Ops career," Jeff is your guy. Literally.With his OpsScale newsletter with a "10x your Ops career" tagline, Jeff regularly shares advice that he has picked up along the 15+ years in Marketing and RevOps roles. Over the years, he's built operations teams that utilize tech and process in innovative ways at companies like Workfront, Whistic, Hopin, and now, Coalition, Inc.In the latest episode of Change Enablers, Jeff and Ken cover:• the six phases of Jeff's Ops career maturity model and how they span across a tactical vs. strategic spectrum • ways ICs can start thinking about enablement impact well before they're in the next phase of their career• being a strategic partner and change agent in Operations • measuring success when you shift from order-taker mode to highly strategic and high-value work• prioritizing real-time enablement for your end usersWhere to find Jeff Cullimore:• LinkedIn: https://www.linkedin.com/in/jeffcullimore/• Newsletter: https://opsscale.substack.com/Where to find your host, Ken: • LinkedIn: https://www.linkedin.com/in/kenbabcock/• Twitter/X: https://twitter.com/bigredbabz• Change Enablers, a community by Tango: https://www.tango.us/change-enablers-communityLike what you heard? Subscribe, leave us a review, and let us know who in Operations and Enablement should be our next guest.

This presentation was recorded during MEDICA COMPAMED 2023. Stefan Bolleininger from Be on Quality did share with us the information about HEATMAP for Regulatory Affairs. The idea is mainly to be able to improve the visualisation of a certain state of your department or project. There will be the collection of data, the scoring, then the creation of the heatmap, the colour coding, the visualization, and analysis/actions.  So, if you want to find a refreshing way to present the situation of your projects, don't hesitate to learn this with this presentation. And download the presentation within the link below.  Who is Stefan Bolleininger?  Stefan Bolleininger is a key opinion leader and speaker for the medical device regulation MDR in Europe. He founded the be-on-Quality GmbH consulting agency to passionately support manufacturers during CE approvals or FDA approvals. This support covers the full chain of quality and regulatory requirements: Implementation, maintenance, audits, assessments, and inspections. In the area of “Risk Management and Usability for Medical Devices and Medical Networks”, he holds a teaching assignment at the the Technical University of Nuremberg and the VDI Technical Committee “Quality Assurance for Software in Medical Devices”.  Who is Monir El Azzouzi?  Monir El Azzouzi is the founder and CEO of Easy Medical Device a Consulting firm that is supporting Medical Device manufacturers for any Quality and Regulatory affairs activities all over the world. Monir can help you to create your Quality Management System, Technical Documentation or he can also take care of your Clinical Evaluation, Clinical Investigation through his team or partners. Easy Medical Device can also become your Authorized Representative and Independent Importer Service provider for EU, UK and Switzerland.  Monir has around 16 years of experience within the Medical Device industry working for small businesses and also big corporate companies. He has now supported around 100 clients to remain compliant on the market. His passion to the Medical Device filed pushed him to create educative contents like, blog, podcast, YouTube videos, LinkedIn Lives where he invites guests who are sharing educative information to his audience. Visit easymedicaldevice.com to know more.  Link:  Stefan Bolleininger LinkedIn Page:  https://www.linkedin.com/in/stefan-bolleininger-3a717028/  Be on quality  website: http://www.be-on-quality.com/en/home-en/  Download presentation: https://mailchi.mp/easymedicaldevice/265-heatmap  Medica Website: https://www.medica-tradefair.com/  Social Media to follow Monir El Azzouzi Linkedin: https://linkedin.com/in/melazzouzi Twitter: https://twitter.com/elazzouzim Pinterest: https://www.pinterest.com/easymedicaldevice Instagram: https://www.instagram.com/easymedicaldevice

We will provide a short introduction to OWASP SAMM, which is a flagship OWASP project allowing organizations to bootstrap and iteratively improve their secure software practice in a measurable way. Seba will explain the SAMM model, consisting of 15 security practices. Every security practice contains a set of activities, structured into 3 maturity levels. The activities on a lower maturity level are typically easier to execute and require less formalization than the ones on a higher maturity level. A the end we will cover how you can engage with the SAMM community and provide an overview of what happened at our latest SAMM User Day which happened on May 27th. Segment Resources: https://owaspsamm.org/ https://github.com/OWASPsamm https://app.slack.com/client/T04T40NHX/C0VF1EJGH -https://www.youtube.com/channel/UCEZDbvQrj5APg5cEET49A_g https://twitter.com/OwaspSAMM https://www.linkedin.com/company/18910344/admin/ Visit https://securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/vault-asw-6

In this episode of the Manufacturing Culture Podcast, host Jim Mayer interviews Lonnie Wilson, a lean manufacturing expert and founder of Quality Consultants. Lonnie shares his journey from working at Chevron to starting his consulting firm specializing in cultural change. He emphasizes the importance of respect for people and creating a learning culture in the manufacturing industry. Lonnie also discusses the learning model maturity cycle and the danger zone of pseudo-competence. Overall, the conversation highlights the need for continuous improvement and the role of leadership in driving cultural transformation. Lonnie explains the learning model and the importance of understanding the theory before applying it. He discusses the danger zone where managers often get stuck and the need for them to go through the journey of learning. Lonnie emphasizes the importance of applying the theory and creating standards to gain understanding. He also highlights the role of management in creating a learning culture and the power of unconscious competence. Lonnie concludes by discussing the awareness spectrum and the simplicity on the other side of complexity. Takeaways Cultural change in the manufacturing industry requires leadership commitment and modeling of desired behaviors. Creating a learning culture is essential for continuous improvement and staying ahead of the competition. The learning model maturity cycle consists of unconscious incompetence, conscious incompetence, conscious competence, and unconscious competence. The danger zone of pseudo-competence is a critical area where individuals may believe they are competent but lack the necessary knowledge and skills. Awareness is key in learning and decision-making, allowing individuals to make informed choices and consider potential outcomes. Understanding the theory is crucial before applying it in practice. Managers often get stuck in the danger zone and need to go through the journey of learning. Applying the theory and creating standards are essential for gaining understanding. Management is critical in creating a learning culture and driving cultural transformation. Unconscious competence is the ultimate level of mastery. The awareness spectrum and the simplicity on the other side of complexity are essential concepts to consider in cultural transformation. Chapters 00:00Introduction and Background 03:08Lonnie's Journey from Chevron to Quality Consultants 11:10Approach to Cultural Change in the Manufacturing Industry 18:39Learning Model Maturity Cycle 27:31Creating a Learning Culture 36:16The Danger Zone: Pseudo Competence 41:28The Importance of Awareness in Learning 42:57Understanding the Theory 43:27The Danger Zone 44:36The Incipient Awareness 45:33The Make or Break Point 46:32Applying the Theory 47:31Creating Standards 48:08The Initiative Mantra 48:59The Problem-Solving Mantra 49:41Sustaining the Standard 50:11Opportunities in the Boardroom 51:11Understanding in Different Environments 52:09Unconscious Competence 53:43The Willie Mays Syndrome 55:37The Awareness Spectrum 57:04The Awareness Paradox 57:35The Simplicity on the Other Side of Complexity 59:04Cultivating a Culture of Learning 01:00:40The Operational Definition of Culture 01:04:07The Managers as the Solution 01:05:31Distinguishing Intellectual Knowledge from Applicable Understanding 01:06:16The Awareness Paradox 01:07:32The Journey of Cultural Transformation Connect with Lonnie on LinkedIn or on his website. Special mention to Speroni for their innovative solutions in precision manufacturing, which align perfectly with the themes of continuous improvement and excellence discussed in this episode.

Patch Tuesday update. Another commercial surveillance company is outed. Voice security and the challenge of fraud. CISA updates its Zero Trust Maturity Model. Effects of the US intelligence leaks. Our guest Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, outlines CISA's role in the cybersecurity community. André Keartland of Netsurit makes the case for DevSecOps. Russian cyber auxiliaries believed responsible for disrupting the Canadian PM's website. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/70 Selected reading. Patch Tuesday overview. (CyberWire) DEV-0196: QuaDream's “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia (Microsoft Threat Intelligence)  Threat Report on the Surveillance-for-Hire Industry (Meta) Sweet QuaDreams: A First Look at Spyware Vendor QuaDream's Exploits, Victims, and Customers (The Citizen Lab) Voice Intelligence and Security Report (Pindrop) CISA Releases updated Zero Trust Maturity Model (Cybersecurity and Infrastructure Security Agency) CISA Releases Zero Trust Maturity Model Version 2 (Cybersecurity and Infrastructure Security Agency CISA) A leak of files could be America's worst intelligence breach in a decade (The Economist) Interagency Effort Assessing Impact of Leaked Documents, Strategizing Way Forward (U.S. Department of Defense) What we know about the Pentagon document leak (Axios) The ongoing scandal over leaked US intel documents, explained (Vox) Pentagon leak threatens Biden's foreign policy doctrine ahead of overseas trip (Axios) Schumer calls for all-senator briefing on leaked Ukraine documents (The Hill) The key countries and revelations from the Pentagon document leak (Washington Post)  Exclusive: Leaked U.S. intel document claims Serbia agreed to arm Ukraine (Reuters)  Up to 50 UK special forces present in Ukraine this year, US leak suggests (the Guardian) Egypt denies leak about supplying Russia with 40,000 rockets (Al Jazeera) DDoS attacks block PM Trudeau's web site (IT World Canada)