Measurement standards laboratory in the United States
POPULARITY
Categories
Send us a textHow do you build AI governance that scales without becoming the innovation police? In our final conversation with tech lawyer Gayle Gorvett, we tackle the ultimate balancing act facing every organization: creating robust AI oversight that moves at the speed of business. From shocking federal court rulings that could force AI companies to retain all user data indefinitely, to the Trump administration's potential overhaul of copyright law, this episode reveals how rapidly the legal landscape is shifting beneath our feet. Gayle breaks down practical frameworks from NIST and Duke University that adapt to your specific business needs while avoiding the dreaded legal bottleneck. Whether you're protecting customer data or designing the future of work, this customer success playbook episode provides the roadmap for scaling governance without sacrificing innovation velocity.Detailed AnalysisThe tension between governance speed and innovation velocity represents one of the most critical challenges facing modern businesses implementing AI at scale. Gayle Gorvett's insights into adaptive risk frameworks offer a compelling alternative to the traditional "slow and thorough" legal approach that often strangles innovation in bureaucratic red tape.The revelation about the OpenAI versus New York Times case demonstrates how quickly the legal landscape can shift with far-reaching implications. A single magistrate judge's ruling requiring OpenAI to retain all user data—regardless of contracts, enterprise agreements, or international privacy laws—illustrates the unpredictable nature of AI regulation. For customer success professionals, this uncertainty demands governance frameworks that can rapidly adapt to new legal realities without completely derailing operational efficiency.The discussion of NIST and Duke University frameworks reveals the democratization of enterprise-level governance tools. These resources make sophisticated risk assessment accessible to organizations of all sizes, eliminating the excuse that "we're too small for proper AI governance." This democratization aligns perfectly with the customer success playbook philosophy of scalable, repeatable processes that deliver consistent outcomes regardless of organizational size.Perhaps most intriguingly, the conversation touches on fundamental questions about intellectual property and compensation models in an AI-driven economy. Kevin's observation about automating human-designed workflows raises profound questions about fair compensation when human knowledge gets embedded into perpetual AI systems. This shift from time-based to value-based compensation models reflects broader changes in how customer success teams will need to demonstrate and capture value in an increasingly automated world.The technical discussion about local versus hosted AI models becomes particularly relevant for customer success teams handling sensitive customer data. The ability to contain AI processing within controlled environments versus leveraging cloud-based solutions represents a strategic decision that balances capability, cost, and compliance considerations.Gayle's emphasis on human oversight—Kevin's offeringPlease Like, Comment, Share and Subscribe. You can also find the CS Playbook Podcast:YouTube - @CustomerSuccessPlaybookPodcastTwitter - @CS_PlaybookYou can find Kevin at:Metzgerbusiness.com - Kevin's person web siteKevin Metzger on Linked In.You can find Roman at:Roman Trebon on Linked In.
Send us a textShe's the legal powerhouse behind IBM's AI ethics strategy — and she makes law fun. In this encore episode, we revisit a fan favorite: Christina Montgomery, formerly IBM's Chief Privacy and Trust Officer, now Chief Privacy and Trust Officer, GM. From guarding the gates of generative AI risk to advising on global regulation, Christina gives us a front-row seat to what's now, what's next, and what needs rethinking when it comes to trust, synthetic data, and the future of AI law.
Send us a textShe's the legal powerhouse behind IBM's AI ethics strategy — and she makes law fun. In this encore episode, we revisit a fan favorite: Christina Montgomery, formerly IBM's Chief Privacy and Trust Officer, now Chief Privacy and Trust Officer, GM. From guarding the gates of generative AI risk to advising on global regulation, Christina gives us a front-row seat to what's now, what's next, and what needs rethinking when it comes to trust, synthetic data, and the future of AI law.
En este videocast exploramos por qué la ciberseguridad OT se ha convertido en un pilar crítico para la continuidad operativa y la seguridad física de las industrias. Revisaremos el modelo Purdue, los marcos IEC 62443 y NIST 800-82, casos reales de implementación en energía e oil & gas, la convergencia IT/OT con IIoT e IoMT, y un plan de “quick wins” para obtener resultados en solo seis semanas. Cerramos con recomendaciones ejecutivas para Heads de Tecnología y Negocio que buscan blindar sus operaciones antes de 2026.
Ready to ace Domain 1 of the CISA exam? This episode dives deep into the Information Systems Auditing Process, giving you the practical knowledge and tools you need to audit with precision and pass with confidence. From audit planning and risk-based auditing to evidence collection and reporting, we unpack the fundamentals every IS auditor must master. Whether you're pursuing CISA certification or refining your auditing skills, this guide is your gateway to audit excellence.
Šebestián Bok nastopoval v posledních letech 100 000 kilometrů. V Afghánistánu ale narazil. Byl přepaden a okraden. Jak to přežil a jak se takový případ řeší v zemi, kde vládne Tálibán a není tam ani jedna ambasáda? Poslechněte si vyprávění v nové epizodě cestovatelského podcastu Casablanca!Všechny díly podcastu Casablanca můžete pohodlně poslouchat v mobilní aplikaci mujRozhlas pro Android a iOS nebo na webu mujRozhlas.cz.
Šebestián Bok nastopoval v posledních letech 100 000 kilometrů. V Afghánistánu ale narazil. Byl přepaden a okraden. Jak to přežil a jak se takový případ řeší v zemi, kde vládne Tálibán a není tam ani jedna ambasáda? Poslechněte si vyprávění v nové epizodě cestovatelského podcastu Casablanca!
Golden Bachelor favorites, and friends, Susan Noles and Theresa Nist, are giving great girlfriend-approved advice! They're talking about how to avoid being scammed when dating, how to get back out there after losing a partner, and ways to meet people if you live in a small town. Plus, the women give their unfiltered thoughts on the new season of Bachelor in Paradise, and their honest opinions on those ageist comments new Golden Bachelor, Mel Owens, recently made! And Susan and Theresa have a unique idea that producers should implement on Mel's upcoming season! Email us at: IDOPOD@iheartradio.com or call us at 844-4-I Do Pod (844-443-6763)Follow I Do, Part 2 on Instagram and TikTokSee omnystudio.com/listener for privacy information.
Golden Bachelor favorites, and friends, Susan Noles and Theresa Nist, are giving great girlfriend-approved advice! They're talking about how to avoid being scammed when dating, how to get back out there after losing a partner, and ways to meet people if you live in a small town. Plus, the women give their unfiltered thoughts on the new season of Bachelor in Paradise, and their honest opinions on those ageist comments new Golden Bachelor, Mel Owens, recently made! And Susan and Theresa have a unique idea that producers should implement on Mel's upcoming season! Email us at: IDOPOD@iheartradio.com or call us at 844-4-I Do Pod (844-443-6763)Follow I Do, Part 2 on Instagram and TikTokSee omnystudio.com/listener for privacy information.
Golden Bachelor favorites, and friends, Susan Noles and Theresa Nist, are giving great girlfriend-approved advice! They're talking about how to avoid being scammed when dating, how to get back out there after losing a partner, and ways to meet people if you live in a small town. Plus, the women give their unfiltered thoughts on the new season of Bachelor in Paradise, and their honest opinions on those ageist comments new Golden Bachelor, Mel Owens, recently made! And Susan and Theresa have a unique idea that producers should implement on Mel's upcoming season! Email us at: IDOPOD@iheartradio.com or call us at 844-4-I Do Pod (844-443-6763)Follow I Do, Part 2 on Instagram and TikTokSee omnystudio.com/listener for privacy information.
Golden Bachelor favorites, and friends, Susan Noles and Theresa Nist, are giving great girlfriend-approved advice! They're talking about how to avoid being scammed when dating, how to get back out there after losing a partner, and ways to meet people if you live in a small town. Plus, the women give their unfiltered thoughts on the new season of Bachelor in Paradise, and their honest opinions on those ageist comments new Golden Bachelor, Mel Owens, recently made! And Susan and Theresa have a unique idea that producers should implement on Mel's upcoming season! Email us at: IDOPOD@iheartradio.com or call us at 844-4-I Do Pod (844-443-6763)Follow I Do, Part 2 on Instagram and TikTokSee omnystudio.com/listener for privacy information.
Golden Bachelor favorites, and friends, Susan Noles and Theresa Nist, are giving great girlfriend-approved advice! They're talking about how to avoid being scammed when dating, how to get back out there after losing a partner, and ways to meet people if you live in a small town. Plus, the women give their unfiltered thoughts on the new season of Bachelor in Paradise, and their honest opinions on those ageist comments new Golden Bachelor, Mel Owens, recently made! And Susan and Theresa have a unique idea that producers should implement on Mel's upcoming season! Email us at: IDOPOD@iheartradio.com or call us at 844-4-I Do Pod (844-443-6763)Follow I Do, Part 2 on Instagram and TikTokSee omnystudio.com/listener for privacy information.
Golden Bachelor favorites, and friends, Susan Noles and Theresa Nist, are giving great girlfriend-approved advice! They're talking about how to avoid being scammed when dating, how to get back out there after losing a partner, and ways to meet people if you live in a small town. Plus, the women give their unfiltered thoughts on the new season of Bachelor in Paradise, and their honest opinions on those ageist comments new Golden Bachelor, Mel Owens, recently made! And Susan and Theresa have a unique idea that producers should implement on Mel's upcoming season! Email us at: IDOPOD@iheartradio.com or call us at 844-4-I Do Pod (844-443-6763)Follow I Do, Part 2 on Instagram and TikTokSee omnystudio.com/listener for privacy information.
Two Jersey Js with Jackie Goldschneider and Jennifer Fessler
Golden Bachelor favorites, and friends, Susan Noles and Theresa Nist, are giving great girlfriend-approved advice! They're talking about how to avoid being scammed when dating, how to get back out there after losing a partner, and ways to meet people if you live in a small town. Plus, the women give their unfiltered thoughts on the new season of Bachelor in Paradise, and their honest opinions on those ageist comments new Golden Bachelor, Mel Owens, recently made! And Susan and Theresa have a unique idea that producers should implement on Mel's upcoming season! Email us at: IDOPOD@iheartradio.com or call us at 844-4-I Do Pod (844-443-6763)Follow I Do, Part 2 on Instagram and TikTokSee omnystudio.com/listener for privacy information.
Golden Bachelor favorites, and friends, Susan Noles and Theresa Nist, are giving great girlfriend-approved advice! They're talking about how to avoid being scammed when dating, how to get back out there after losing a partner, and ways to meet people if you live in a small town. Plus, the women give their unfiltered thoughts on the new season of Bachelor in Paradise, and their honest opinions on those ageist comments new Golden Bachelor, Mel Owens, recently made! And Susan and Theresa have a unique idea that producers should implement on Mel's upcoming season! Email us at: IDOPOD@iheartradio.com or call us at 844-4-I Do Pod (844-443-6763)Follow I Do, Part 2 on Instagram and TikTokSee omnystudio.com/listener for privacy information.
Golden Bachelor favorites, and friends, Susan Noles and Theresa Nist, are giving great girlfriend-approved advice! They're talking about how to avoid being scammed when dating, how to get back out there after losing a partner, and ways to meet people if you live in a small town. Plus, the women give their unfiltered thoughts on the new season of Bachelor in Paradise, and their honest opinions on those ageist comments new Golden Bachelor, Mel Owens, recently made! And Susan and Theresa have a unique idea that producers should implement on Mel's upcoming season! Email us at: IDOPOD@iheartradio.com or call us at 844-4-I Do Pod (844-443-6763)Follow I Do, Part 2 on Instagram and TikTokSee omnystudio.com/listener for privacy information.
Join the conversation with C4 & Bryan Nehman. C4 & Bryan started the show this morning discussing a Wall Street Journal article related to a birthday card that now President Trump sent to Epstein for his 50th birthday with a strange message. Testing of drugs from the mass overdose at Penn North at NIST. C4 & Bryan react to the interview with Governor Moore & TJ Smith. Acting MD I.C.E. Director Nikita Baker joined the show this morning to provide an update as well as answer questions that have been brought up in the media such as if agents can wear masks & if there would be workplace raids. Orioles broadcaster Brett Hollander also joined the show with a preview of the weekend series in Tampa Bay and a look ahed to the 2nd half of the season and what could be done at the trade deadline. Listen to C4 & Bryan Nehman live weekdays from 5:30 to 10am on WBAL News Radio 1090, FM 101.5 & the WBAL Radio App.
Federal Tech Podcast: Listen and learn how successful companies get federal contracts
Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com According to Forrester, 48% of organizations have more than one hundred tools in a typical toolchain. How many are not being used? How many duplicates are there? How many can remove abilities in other tools? When you deal with a company, they are getting paid to focus on their solution and ignore others. When you deal with a reseller, they have biases, respond to changes quickly, and understand the complexities of vendors in “swim lanes,” which can include competitors. Today, we sit down with Sam O'Daniel, the President and CEO of TVAR. The conversation ranged from selection of the correct tool to procurement and licensing models. For example, in a recent interview, Scott Rose from NIST talked about modern technology that may include IPv6. The sad news is that it prevents scanning address blocks because it cannot scan all the addresses that IPv6 covers. TVAR collaborates with numerous vendors and is familiar with the strengths and weaknesses of each. Additionally, he understands which vendors work well together and respects the concept of their “swim lanes” in the context of federal technology. A typical federal leader cannot spend five hours a day keeping up with modern technology; resellers must maintain updated knowledge, which they can provide federal agencies with a perspective that few have. The conversation also addresses the challenges of procurement and the need for tool consolidation to minimize government waste.
In the 16th part of the Fire Fundamentals series, we invite Randy McDermott from NIST to join us for a deep dive into turbulence and its critical role in fire dynamics modelling. We explore the physics behind turbulent combustion and how it fundamentally shapes fire behaviour, plume dynamics, and simulation accuracy.In this episode we cover:Defining turbulence as the enhancement of mixing and heat transfer through the creation of eddies and instabilitiesUnderstanding length scales in turbulence from the integral scale to the Kolmogorov scalePractical considerations when choosing grid resolutions for different fire engineering applicationsHow turbulence models work in Large Eddy Simulation (LES) and what they representLimitations of the D* criterion for mesh sizing and why higher resolution may be neededDifferences between pre-mixed and diffusion flames in turbulent combustionTime scales in fire and the concept of Damköhler number in determining combustion behaviourEntrainment physics at the base of fire plumes requires centimetre-scale resolutionWhy turbulence modelling ultimately determines the accuracy of fire simulations----The Fire Science Show is produced by the Fire Science Media in collaboration with OFR Consultants. Thank you to the podcast sponsor for their continuous support towards our mission.
Cybersecurity Insights for Business Leaders: Expert Advice from Derek Kernus of Aethon SecurityIn today's rapidly evolving digital world, cybersecurity is no longer just a concern for large enterprises—it's a critical part of every organization's strategy. In this recent episode of The Thoughtful Entrepreneur, host Josh Elledge sat down with Derek Kernus, CEO of Aethon Security, to discuss how business leaders can protect their organizations from the growing wave of cyber threats. The conversation dives deep into the importance of cybersecurity, compliance, and practical steps that leaders can take to stay ahead of the curve in an increasingly complex landscape.Understanding Cybersecurity and Compliance in Today's Business WorldDerek Kernus opens the conversation by highlighting the current cybersecurity threats faced by businesses today. Nation-state actors from China and Russia are increasingly targeting U.S. government networks and contractors, aiming to steal sensitive information or disrupt critical infrastructures like energy grids, water systems, and healthcare. As businesses digitize more of their operations, the number of potential attack points expands, making it essential for leaders to treat cybersecurity as a core business risk.Derek emphasizes the importance of compliance, particularly for government contractors who must meet cybersecurity standards like the Cybersecurity Maturity Model Certification (CMMC). Failure to comply with these requirements can result in lost contracts, legal penalties, and reputational damage. Even in the private sector, companies are increasingly expected to adopt rigorous cybersecurity measures. By understanding and implementing these frameworks, businesses can ensure that they are protected and ready to meet both governmental and industry-specific standards.The episode also addresses real-world cyber threats, including the Colonial Pipeline attack and attempts to disrupt municipal water systems, underscoring the need for proactive security measures. Derek offers actionable cybersecurity tips for business leaders to improve their organizational defenses and protect sensitive data.Actionable Cybersecurity Tips for Business LeadersDerek shares several practical, actionable cybersecurity steps that leaders can implement immediately to enhance their company's security posture. One of the most essential steps is implementing Multi-Factor Authentication (MFA) across all critical accounts. MFA significantly reduces the risk of unauthorized access, even if passwords are compromised. Derek advises prioritizing MFA for administrative and remote access accounts and training employees on how to use it.Another key recommendation is to conduct regular vulnerability scans. These scans help identify system weaknesses before they can be exploited. Derek stresses the importance of automating these scans, prioritizing high-risk vulnerabilities, and keeping records of the scans and remediation efforts for compliance purposes. Additionally, keeping software and systems up to date is crucial. Outdated software often serves as a gateway for cybercriminals, so applying patches and updates promptly can close those security gaps.Finally, Derek encourages business leaders to leverage federal cybersecurity frameworks like NIST and CMMC to better manage risks and ensure compliance. These frameworks offer structured, proven guidelines to assess and improve cybersecurity defenses, making them invaluable tools for organizations of all sizes. Derek advises that even non-government contractors benefit from adopting these best practices.About Derek KernusDerek Kernus is the CEO of Aethon Security, a cybersecurity consulting firm that helps organizations navigate complex compliance requirements and protect their data from cyber threats. Derek brings years of...
Send us a textSpeaker: Omry Farajun, President, Storage GuardianOmry spoke about the critical cybersecurity strategies for Managed Service Providers (MSPs), emphasizing the necessity of documentation and incident response plans. He highlighted the creation of incident response runbooks aligned with the NIST 2.0 framework to ensure effective incident management. The importance of conducting tabletop exercises was stressed, particularly to identify communication gaps in scenarios involving compromised systems like M365. He also noted that cyber insurance companies now mandate documented incident response plans to prevent policy denials, reinforcing the need for MSPs to prioritize these strategies.Omry also touched on funding opportunities, mentioning the Ontario Innovation Centre's initiative offering up to $200,000 in grants to enhance cybersecurity awareness among Ontario-based MSPs.
Controlling who can access what — and when — is at the core of enterprise cybersecurity. In this session, we guide you through a step-by-step audit process for Logical Access Controls, essential for protecting sensitive systems and meeting global standards like ISO 27001, NIST, and GDPR.Learn how to assess user access, role-based permissions, and privileged accounts (PAM). We'll also explore tools and techniques to detect misconfigurations, enforce least privilege, and ensure identity governance. This practical guide includes audit checklists, risk-based approaches, and real-world examples to strengthen your access management framework.
Bob Burke, Chief Information Security Officer at Beyond Identity, challenges the effectiveness of traditional multi-factor authentication (MFA) in the evolving landscape of cybersecurity. He argues that legacy MFA solutions, which often rely on out-of-band authorization methods like push notifications or one-time passwords, are no longer sufficient against the rising tide of sophisticated cyber threats. With the advent of services like phishing-as-a-service, attackers can easily bypass these outdated security measures, necessitating a shift towards phishing-resistant authentication methods. Burke emphasizes the need for organizations to adopt solutions that not only enhance security but also consider device posture and trustworthiness.Burke also critiques the current state of FIDO2 and passkeys, acknowledging their potential while highlighting their limitations, particularly in terms of device posture and user experience. He suggests that small to mid-sized businesses (SMBs) should prioritize phishing-resistant solutions that integrate both browser protection and device authentication. Furthermore, he raises concerns about the pricing models of many Software as a Service (SaaS) providers, which often place essential security features behind higher-tier subscriptions, effectively discouraging customers from adopting more secure practices.The conversation shifts to the endpoint detection and response (EDR) market, where Burke notes that while EDR solutions are still necessary, they are evolving into more comprehensive offerings like extended detection and response (XDR). He points out that many of these solutions are priced for enterprise-level organizations, leaving SMBs and mid-market companies struggling to find affordable options. Burke encourages these organizations to seek out solutions that fit their budget while still providing essential security capabilities.Finally, Burke shares insights from his experience with the FedRAMP certification process, emphasizing the importance of building internal security competencies and integrating security into product design from the outset. He advocates for a clear internal compliance program, such as NIST, to guide organizations in their security efforts. As the cybersecurity landscape continues to evolve, Burke warns that the tempo and scope of attacks are increasing, driven by advancements in AI, and urges organizations to reassess their security architectures to stay ahead of emerging threats. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech
The Institute of Internal Auditors Presents: All Things Internal Audit Tech Quantum computing might sound futuristic, but internal auditors need to prepare now. Bill Truett catches up with Nick Reese to talk about what's changed in the quantum space — including new cryptography standards — real-world risks, and what internal auditors can do today to get ready. HOST:Bill Truett, CIA, CISA Senior Manager, Standards & Guidance, IT, The IIA GUEST:Nick Reese Co-founder and Chief Operating Officer, Frontier Foundry Adjunct Professor, New York University KEY POINTS: Introduction and What's New in Quantum [00:00-01:34] What is Quantum Computing? [00:01:34-05:57] Milestones in Quantum Development [00:05:58-07:50] Quantum + AI? Not Yet [00:08:12-09:58] What Auditors Should Know About NIST Standards [00:10:00-11:54] Immediate Steps for Internal Audit [00:13:15-17:38] Legislation and Regulatory Outlook [00:20:28-22:19] Global Threats and Historical Analogies [00:22:20-26:11] Key Terms Auditors Should Learn [00:26:17-28:34] Training Resources [00:28:35-31:00] Opportunities Beyond Risk Management [00:31:00-34:11] The Five-Year Vision [00:34:16-37:21] THE IIA RELATED CONTENT: Interested in this topic? Visit the links below for more resources: 2025 Governance, Risk & Controls Conference All Things Internal Audit: Quantum Computing GTAG: Assessing Cybersecurity Risk Cyber Resource Center Post-Quantum Cryptography Roadmap – DHS.gov NIST's Post-Quantum Cryptography Project Visit The IIA's website or YouTube channel for related topics and more. Follow All Things Internal Audit: Apple PodcastsSpotify LibsynDeezer
In Part 1 of this eye-opening DroneCast conversation, host Joe Kearns sits down with Greg Reverdiau, co-founder of the Pilot Institute and veteran aviation expert, to explore the future of drone training in public safety. Moving beyond basic Part 107 certification, Greg shares practical insights into building confident, capable drone teams through structured programs, NIST-based proficiency standards, and scenario-based learning. Whether you're starting a program or refining existing training, this episode offers actionable guidance to raise your team's readiness and performance.
Send us a textReady to navigate the complex world of AI governance without getting lost in legal jargon? This episode delivers a masterclass in building ethical AI frameworks that actually work for your business. Global tech lawyer and fractional general counsel Gayle Gorvett breaks down the essential guardrails every company needs before diving headfirst into AI implementation. From her work with Duke University's AI working groups to real-world enterprise applications, Gayle reveals why treating AI like the "shiny new toy" without proper governance is a recipe for disaster. Whether you're protecting customer data or safeguarding your company's future, this customer success playbook episode provides the foundational knowledge to approach AI adoption with confidence and compliance.Detailed AnalysisThe AI revolution isn't just changing how we work—it's fundamentally reshaping the legal and ethical landscape of business operations. Gayle Gorvett's expertise in AI governance comes at a crucial time when companies are rushing to implement AI solutions without adequate safeguards. Her comparison of current AI hype to the blockchain frenzy of a decade ago serves as a sobering reminder that sustainable innovation requires thoughtful planning, not just technological enthusiasm.The multidisciplinary approach Gayle advocates represents a significant shift in how businesses should structure their AI initiatives. Gone are the days when technology decisions could be made in isolation. Modern AI governance demands collaboration between business functions, technical teams, and legal counsel—creating a new paradigm for cross-functional leadership in customer success organizations.For customer success professionals, the implications extend far beyond internal operations. When AI systems interact with customer data, handle support tickets, or predict customer behavior, the governance framework becomes a direct reflection of your company's commitment to customer trust. Gayle's emphasis on informing customers about AI usage highlights how transparency has evolved from a nice-to-have to a business imperative.The Duke AI Risk Framework and NIST guidelines she references provide actionable starting points for organizations feeling overwhelmed by the governance challenge. These resources democratize access to enterprise-level AI governance, making sophisticated risk assessment accessible to companies of all sizes. This democratization aligns perfectly with the customer success playbook philosophy of scalable, repeatable processes that drive consistent outcomes.Perhaps most importantly, Gayle's 26-year perspective in technology law offers historical context that many AI discussions lack. Her experience through previous technology waves—from the early internet boom to blockchain—provides valuable pattern recognition for identifying sustainable AI strategies versus fleeting trends. This wisdom becomes particularly relevant for customer success leaders who must balance innovation with the reliability their customers depend on.Now you can interact with us directly by leaving a voice message at htKevin's offeringPlease Like, Comment, Share and Subscribe. You can also find the CS Playbook Podcast:YouTube - @CustomerSuccessPlaybookPodcastTwitter - @CS_PlaybookYou can find Kevin at:Metzgerbusiness.com - Kevin's person web siteKevin Metzger on Linked In.You can find Roman at:Roman Trebon on Linked In.
Andrew Clearwater is a Partner at Dentons' Privacy and Cybersecurity Team and a recognized authority in privacy and AI governance. Formerly a founding leader at OneTrust, he oversaw privacy and AI initiatives, contributed to key data protection standards, and holds over 20 patents. Andrew advises businesses on responsible tech implementation, helping navigate global regulations in AI, data privacy, and cybersecurity. A frequent speaker, he offers insight into emerging compliance challenges and ethical technology use. In this episode… Many companies are diving into AI without first putting governance in place. They often move forward without defined goals, leadership, or alignment across privacy, security, and legal teams. This leads to confusion about how AI is being used, what risks it creates, and how to manage those risks. Without coordination and structure, programs lose momentum, transactions are delayed, and expectations become harder to meet. So how can companies build a responsible AI governance program? Building effective AI governance programs starts with knowing what's in use, why it's in use, what data AI tools and systems collect, the risk it creates, and how to manage it. Standards like ISO 42001 and the NIST AI Risk Management Framework help companies guide this process. ISO 42001 offers the benefit of certification and supports cross-functional consistency, while NIST may be better suited for organizations already using it in related areas. Both frameworks help companies define the scope of AI use cases, understand the risks, and inform policies before jumping into controls. Conducting data inventories and utilizing existing risk management processes are also essential in identifying shadow AI introduced by employees or third-party vendors. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Andrew Clearwater, Partner at Dentons, about how companies can build responsible AI governance programs. Andrew explains how standards and legal frameworks support consistent AI governance implementation and how to encourage alignment between privacy, security, legal, and ethics teams. He also outlines the importance of monitoring shadow AI across third-party vendors and practical steps companies can take to effectively structure their AI governance programs.
Federal Tech Podcast: Listen and learn how successful companies get federal contracts
Seventy percent of the world's internet traffic goes through Ashburn, Virginia. That fact has led to the growth of over five hundred data centers in Northern Virginia. Today, we sat down with one of those companies to examine its data centers and its relationship with the federal government. John Reynolds is the Director of QTS Federal. He has decades of experience in federal technology and provides the listener with an overview of QTS's origins, its values, and recent growth. He views the data center business as a real estate endeavor. Land is acquired, a facility is constructed, and it has occupants. A company like Amazon Web Services have their dedicated data centers; QTS can house several different customers. We do not know the specific names; we can assume they are as large as Facebook and encompass federal agencies of all types. Facebook may require one set of standards when it comes to security, and the NIST provides guidelines for federal data protection, which QTS includes as part of its compliance. The company participates in the community and understands the impact of energy requirements and cooling for local communities. John Reynolds highlights the importance of resilience with multi-layered power redundancy and advanced energy contracts. QTS is also expanding into Europe and exploring alternative power sources due to grid limitations.
When NIST released the first post-quantum cryptography standards in August 2024, it set off a domino effect that will hopefully result in protecting the world from the quantum computing threat. Now that we're beginning to migrate and trust our data to lattice-based cryptography, it's a good time to examine how ML-KEM works and get some hints about how to implement it well. And who better to ask than one of the coauthors of the PQC standard? Join host Konstantinos Karagiannis for a wide-ranging chat with Joppe Bos from NXP, where they discuss the past and future of ML-KEM. For more information on NXP, visit www.nxp.com/. Visit Protiviti at www.protiviti.com/US-en/technology-consulting/quantum-computing-services to learn more about how Protiviti is helping organizations get post-quantum ready. Follow host Konstantinos Karagiannis on all socials: @KonstantHacker and follow Protiviti Technology on LinkedIn and Twitter: @ProtivitiTech. Questions and comments are welcome! Theme song by David Schwartz, copyright 2021. The views expressed by the participants of this program are their own and do not represent the views of, nor are they endorsed by, Protiviti Inc., The Post-Quantum World, or their respective officers, directors, employees, agents, representatives, shareholders, or subsidiaries. None of the content should be considered investment advice, as an offer or solicitation of an offer to buy or sell, or as an endorsement of any company, security, fund, or other securities or non-securities offering. Thanks for listening to this podcast. Protiviti Inc. is an equal opportunity employer, including minorities, females, people with disabilities, and veterans.
In episode 141 of Cybersecurity Where You Are, Tony Sager is joined by Phyllis Lee, VP of SBP Content Development at the Center for Internet Security®(CIS®); and Julie Haney, Computer Scientist & Human-Centered Cybersecurity Researcher at the National Institute of Standards and Technology (NIST). Together, they use a human-centered understanding of security to discuss password policies, including their benefits, drawbacks, and efficacy. Here are some highlights from our episode:01:03. Introductions to Phyllis and Julie03:34. How "human-centered cybersecurity" goes beyond just usability05:35. The use of NIST and other authoritative sources to dispel confusion in cybersecurity09:09. How password policies positively and negatively impact human behavior15:06. Three anecdotes that showcase the importance of context when enacting security policy21:49. The process of using NIST SP 800-63 to recommend password security best practices27:11. Our changing understanding of "the human element"29:23. The need to do cybersecurity awareness training "right" and measure its effectiveness31:30. Recognition of the absence of natural systems thinking in cybersecurity33:14. Psychological safety, feedback, and trust as foundations of security culture39:03. Human touchpoints as a starting point to help usability and security work togetherResourcesCIS Password Policy GuideNIST SP 800-63 Digital Identity GuidelinesEpisode 98: Transparency as a Tool to Combat Insider ThreatsEpisode 110: How Security Culture and Corporate Culture MeshWhy Employee Cybersecurity Awareness Training Is ImportantIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
This conversation delves into the intersection of quantum computing and cryptography, focusing on the implications of quantum computers for current encryption methods and the necessity for post-quantum cryptography. Dr. Dustin Moody from NIST discusses the threats posed by quantum computing, particularly through Shor's algorithm, and the ongoing efforts to develop new cryptographic standards that can withstand these threats. The discussion also covers the role of NIST in standardizing post-quantum algorithms, the mathematical challenges involved, and the importance of preparing businesses for the transition to these new systems. All opinions are of the individual scientist and do not reflect the opinions of NIST or the federal Government.Takeaways Quantum computers harness principles of quantum physics for computation. Shor's algorithm can efficiently factor large numbers, threatening RSA encryption. Post-quantum cryptography aims to develop algorithms resistant to quantum attacks. NIST is leading the effort to standardize post-quantum cryptographic algorithms. Lattice-based algorithms are promising for post-quantum cryptography due to their efficiency. Businesses must be proactive in transitioning to post-quantum cryptography. The Harvest Now, Decrypt Later threat highlights the urgency of transitioning. Quantum key distribution offers theoretically perfect security. Different cryptographic algorithms are needed for various applications and devices. The future of cryptography will rely on new mathematical challenges to ensure security.Keywordsquantum computing, cryptography, post-quantum cryptography, NIST, cybersecurity, Shor's algorithm, digital signatures, lattice-based algorithms, encryption, quantum threatsSubscribe to Breaking Math wherever you get your podcasts. Become a patron of Breaking Math for as little as a buck a monthFollow Breaking Math on Twitter, Instagram, LinkedIn, Website, YouTube, TikTokFollow Autumn on Twitter and InstagramBecome a guest hereemail: breakingmathpodcast@gmail.com
On this episode of The Founder's Sandbox, Brenda speaks with David Hirschfeld, owner of 18 year old business Tekyz, that boasts a hyperexceptional development team building high “ticket” products in the B2B space. They speak about ways in which AI is a gamechanger, how Tekyz backs their work for clients with relentless pursuit of quality, and how Tekyz practices ruthless compassion,to protect the company and enable it to grow Having collaborated with over 90 startups, he developed the Launch 1st Method—a systematic approach that minimizes risks and accelerates software company success with reduced reliance on investor funding, after observing that many companies launch a product first and then fail at a later stage – With Tekyz approach of Launch 1st exceptional founders are in love with the problem not the product. David's expertise bridges cutting-edge AI technologies, workflow optimization, and startup ecosystem dynamics. When not transforming business strategies, he enjoys woodworking, golfing, and drawing leadership insights from his experience raising four successful sons. You can find out more about David and Tekyz at: https://sites.google.com/tekyz.com/david-hirschfeld?usp=sharing https://tekyz.podbean.com/ - Scaling Smarter Episodes. www.scalingsmarter.net - Schedule an interview https://www.linkedin.com/in/dhirschfeld/ https://x.com/tekyzinc https://www.linkedin.com/in/dhirschfeld/ https://www.facebook.com/dmhirschfeld transcription: 00:04 Welcome back to the Founders Sandbox. I am Brenda McCabe, the host here on this monthly podcast, now in its third season. This podcast reaches entrepreneurs, business owners that are scaling. 00:31 professional service providers that provide services to these entrepreneurs, and corporate board directors who, like me, are building resilient, purpose-driven, and scalable businesses with great corporate governance. My guests to this podcast are business owners themselves, professional service providers, and corporate directors who, like me, want to use the power of the private company to build a better 01:01 world through storytelling with each of my guests in the sandbox. My goal is to provide a fun sandbox environment where we can equip one founder at a time to build a better world through great corporate governance. So today I'm absolutely delighted to have as my guest, David Hirschfeld. David is the owner and CEO of Techies, 17 or 18 year old business now that boasts 01:29 a hyper exceptional development team that are building high ticket products in the B2B space. Welcome David to the Founder Sandbox. Hi Brenda and thanks for having me. Great. So I'm delighted that we actually did a dry run in February. We've known each other for some time and AI, we're going to be touching on AI. And I think that the world of AI 01:58 particularly in software development, has changed significantly since we last spoke in February. So we're going to be getting into some, I think, novel concepts for the listeners of the Founder Sandbox. So I wanted to, you I always talk about how I like to work with growth stage companies that typically are bootstrapped and 02:26 It's only at a later stage do they seek institutional investment by building great corporate governance and reducing the reliance on investor funding until such a time that they choose the right type of investors that can help them scale. So when I found out what you do at Techies with Launch First and the type of work you do in B2B businesses, I absolutely wanted to have you here on the founder sandbox. 02:56 So let's jump right in, right? I think I'm eager to learn more about how to scale your bespoke development at Techies, right? To scale my own business? Okay. So there's a lot of different aspects to scaling my business and I bootstrapped for the last 18 years. 03:25 I've never taken any investment with techies. And I've done that very specifically because it gives me a lot of freedom. I don't have a reporting structure that I have to worry about. That doesn't mean that I can be lazy with my team. To grow my team, I have a philosophy 03:52 that I only hire people that are smarter than I am. And the ones that are in a position to hire, they can only hire people that are smarter than them. And by really sticking to this philosophy, even though sometimes it makes us grow a little slower than we would like, it means that when we bring in people, those people contribute immediately and contribute in a way 04:21 that it's our job to get the impediments out of their way and to facilitate them so that they can contribute and help us grow the company. So I call it the ball rolls uphill here because my job is to support everybody that is above me, which is everybody. And then the people that I support directly, their job is to support the people that are above them. 04:51 Because if we're hiring correctly, then people that we bring in can contribute in the area that we're bringing them in way more than the person that's hiring them. Okay. Thank you for that. So before you launched Techies, you had a career in companies like, I believe, Computer Associates, right? Texas Experiments and TelaMotorola. 05:19 There was a period of time between your experience in these large corporations before your launch tech is where you actually had your own startup and you sold it in 2000, right? And I believe you also learned perhaps with the second startup about how hard it is to find product market fit. Can you talk to that for my listeners, please? 05:46 I don't know that it's that hard to find product market fit. It depends if that's your focus or not. If your focus is to nail down product market fit, then it's not that hard to determine whether you can achieve that or not fairly quickly. You can do that by selling your product to potential customers. That sounds strange. Of course, we all want to sell our products, but 06:14 What I'm suggesting is you start selling your product before you have a product, before you have a full product. And I don't mean an MVP, but a design prototype. You go out to the market and you start to sell it. If you have product market fit and you've identified the early adopter in your market and you know that they have a very high need from a perception perspective and there's a big cost to the problem that you're solving. 06:45 then you can offer them a big enough value upfront that they'll buy your product early and you can prove that there's a market for your product and they'll buy it in enough numbers that you can achieve a measurable metric, which I kind of call the golden ratio, which is three to one in terms of what is the lifetime value of a customer versus what does it cost to acquire that customer? And you can get to that three to one ratio. 07:13 in a prelaunch sale model before you ever started developing your product as a way of proving product market fit. Or you pivot quickly and cheaply because you're not having to rebuild a product that you've built in the wrong way. Or you fail fast and cheap. And every entrepreneur's first goal should be to fail fast and cheap. know that sounds backwards, but that should be your goal is that you can fail fast and cheap or if you 07:42 If you fail to fail fast and cheap, that means you've found a path to revenue and product market fit. And now you know you have a viable business. making the investment to build the product is a no brainer. And you came upon this methodology, right? Yes. because you did yourself when you had your first company, you did not understand the funding part, right? Can you talk? 08:12 a bit about your specific example and then how that's informed now 17 years of techies and over 90 projects with startups. Okay. So my first company was Bootstrap. Okay. And that one was successful and we grew it despite me, it was me and a partner. And despite ourselves, we grew it over eight years. 08:39 where he ended up with 800 customers in 22 countries and sold it to a publicly traded firm out of Toronto. That was in the product food, snack food distribution business because that was what our product was focused on. So I started another company about five years later, not realizing the things that I did the first time. 09:08 that made it so successful, which really fit the launch first model to a large degree. But the second time I built a product that would have been successful had I followed my first model, but I didn't. So I went the route of building an MVP and getting customers on a free version of it, and then going out and trying to raise money, which is the very classic approach that the SaaS products 09:38 take now. And the problem is with that approach is that you end up digging a really deep hole in terms of the investment that you make to build the product with enough functionality that you can convince people it's worth putting an investment in and you're not generating any revenue at the time. And I should have just started selling the product and generating subscription revenue right from the beginning. First of all, I would have been able to raise money much more easily. 10:08 Secondly, I would have not needed to raise money as much if I'd focused on sales. The problem with a lot of founders is they fall in love with their product. They believe that people will buy it at enough numbers and that investors will see the potential. they're afraid of sales. I've fallen into this trap before too. I've done it both ways. And I can tell you selling early 10:38 and staying focused on the customer and the problem are the way to be successful. So founders who I find are consistently successful, they are focused on the problem, they love the problem. The product is just the natural conclusion to solving the problem, not something to be in love with. They spend their time talking to customers about the problems. So how does a potential customer find you and work with you? 11:08 Oh, they can find me at Techies or they can find me at LaunchFirst, was spelled launch1st.com. And they can find me on LinkedIn. And then to work with me, it's just give me a call, send me an email, we'll set up a Zoom. I'll start to learn about what you're trying to accomplish and what your requirements are. And I'll typically spend quite a bit of time with any potential clients. 11:39 in one to usually multiple calls or Zooms, learning and creating estimates and doing a lot of work in advance with the idea that there'll be a natural conclusion at the end of this that they'll wanna start working with me in a paid fashion. So there's a lot of value that my clients get from me whether they end up contracting me or not. And how, again, back to, thank you for that and that. 12:08 how to contact you will be in the show notes. But what types of sectors do you work in? You know, in your introduction, I talk about high ticket B2B, right? who are the, so what founder that's has some idea today? What would be their call to action to find techies? And what would you, is it launch first before you go down? 12:35 No, it's not necessarily. It may be an existing company that is trying to implement AI or implement workflow automation, or they have a project and they don't have the IT team or capacity to handle it. We love those types of projects. It might be an existing startup that is struggling with their software development team and they're not 13:04 getting to the end goal that they're expecting and the product's buggy, it's taking too long, there's constant delays, they're way over budget and they need to get this thing done. And I call those recovery projects, they're probably my favorite because people recognize very quickly the difference that we bring. 13:33 and they really, really appreciate us. As far as what sectors, business sectors, healthcare, law enforcement, prop tech, real estate, finance, entertainment, I mean, we work in many, many different sectors over the last 18 years. So regardless in B2B, B2B2C, not so much e-commerce unless there's some 14:03 complex workflow associated with your particular e-commerce, but there's lots of really good solutions for e-commerce that don't require developers to be involved. But mobile, web, IoT, definitely everything is AI now. Absolutely. And in fact, when we last spoke, I'd like to say that you started to drink your own Kool-Aid at Techies. 14:33 you're starting to actually use AI automation for internal functions as well as projects at Techies. So can you walk my listeners through how you're using AI automation and what's the latest with agentic AI? So let's do the first. Yeah, okay. So there are a bunch of questions there. So let me start with 15:02 that we're building products internally at Techies to help us with our own workflows. These products though are applicable to almost any development company or any company with a development team. Some of them are, and some of them are applicable to companies that are, well, so one product is putting voice capability in front of project management tool. 15:32 and we use JIRA and JIRA is an incredibly technical tool for project managers and development teams to use to their projects, requirements, their track bugs, all of that. And so your relationship with what I call relationship with project management is very technical one. If you're a client, some clients are willing to go through the learning curve so that they can enter their own... 15:59 bugs and feature requests and things like that directly into JIRA. Most don't. They want to send us emails, which is fine, and just give us a list of what's going on and the problems that they're finding or the things that they need for a future version and the planning and the documentation, everything else. This is a real technical thing. We're going to make it a very natural personal relationship by adding voice in front of all this so that you can 16:29 be sharing your screen with your little voice app and say, just found a problem on the screen. And the voice app can see the screen. It knows your project. It knows your requirements. And it can identify problems on the screen that you may not have even noticed. And it can also prevent you from reporting bugs that have already been reported and tell you when they're planned to be built. And all of this just with a verbal discussion with the app. 16:58 that basically knows your project. Kind of like talking to a project manager in real time, but they don't have to write down notes and they can instantly look up anything about your project in terms of what's been reported in terms of bugs or feature requests and update them or create new ones for you or just report them to you and tell you when things are planned to be built and released or. 17:24 where they've already been released and maybe you need to clear your cache so you can see the change, whatever. Yeah. So it be like an avatar, but it's trained and it's specific to Jira in your case? In the first version, it's actually being built architected so that we'll be able to add other project management tools to it besides Jira in the future. to begin with, because we use Jira, it's going to work directly with Jira to start. 17:54 And this, by the way, you asked about agentic workflows, right? So we're building an agentic workflow in this tool where we have more different agents that work together to resolve these issues. so we have an agent that reads and writes documentation to JIRA. We have an agent that communicates with the user and the user might be the programmer 18:23 might be a person in QA, it might be a client for a lot of different things. And we have an analyst agent that when the person talks, the voice agent says to the analyst agent, here's what I understand. Here's the information I just got. Go do your work and come back and get me the answer. And it'll speak to the JIRA agent to get the information. It will also speak directly to us. 18:52 a vector database, which is a database where all the documentation from that project is ingested into our own separate AI model so that the context of all the communication is about their project and doesn't go off into other directions. And then can get back. So this is an agentic workflow. The idea of 19:20 agents is like everybody keeps talking about agents. Not everybody is really clear on what that even means. Can you define that? an agent is an AI model that you can interact with that is focused on one specific area of expertise. So if it's a travel agent, the word agent fits very well there, then their expertise would be on everything related to 19:49 travel and booking travel and looking up options and comparing prices. And that would be an AI travel agent. So that's very different from an AI project management agent, very different from an AI financial analyst agent. So each agent specializes in its own area of expertise and may draw from specific 20:18 repositories of information that are specific to that particular agent's area of expertise. And they actually look from the perspective of that type of person, if it was a person. So, and so they'll respond in a way that is consistent with how somebody who is a project manager would respond to you when you're talking to them, asking you questions about your requirements, knows what 20:46 information it needs to be able to assess it properly, things like that. wouldn't be very good about travel because that's not its area of expertise. Right. So is it common to have companies that are creating with their own large language model, right? Or their workflow processes internally to the company to create their own agent AI? 21:14 Or is there a marketplace now where you can say, want this type of agent to get in. This is a very basic question, but do build it? Right. Or do you buy it? Or is it something in between? It's something in between. So there are tools that allow you to basically collect agents out there. And there's a difference between an agent and a context. Cause you hear a lot about model context switching and things like, don't know. 21:44 if your audience knows these things. Or model context protocol. A context is not an agent, but it has some agent capabilities because it's kind of specializing your model in a certain area. But you would use this, but you're not, if it's a true agent, then it's probably tied to its own vector database. 22:12 that gets trained with specific information. It might be company's information. It might be information, let's say if I'm a security agent, then I'm going to be trained on the entire NIST system as well as all of my security architecture that's currently in place. And that so that it could monitor and 22:41 assess instantly whether there's security vulnerabilities, which you wouldn't ask Chet GPT to do that. No. Right? Because it couldn't. Because it doesn't know anything about your organization or environment. And it really also doesn't know how to prioritize what matters and what doesn't at any given moment. Whereas a security agent, that would be what it does. 23:10 I don't know if I answered that question. Oh, bad thing about building or buying. there are- Or something in between, Yeah. So there are tools that you can use to build workflows and bring in different agents that already exist. And you can use something like OpenAI or Claude and use it to create an agent and give it some intelligence and- 23:37 give it a specific, in this case, you're giving it a specific context. You could even tie a special machine learning database to it and make it even more agentic in that way. And then build these workflows where you're like, let's say a marketing workflow, where you're saying you first go out and research all the people who are your ideal customer profile. 24:07 I was going to say ICP, but I'm trying not to use acronyms because not everybody knows every acronym. Ideal customer profile. And then it finds all these people that fit your ideal customer profile. Then it says, well, which of these people are in the countries that I do business? And then it illuminates the ones that aren't. then which ones, and it may be using the same agent or different agents to do this. Then once it's nailed it down to the very discrete 24:37 set of customers. Now the next step in the workflow is, okay, now enrich their data of these people to find their email and other ways of contacting them as well as other information about them so that I have a really full picture of what kind of activity are they active socially? they speak? Do they post? What are they speaking about? What are they posting about? What events are they going to? Things like that. 25:07 So that would be the next step and that'd be an agent that's doing all the enriching. And then after that, the next step would be to call basically call a writing agent to go do, am I writing an email? Am I writing a LinkedIn connection post? Am I doing both? Set up a drip campaign and start reaching out to these people one at a time with very customized specific language, right? That is in your voice. 25:34 It doesn't sound like it's written by a typical AI outreach thing. All right, so these would be steps in a workflow that you could use with several different tools to build the workflows and then calling these different agents. 25:48 Let's go back to the launched first. What would be a typical engagement with a company? you know, they, um, the founders that have the greatest success in your experiences are the ones that love the problem space and not the product. All right. So walk my listeners through. 26:17 What a typical engagement. it's staff augmentation. it full out outsourcing? it tech? because it's very complex. I can touch so many. can touch high tech and high ticket B2B products, sector agnostic. what, put some legs on this for my listeners, please. Sure, sure. We're not. 26:46 so much a staff augmentation company, although we'll do that if asked to, but that's not the kind of business that we look for. We look for project type work. So a typical engagement for launch first would be somebody wants to launch a product, they're in the concept phase. We help refine the concept and we build out, help that we do the design and then we build a high fidelity prototype, which is a design prototype. 27:16 When I demo a design prototype to somebody, they think that they're looking at a finished product, but it's not. It doesn't actually do anything. It just looks like it does everything. So it's very animated set of mock-ups is another way to look at it. And it's important because you can build out the big vision of the product this way in a couple of months, whereas 27:46 it takes instead of, you so you're looking at the two year roadmap when we're done of the product. If we were to build an MVP, then you're going to see a very limited view of the product and it's going to cost a lot more to build that MVP than it takes to build this design prototype. Now we're in the process of doing this. We're also nailing down who that early adopter is. And there's a, there's a very, 28:14 metrics driven methodology for doing this. your launch first. Within launch first, right. Okay. All right. And then we'll help the client build a marketing funnel and help them start to generate sales. We're not doing the selling, they're doing the selling. And it's important that founders do the selling because they need to hear what customers are saying about the thing they're demoing, why they want it, why they don't. 28:43 So that if we need to pivot, which we can do easily and quickly with a design prototype, then we can pivot and then go and test the model again, two or three or four times in the space of a couple of months. And we'll either find a path to revenue or accept the fact that this probably isn't the right product for the right time. But in the process of doing this, you're learning a lot about the market and about the potential customer. 29:13 I want to be clear about something. Almost every founder that comes to that I meet with, they love the product, not the problem. They started out with a problem that they realized they had a good solution for and they forgot all about the problem at that point. And so I spend a lot of time with founders reminding them why the problem is all that matters and what that means and how to approach customers, potential customers so that 29:41 you're syncing with their problems, not telling them about this product that you're building because nobody cares about your product. All they care about is what they're struggling with. And if they believe that you really understand that, then they care about whether you can solve that problem for them or 30:01 And can I be audacious and ask you what a typical engagement duration is like? So this would be for launch first. Yes. If it's a, and our hope is that they'll find a path to revenue and start building the product and engage us for the development. Cause that's really our business is building the products. So, but it's not a requirement. And, and our typical engagement with our clients are several years. 30:32 Not all of them, but most of them, would say. Once they start working with us, they just continue to work with us until they decide to bring in their own in-house team or they fail eventually, which many of our clients do, which is why I created Launch First. Right. You often talk about your hyper exceptional team at Techies. What is it that's so highly exceptional? Talk to me about your team. Where are they? Yeah. 31:02 And if you go to my website, which is tekyz.com, you'll see at the very top of it in the header above the fold, it says hyper exceptional development team. And I don't expect people to believe me because I write that down or I tell them that I expect them to ask me, well, what does that mean? Do you have evidence? And that's the question I want to get because I do. Because when you work in an exceptional manner, 31:31 as a natural consequence of working that way, you produce certain artifacts that the typical development teams don't produce. And I'm not saying there aren't other exceptional teams, but they're really few and far between. And what makes a team exceptional is a constant need to improve their ability to deliver and the level of quality that they deliver as well and the speed at which they develop. It's all of these things. 31:59 So, and, you know, after 18 years, we've done a lot of improving and a lot of automation internally, because that allows our team to work in a really disciplined protocol manner without having to feel like they're under the strict discipline and protocol of, you know, a difficult environment to work in. And so we create automation everywhere we can. The voice... 32:27 tool is one of those automations. The way we do status reports, it's very clear at the level of detail that we provide every week to every client in terms of status reports where we're showing here's what we estimated, here's the actual, here's our percent variance on how much time we spent and how much it's costing. We want to always be within 10 % above or below. 32:56 Either being above or below is not, know, the fact that we're ahead of that doesn't necessarily mean that's a good thing, right? So we want to be accurate with our estimates. And we are typically within 10%. In fact, our largest customer last year, we did a retrospective and we were within six and a half percent of what our estimates were for the whole year. and that's a, we're pretty happy with that number. 33:24 I think most teams are looking at many, many times that in terms of variance. it's not that uncommon for teams to be double or triple what they're or even higher what the actual estimate was. So when we do invoicing, we invoice for each person at their rate. 33:50 based on their level of expertise, which is all part of our agreement upfront. So the client is very transparent every month for the hours that they work. And we attach the daily time sheets to every invoice. I'm the only company I know of right now that does that. I know there are others. I've seen monthly, but I've never seen daily. Yeah. Yeah. Because for me, if I could ask, well, 34:18 why did this person ask a work that many hours that last month? What did they do? I hate that feeling that I get when somebody asks that question. I know they're only asking because they have to justify it to somebody else or whatever the reason, but I don't like the way it feels because it feels like my integrity is being questioned. I don't get upset at people for asking me that. I just feel like I'm not giving them enough information if they have to ask me that question. So we started about eight years ago. 34:47 providing the daily time sheets because I don't like that question. And we never get questioned on our invoices ever anymore. I bet you it's informed you as well in future projects, maybe on including workflow automation in your own internal processes, right? When you see people's time sheets, right? And you've gone over budget. So it informs you internally. So it's not only for the client. 35:16 I suspect, right? No, it's not. Right. And we use it ourselves to also, because it also helps us looking at our overhead costs because not everything gets built to the client. And so we track all our own times, you know, what we're spending doing what. And we don't get to, it's not like a developer has to spend a lot of time or a QA person or whatever, putting in a lot of detail. We just need a couple of bullets, you know, every day in the time sheet with the, whatever they spend. 35:45 If they spent four hours on one thing and three on another, they'll just break it into two entries just to make it easy. And that's important for us, or they may be working on two different projects and each project. So when we do the timesheets also every month, we give our clients a breakdown by project. So if we're working on four different projects for a client or even one project, but it has four different really 36:15 functional elements that are very clearly different. Like let's say a mobile app and a web app and a particular client implementation. Each one of those gets assigned its own project and we break down summaries of the time spent on each of those every month and who spent the time on those, along with the daily time sheets, along with the invoice. And nobody else does that because it takes a lot of discipline and protocol and you have to have lot of systems in place 36:45 to do that without literally getting everybody to quit, right? That works for you. And nobody minds doing it because it's easy because of all the systems we put in place to do that. That's the whole point, right? Right. were not particularly happy of getting asked that question oftentimes. So eight years ago, you set out to provide the information on a daily basis, which is incredible. We started that with blended rates like a lot of companies do. 37:14 And then I didn't like that because at the end of a project when most of it's QA, people would start to get frustrated that they're still getting billed the same blended rate, even though for the more expensive period at the beginning of the project, I thought, okay, forget this. Well, just bill based on individual. And then I didn't get those questions anymore, but then I would get questions about individuals on the month. And that's when I started doing the time sheets. 37:43 And like I said, I'm sure there's other companies that do it, but I haven't run into one or somebody that works with one. So that's an exceptional thing that we do. But it also allows us to do really, really good reporting to the client on status on what we've spent our time on, what we're expecting to spend our time on next week, what we just spent our time on this week, where we are. 38:12 in terms of our plan for the month, things like that. So let's switch gears, David. Yeah. Back to actually the podcast and some of my guests and listeners are corporate board directors. So they're sitting on either advisory boards or fiduciary corporate boards. And with all the hype around AI. 38:39 it's not uncommon for them to be asking, what are we doing, right? For existing companies, right? And I'd like you to walk my listeners through while it's in the, you know, in the imaginary realm, what is it? I think any founder today that's actually scaling, right? Has to have some AI element. At least I've even heard you need to have it. 39:08 an AI officer in the company. So what's your take on that? What would you respond to either to your board of advisors, your advisory board, or your board of directors? So, and of course, a lot of it depends on the type of company you are. Absolutely. Right. If you're making alternative material I-beams, for example, for skyscraper construction, then 39:37 AI, other than maybe in the design process of these specialized materials, AI may not be as big a critical factor, although for invoice reconciliation and distribution and scheduling and all that, AI could be a huge value to you if you don't have super efficient systems already. For most everybody else though, if you have not embraced the need to 40:06 leverage AI and everything you're doing, then you're way behind already. That doesn't mean you have to be in a race to do this. just, because I'm of the belief that you have to slow down to speed up. But you do need to make it a priority. And in a lot of different ways. Number one is, 40:36 The most obvious is workflow automation. You should be probably tackling workflow automation as just a part of your constant improvement program to become more efficient, whether it's with AI or not. But AI is particularly good at workflow automation because it can tackle steps in that workflow that couldn't be tackled without AI. So the first thing 41:06 the companies should be doing if they're not doing it is documenting all of their processes, all of their tribal knowledge into playbooks. So when you have somebody who's an expert in something in your company and they're the person who's the only one that knows how to do it and so we can't live without them, that's a bottleneck for scaling. Because if you bring somebody else in to expand their capacity, they're going to... 41:32 put a big dependency on that person with all the expertise, which is going to cause problems. So anybody in a position like that should be documenting all of their procedures and protocols and especially all the nuances and all the edge cases into playbooks. And there should be some centralized playbook repository for the company. And this becomes part of your intellectual property and part of your value if you ever 42:02 you're trying to raise money or you're trying to sell your company. So it increases your value. So you do that, then AI, you start to look at automating those workflows because now they're documented. So now what can be automated in them from just a workflow automation perspective. And then how much can you implement AI in there? Because now AI can learn to make the same kinds of decisions that this person is making. 42:31 And this is like the low hanging fruit that I'm talking about right now. Right. Exactly. Right. Because the bigger stuff is if we implement AI in here, what workflows would we totally throw away and start from scratch? Because we can think of way more sophisticated ways of addressing this now that we have intelligence involved in all these steps. But that's later. 42:57 worry about that once you get your arms around implementing AI, automated workflows and then- So workflow automation. So playbooks, workflows and AI in your automated workflows. That's sort of the stepped wise process. Excellent. You heard it here on the founder sandbox. Thank you, David. And if you're not sure how to do all that, 43:25 ask AI, okay, here's my company. What should I be focusing on if I wanna implement playbooks, workflow automation and AI? And AI will help you figure this all out. Right. That's a jewel here. So what'd you do? Chat GBT, co-pilot, what's your complexity? Where would you go to? All right. Well, it just depends on the flavor of the day. Right now. 43:53 I was using chat GPT primarily for this stuff just because it was a first and I'm very comfortable with the apps. have them everywhere. And Claude's recently come out with a new version and it's in some ways I'm just finding the output way more organized and smarter. And so I've been using Claude more in the last couple of weeks, but that'll change in another week or two. Any one of them will do a pretty decent job. 44:21 I'm not using perplexity because it's built on top of the other ones. But perplexity is a great tool if you're newer with this because it makes some of the... It's a little bit more accessible for somebody who doesn't know how to use AI. Gemini is also really good, but that's more of a technical... And there's so many things you can do. 44:49 with AI that you wouldn't even think about. And I'll give you an example, more as a brain opening exercise for everybody than anything else. Because this is something I did about seven weeks ago. I, chat GPT had just come out a week or two before with their vision capability in the mobile app. And for those of you who don't know it, with chat GPT, there's a talk 45:19 button. It's not the microphone. It's the one that looks like a sound wave in the mobile app. You tap that, and now you have a voice conversation with chat, which I use this constantly. Even when I'm working with, I've got some contractors at my house whose English isn't very good, so I ask it to do real-time translation for me. And it does matter the language. And I start talking, and it translates to their language. And they respond 45:49 in their language and it translates to English and it's doing it perfectly. And so I can have a very natural conversation with anybody just holding my phone up in front of them now. Right? But it has this vision capability where when you go into that voice mode, you tap the camera next to it, and now it's looking out the front of your screen while you're talking to it. And so I'll give you a couple of examples where I've used it six weeks ago and again, like 46:18 weeks later and I now used it many times like this. I was in Lowe's, which is a store for home improvement. And for some project I was on, my wife calls me and says, I need fertilizer for a hibiscus. And I say, well, what do I get? She says, anything that says hibiscus on it, it'll be fine. I said, okay, fine. And if anybody that knows these big box stores, there's like hundreds of bags of fertilizer of different brands. 46:48 And I couldn't find one that said hibiscus. This is a typical thing with my wife. Oh, just look for this. And of course, there isn't that. So I asked Chess GPT, okay, I'm in Lowe's and I'm looking for a fertilizer for hibiscus. What would you suggest? And it said, oh, there's a number of brands that are high acid. And I said, we'll recommend a brand. Tonal is a really good brand. And I said, okay. So I'm looking and I can't find it. 47:18 So I walked 30 feet back and I'm talking, right? I'm having this, know, people are looking at me like, what the hell is he doing? And I walked 30 feet back because there's many, many shelves, you know, columns of shelves with fertilizer. I walked back and I turned on the vision and I say, okay, there's all the fertilizers. And I'm moving my phone across all these shelves. say, do you see tonal here? And it says, yes, look for the one in the red and white bag. 47:48 And I see it on the shelf. So I walk straight forward. see a red and white bag. That's not tonal. said, this isn't it. And she, cause it's a woman's voice that I have, she says, it's two shelves to the left, second from the top. I walk over there and it's right where she said it was. Crazy. And you're not a beta user. So this is available today. This is available. It's been available for a couple of months. And then 48:18 My daughter-in-law asked me to get something from the pharmacy, from CVS, another big box pharmacy store, right? And this is something I don't even know if I'm in the right aisle because it's something I've never bought. So I ask it, I say, I'm looking for this brand and I'm not sure if I'm in the right aisle or not, but I'm going to walk down the aisle and tell me if you see it. As I'm walking down the aisle, holding it straight forward so it can see both sides. And it says, well, 48:45 Yes, I'm familiar with the brand. You should look for it in a green and white box. then she goes like this. Oh, I see it. It's down there on the right on the bottom shelf. And I turn and I look and it's right by my right foot. 48:58 You heard it here. This is crazy. think it's a bit creepy. How many times have you been looking for something on a shelf? You know, and you're like, oh, how long, how many hours is this going to take me to spot it? Good internet connection and all that. So, oh my goodness. It's creepy and it's wonderful. So same time. the same time. Yeah. Yeah. For quality of life and even for, um, yeah. So 49:25 That's a mind opening thing is all the reason I bring that up. Excellent. Hey, let's go. Let's continue on in the founder sandbox. I'd like to ask each of my guests to share with me. I'm all about working with resilient, purpose driven and scalable companies in the growth phase. So what does resilience mean to you? You can either answer, you know, what's the first thing that comes out of your, you cannot use chat, GBT. I'm not fancy. No hands. 49:55 No hands, and I don't have the voice version going because you'd hear it. Podcast we could do it. And we are real. We're not. Yeah, we are real. We're not. So I think that's, I don't think that's a difficult question to answer. Resilience means opportunity. So no matter what happens, even if it seems terrible, what opportunity does that create? Excellent. If you ask that. 50:22 keep reframing everything from that perspective, it creates resilience. Right. Thank you. What about purpose-driven? Purpose-driven means having a clear long-term path and goal and asking yourself if the things you're doing keep you on purpose to that. 50:56 Scalable. What's scalable mean for you? Scalable for me means eliminating tribal knowledge or not eliminating it, but documenting tribal knowledge. First of all, figuring out how you generate revenue and then how you expand your ability to generate revenue, which means growing your 51:25 growing your team, growing your capacity and identifying the bottlenecks and focusing all your energy on the bottlenecks. And usually the bottlenecks have to do with tribal knowledge or with lack of workflow automation. Wow, you know, it's easier said than done though, that tribal knowledge, it is resistant, right? Oh yeah, because it's career, what's the word I'm trying to think of? 51:55 It keeps you in your job forever if you're the only one that knows how to do the thing. Absolutely. That's for another podcast, David. My final question today is, did you have fun in the Founder Sandbox? Oh, yes. I had a lot of fun. Thanks. That's a great question too. Thank you, Brenda. Did you have fun? 52:20 Did you? I had had fun. And particularly in this last part, right? Cause we're talking about some heavy duty, you know, uses of, um, agentic AI, right. And scalable, you know, LTV, CAC and all that. And then we get to hear these real life, you know, kind of creepy, um, uh, uses of, um, on our phones today with, um, with AI, which is, which is quite amazing. But I also know that in your world of techies, 52:50 your team, which is distributed, have a lot of fun events too. So you probably- have one more thing on the whole scalable thing. You have to be compassionately ruthless or ruthlessly compassionate, however you want to say it. Okay. So that the people, every, and the ruthless is anything that's going to get in the way of you growing your company, which benefits everybody in the company. 53:19 it needs to be addressed in a ruthless way. But if you build a culture of ruthlessly compassionate, then all the people that work for you feel that same level of ruthlessness to protect the company and make it grow. And you practice what you preach, I suspect, at Techies. Yes. Yes. It took me a while, but if we accidentally hire the wrong person, either because 53:45 we made a mistake in the process or they faked us out and we recognize they're not smart enough. Literally, that's usually the problem. They're not smart enough to carry their weight. We fire them immediately. We don't try to bring them along because you can't improve somebody's IQ. You can improve any other aspect, but their IQ is their IQ. And that will be a bottleneck forever. 54:13 in our team and it'll require other people to carry that person. And it sends the wrong message to the team that I don't value them enough to make sure that we only surround them with people that are going to inspire them and help them grow. Excellent. And I suspect they are not fungible by AI, your employees, not techies. I mean, we've gotten better and better. 54:40 at not making those mistakes over the years. So that doesn't typically happen. takes us, we're much more careful about how we hire. AI gives us the ability to recruit faster, more broadly, along with workflow automation. But what I mean by real, this is the compassionate. Once my team understood this, now they embody that and they will get rid of somebody if they made a mistake. I don't have to force the issue ever anymore because 55:10 they recognize how much, important it is to protect their teams. So to my listeners, if you liked this episode today with the CEO and founder of Techies, sign up for the monthly release of founders, business owners, corporate directors, and professional service providers who provide their examples of how they're building companies or consulting with companies to make them more resilient, scalable, and purpose-driven. 55:40 to make profits for good. Signing off for today. See you next month in the Founder Sandbox. Thank you.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Howard Holton, COO and industry analyst, GigaOm Thanks to our show sponsor, Adaptive Security As deepfake scams and GenAI phishing evolve, Adaptive equips security teams with AI-powered phishing simulations featuring realistic personalized deepfakes and engaging security awareness training. Their new AI Content Creator turns threat intel and policy updates into interactive, multilingual training — instantly. Trusted by Fortune 500s and backed by Andreessen Horowitz and OpenAI, Adaptive helps you stay ahead of AI-driven threats. Learn more at adaptivesecurity.com. All links and the video of this episode can be found on CISO Series.com
Trump Mobile's Gold 5G Service Launch- Discussion of Trump Mobile's new 5G service offering- Pricing strategy and planned device offerings- Analysis of the service as an MVNO using major carrier networks- Skepticism about the value proposition and potential legal issuesSatellite Connectivity Testing- Anshel Sag's experience testing satellite services during a camping trip- Comparison of T-Mobile, Verizon, and AT&T satellite offerings- Observations on indoor/outdoor functionality and ease of use- Potential applications for emergency situations and rural connectivityAST SpaceMobile and Vodafone Partnership in India- Collaboration to provide direct-to-device connectivity in rural India- Focus on bridging the digital divide in underserved areas- Integration of satellite and terrestrial infrastructureT-Mobile's WPGA Championship Technology Showcase- T-Mobile's partnership with WPGA for golf technology innovations- Autonomous driving range ball picker and real-time swing analysis- Mixed reality putting simulator and AI-powered video highlights- Enhanced broadcast capabilities with real-time stats integrationNokia's Autonomous Network Fabric Launch- Introduction of Nokia's new network automation platform- Integration of security into the networking layer- Use of agentic AI for network management and automation- Projected adoption curve and industry impact by 20266G Development and Future Implications- Recent 3GPP discussions on 6G specifications and timelines- MIT's photonics processor advancements for 6G signal processing- NIST's focus areas for 6G development- Potential military applications and security concerns for 6G technologyPodcast Evolution and Audience Engagement- Consideration of transitioning the podcast focus from 5G to 6G- Invitation for listener feedback on potential rebranding
Send us a textSchedule an Rx AssessmentSubscribe to Master The MarginCyberattacks targeting healthcare are rising, with pharmacies increasingly in the crosshairs. From ransomware to phishing scams, the threats are real...and constant.But how can independent pharmacies defend themselves against a digital siege?In this episode of The Bottom Line Pharmacy Podcast we have 3 people of the Sykes & Company team, Scotty Sykes, CPA, CFP®, Chris Sykes, IT Director, and Austin Murray, Marketing Director explore the evolving cybersecurity landscape with a practical lens. This episode covers:The NIST 2.0 Cyber Security FrameworkWhat to ask your script system vendor about securityHow to build a breach response plan that actually worksSocial engineering 101: What is it and how to protect your pharmacyBest practices for employee training, access control, and device auditsMore About Our Guest:Chris Sykes is the Director of IT at Sykes & Company, P.A., where he has been a key part of the team since 2006. With nearly 25 years in the IT industry, Chris combines deep technical expertise with a passion for helping both the firm and its clients become more efficient, secure, and technology-driven. Chris holds a Bachelor of Science in Business Administration with a concentration in Management Information Systems and a Master of Science in Technology Systems, both from East Carolina University. Outside of work, Chris enjoys running marathons, fishing and hunting with his boys, and spending quality time with his family at the beach.Learn more about Chris:Chris Sykes LinkedInCheck out all our social media:FacebookTwitterLinkedInScotty Sykes – CPA, CFP LinkedInScotty Sykes – CPA, CFP TwitterMore resources on this topic:Podcast - AI, Audits, & Advocacy: The Pharmacy Survival Guide with Trenton TheideBlog - Technology, Security and Your PharmacyBlog - Protect You and Your Pharmacy: The Growing Threat of RansomwareBlog - Backing Up Your Business DataBlog - Spot a Hacked Email or Bad WebsiteBlog - Protect Your Pharmacy Data from Hackers
In this episode, Autumn interviews Dr. Ileana Pazos, an expert in dosimetry, discussing the critical role of radiation measurement in various industries, including healthcare and food safety. They explore the science behind dosimetry, the applications of radiation, the challenges faced in accurate measurements, and the misconceptions surrounding food irradiation. Ileana emphasizes the importance of public education and the need for global standards in radiation measurement, while also sharing her personal connection to the field and the future of radiation technologies.All opinions are of the individual scientist and do not reflect the opinions of NIST or the federal Government.Subscribe to Breaking Math wherever you get your podcasts.Become a patron of Breaking Math for as little as a buck a monthFollow Breaking Math on Twitter, Instagram, LinkedIn, Website, YouTube, TikTokFollow Autumn on Twitter and InstagramBecome a guest hereemail: breakingmathpodcast@gmail.com
With cyber threats growing more sophisticated, NIST has overhauled its incident response guidance to help organizations better prepare, respond and recover. Join Jay Stampfl, David Finz and Grace Michael, Alliant Cyber, as they explore the NIST Special Publication 800-61 Revision 3 and its link to the updated Cybersecurity Framework (CSF) 2.0. They explore the expanded role of incident response, the new “govern” function and the shift toward continuous improvement. The team also explains how these changes affect cyber insurance underwriting and how Alliant helps clients stay ahead through planning, tabletop exercises and risk-focused engagement.
If you like what you hear, please subscribe, leave us a review and tell a friend!
SharePoint is exploitable by Microsoft's AI, NIST proposes a new metric for exploited vulnerabilities, SBCs that look cool for a mini NAS and a router, and setting up a first NAS with 4 disks. Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes The Maintainer's Dilemma: Strategies for […]
SharePoint is exploitable by Microsoft's AI, NIST proposes a new metric for exploited vulnerabilities, SBCs that look cool for a mini NAS and a router, and setting up a first NAS with 4 disks. Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes The Maintainer's Dilemma: Strategies for... Read More
"First day, worst day, every day — that's what we're built for." — Patrick Quirk, President & GM, Opengear At Cisco Live 2025 in San Diego, Patrick Quirk, President and General Manager of Opengear, joined Technology Reseller News publisher Doug Green to unveil a major innovation in network resilience: Opengear's new Foundational Support platform. Designed to meet the growing demands of increasingly complex, high-density network environments, the SLA-backed solution debuts as part of Opengear's commitment to full-lifecycle customer support. “It's not just about selling equipment,” said Quirk. “It's about walking with the customer through every stage of the network's lifecycle — from deployment to daily operations to disaster recovery.” A long-standing Cisco partner, Opengear has evolved from traditional console servers to a critical infrastructure provider, helping companies maintain uptime in an era where milliseconds matter — especially amid today's AI-driven network traffic spikes. “Outages aren't just inconvenient,” Quirk noted. “They're expensive. We're seeing potential losses of $21,000 per minute during downtime.” Opengear's edge? Out-of-band management. Unlike in-band VLAN control planes, which can be compromised during incidents or overloaded by data traffic, out-of-band infrastructure operates on a completely separate path. This architecture allows for immediate network visibility and control during even the worst disruptions, such as fiber cuts or cyberattacks. Supporting both operational and compliance objectives, Opengear enables organizations to maintain certifications like ISO, SOC 2, and NIST. “We're the wrapper around your network,” said Quirk, emphasizing the company's ability to enforce security and governance alongside performance. The conversation also spotlighted Opengear's recent AI-focused global research, which found a “lens gap” between network engineers and the C-suite. While both groups recognize AI's potential, engineers view it as a productivity tool, whereas executives prioritize compliance and customer value. “There's alignment,” Quirk said. “It just needs more conversation.” At Cisco Live, Opengear is exhibiting at booth 4324 and hosting sessions on topics like agentic AI and network strategy. More details are available at opengear.com.
Our security news roundup discusses the compromise of thousands of ASUS routers and the need to perform a full factory reset to remove the malware, why Microsoft allows users to log into Windows via RDP using revoked passwords, and the ongoing risk to US infrastructure from “unexplained communications equipment” being found in Chinese-made electrical equipment... Read more »
In this conversation, Dr. Elizabeth Strychalski discusses the fascinating field of synthetic biology, particularly focusing on synthetic cells. She shares her journey into this research area, the challenges of defining life, and the ethical considerations surrounding synthetic biology. The conversation also explores the potential applications of synthetic cells in environmental science and medicine, as well as the importance of engineering standards and biomanufacturing for sustainability. Dr. Strychalski emphasizes the need for collaboration and communication in the scientific community to advance this field responsibly and effectively.You can learn more about Time at time.gov and NIST at nist.gov.All opinions are of the individual scientist and do not reflect the opinions of NIST or the federal Government.Subscribe to Breaking Math wherever you get your podcasts.Become a patron of Breaking Math for as little as a buck a monthFollow Breaking Math on Twitter, Instagram, LinkedIn, Website, YouTube, TikTokFollow Autumn on Twitter and InstagramBecome a guest hereemail: breakingmathpodcast@gmail.com
Our security news roundup discusses the compromise of thousands of ASUS routers and the need to perform a full factory reset to remove the malware, why Microsoft allows users to log into Windows via RDP using revoked passwords, and the ongoing risk to US infrastructure from “unexplained communications equipment” being found in Chinese-made electrical equipment... Read more »
High-performance computing (HPC) systems provide fundamental computing infrastructure for government and industry. Security is critical for these systems that play a pivotal role in economic competitiveness and scientific discovery. At the AWS Summit in Washington, D.C., National Institute of Standards and Technology (NIST) Computer Scientist Yang Guo said that efficient encryption and zone-based reference architectures can enhance HPC security without impacting performance. Guo, who leads the NIST HPC Security Working Group, said that collaboration and knowledge sharing can help buttress HPC security, even in cloud environments. Guo also discussed HPC focus areas like confidential computing, zero trust, supply chain security and integrating AI for early detection of anomalies.
The recent popularity of MCPs is surpassed only by the recent examples deficiencies of their secure design. The most obvious challenge is how MCPs, and many more general LLM use cases, have erased two decades of security principles behind separating code and data. We take a look at how developers are using LLMs to generate code and continue our search for where LLMs are providing value to appsec. We also consider what indicators we'd look for as signs of success. For example, are LLMs driving useful commits to overburdened open source developers? Are LLMs climbing the ranks of bug bounty platforms? In the news, more examples of prompt injection techniques against LLM features in GitLab and GitHub, the value (and tradeoffs) in rewriting code, secure design lessons from a history of iOS exploitation, checking for all the ways to root, and NIST's approach to (maybe) measuring likely exploited vulns. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-333
In this episode of Breaking Math, hosts Autumn and Gabriel explore the innovative intersections of fire science and technology with experts Amy Mensch and Ryan Falkenstein-Smith who work at NIST. They discuss the groundbreaking photoacoustic technique for measuring soot deposition, its applications in fire safety and forensic investigations, and the broader implications for fire research. The conversation highlights the importance of integrating advanced technologies into firefighting and the potential for future developments in the field.You can learn more about Time at time.gov and NIST at nist.gov.All opinions are of the individual scientist and do not reflect the opinions of NIST or the federal Government.Subscribe to Breaking Math wherever you get your podcasts.Become a patron of Breaking Math for as little as a buck a monthFollow Breaking Math on Twitter, Instagram, LinkedIn, Website, YouTube, TikTokFollow Autumn on Twitter and InstagramBecome a guest hereemail: breakingmathpodcast@gmail.com
Mutant super-powers give Korean sea women diving abilitiesThe Haenyeo, or sea women, of the Korean island of Jeju have been celebrated historically for their remarkable diving abilities. For hour after hour they dive in frigid waters harvesting sea-life, through pregnancy and into old age. A new study has shown they are able to do this because of specific genetic adaptations that appeared in their ancestors more than a thousand years ago. These genes make them more tolerant to the cold, and decrease diastolic blood pressure. The women also spend a lifetime training, beginning to dive at age 15 and continuing on until their 80s or even 90s. Melissa Ilardo of Utah University and her team published their findings in the journal Cell Reports.This dessert is automatic and autonomous Care for a slice of robo-cake? Scientists in Europe have baked up a cake with pneumatically powered animated gummy bears, and candles lit by chocolate batteries. They think their edible robotics could develop in the future to food that could bring itself to the hungry and medicine could deliver itself to the sick. Mario Caironi of the Italian Institute of Technology and his colleagues presented their creation at Expo 2025 Osaka.Shrinking Nemo — heat is causing clownfish to downsizeScientists have found that clownfish, made famous by the Disney movie Finding Nemo, have an ability never seen before in fish in the coral reefs. When the water they live in gets warmer, they are able to shrink their bodies — becoming a few per cent of their body length shorter — to cope with the stress of the heat. Melissa Versteeg of Newcastle University says the size of the clown anemonefish is important for their survival and their ranking within their hierarchical society. The research was published in the journal Science Advances.When the music moves you — the brain science of grooveYou know that groove feeling you get when you listen to certain music that compels you to shake your bootie? Scientists in France investigated how our brains experience groovy music to better understand how we anticipate rhythms in time. They discovered that we perceive time in the motor region that controls movement. Benjamin Morillion from Aix Marseille Université said they also found a specific rhythm in the brain that helps us process information in time, that could predict if a person thought the music was groovy. The study was published in the journal Science Advances.Scientists hope a new storm lab will help us understand destructive weatherExtreme weather is far less predictable than it used to be, and now a new research centre at Western University wants to transform our understanding of Canada's unique weather systems. The Canadian Severe Storms Laboratory will collect nation-wide data on extreme weather, including hailstorms, tornadoes, and flash flooding, and look for patterns to help predict where they'll be hitting and how to prevent the most damage. Producer Amanda Buckiewicz spoke with:Greg Kopp, ImpactWX Chair in Severe Storms Engineering and CSSL founding director at Western UniversityHarold Brooks, senior research scientist at NOAA's National Severe Storms LaboratoryJohn Allen, associate professor of meteorology at Central Michigan UniversityPaul Kovacs, executive director of the Institute for Catastrophic Loss Reduction at Western University.Tanya Brown-Giammanco, director of Disaster and Failure Studies at NIST
“Laundry Bear” airs dirty cyber linen in the Netherlands. AI coding agents are tricked by malicious prompts in a Github MCP vulnerability.Tenable patches critical flaws in Network Monitor on Windows. MathWorks confirms ransomware behind MATLAB outage. Feds audit NVD over vulnerability backlog. FBI warns law firms of evolving Silent Ransom Group tactics. Chinese hackers exploit Cityworks flaw to breach US municipal networks. Everest Ransomware Group leaks Coca-Cola employee data. Nova Scotia Power hit by ransomware. On today's Threat Vector, David Moulton speaks with his Palo Alto Networks colleagues Tanya Shastri and Navneet Singh about a strategy for secure AI by design. CIA's secret spy site was… a Star Wars fan page? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector In this segment of Threat Vector, host David Moulton speaks with Tanya Shastri, SVP of Product Management, and Navneet Singh, VP of Marketing - Network Security, at Palo Alto Networks. They explore what it means to adopt a secure AI by design strategy, giving employees the freedom to innovate with generative AI while maintaining control and reducing risk. You can hear their full discussion on Threat Vector here and catch new episodes every Thursday on your favorite podcast app. Selected Reading Dutch intelligence unmasks previously unknown Russian hacking group 'Laundry Bear' (The Record) GitHub MCP Server Vulnerability Let Attackers Access Private Repositories (Cybersecurity News) Tenable Network Monitor Vulnerabilities Let Attackers Escalate Privileges (Cybersecurity News) Ransomware attack on MATLAB dev MathWorks – licensing center still locked down (The Register) US Government Launches Audit of NIST's National Vulnerability Database (Infosecurity Magazine) Law Firms Warned of Silent Ransom Group Attacks (SecurityWeek) Chinese Hackers Exploit Cityworks Flaw to Target US Local Governments (Infosecurity Magazine) Everest Ransomware Leaks Coca-Cola Employee Data Online (Hackread) Nova Scotia Power Suffers Ransomware Attack; 280,000 Customers' Data Compromised (GB Hackers) The CIA Secretly Ran a Star Wars Fan Site (404 Media) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
President Trump signs the Take It Down Act into law. A UK grocer logistics firm gets hit by ransomware. Researchers discover trojanized versions of the KeePass password manager. Researchers from CISA and NIST promote a new metric to better predict actively exploited software flaws. A new campaign uses SEO poisoning to deliver Bumblebee malware. A sophisticated phishing campaign is impersonating Zoom meeting invites to steal user credentials. CISA has added six actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. A bipartisan bill aims to strengthen the shrinking federal cybersecurity workforce. Our guest is Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon, sharing insights on their 2025 DBIR. DOGE downsizes, and the UAE recruits. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon, sharing insights on their 2025 Data Breach Investigations Report (DBIR).Selected Reading Trump signs the Take It Down Act into law |(The Verge) Supplier to Tesco, Aldi and Lidl hit with ransomware (Computing) Fake KeePass password manager leads to ESXi ransomware attack (Bleeping Computer) Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers (Security Week) Threat Actors Deliver Bumblebee Malware Poisoning Bing SEO (Cybersecurity News) New Phishing Attack Poses as Zoom Meeting Invites to Steal Login Credentials (GB Hackers) CISA Adds Six Known Exploited Vulnerabilities to Catalog (CISA) Federal cyber workforce training institute eyed in bipartisan House bill (CyberScoop) UAE Recruiting US Personnel Displaced by DOGE to Work on AI for its Military (Zetter Sero Day) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices