Author Archives: bredemarket

Marketing and writing services.

NPRM

Back in January I wrote a post entitled “TPRM,” and I want to expand upon that post.

But first I want to talk about [REDACTED].

Because people who have been around for a while have heard the phrase that if you’ve ever had [REDACTED] with someone, you’ve had [REDACTED] with everyone they’ve ever had [REDACTED] with. At least in terms of [REDACTED] transmitted diseases. Lloyds Pharmacy Online even developed a “[REDACTED] degrees of separation” calculator to quantify that exposure.

Beyond third-party risk

But enough about [REDACTED]. Your company’s data and information are subject to similar threats.

I mean, it’s all well and great for you to adopt a third-party risk management system to make sure that your vendors and suppliers aren’t letting bad things happen to your data and information.

But guess what? All those third parties have third parties of their own.

Risk and Compliance Magazine explains:

A fourth party is an independent entity that provides services to you on behalf of your third-party service provider – also known as your third party’s third party. A fourth party is also known as a subcontractor or sub-outsourcer. Fourth parties have not signed an agreement with your organisation, so they do not have a legally binding obligation to your business. Your third party itself may subcontract all or some obligations of their agreement to you to another service provider.

An example

Let me delve into an example that I touched upon in my January post.

  • Let’s say that you did business with Bank of America.
  • You checked out Bank of America’s systems as part of your due diligence.
  • Perhaps you determined that everything was right and fine with the bank.
  • But it was NOT right and fine with one of Bank of America’s software providers, which is a FOURTH party to you.
  • So there’s this other system that you never contracted with.
  • But perhaps you’re one of the unlucky 414-plus Bank of America customers whose data was exposed because of this fourth party.

And the fourth parties have fifth parties, the fifth parties have sixth parties, and so fourth. I mean forth.

Making an impact

Luckily there are companies that provide aids not only to address third-party risk, but also nth-party risk when data is transmitted all over the place.

Hence my acronym NPRM, Nth-party risk management.

Which really stands for “notice of proposed rulemaking,” but what the hey.

Anyway, these companies and many other technology companies are making an impact.

But does anyone know what these companies are doing?

Perhaps Bredemarket can help your company make an impact with my content, proposal, and analysis services. If so, let me know.

(The image was created by Imagen 3.)

DNA Contamination Has Consequences. Ask Amanda Knox.

(Part of the biometric product marketing expert series)

When Thermo Fisher Scientific announced Amanda Knox as one of its speakers at the HIDS 2025 conference (image from the HIDS 2025 conference page), I wondered why. All of knew of Knox was that she was imprisoned for a murder in Italy that she didn’t commit.

I then found the details.

Prosecution Exhibit #36 was a knife discovered in the kitchen drawer of Raffaele Sollecito’s apartment on November 6, 2007. The police claimed this knife, 31 m long with a 17.5 cm blade, to be the murder weapon. It was the only physical evidence linking Amanda Knox to the murder. The Scientific Police claimed to have found Knox’s DNA on the handle and [murder victim Meredith] Kercher’s DNA on the blade and called the knife the “double DNA knife.”

Because DNA proves all, Knox was sent off to prison.

Only there was one problem.

Later re-evaluation of the knife left little doubt that the DNA found on the knife was the result of contamination.

You see, DNA evidence is examined in a lab. So if someone takes DNA from a knife blade and compares it to DNA taken from Amanda Knox, and if the samples have a high probability of a match, then you can make a determination.

But what if there were a mixture of the DNA, and Knox’s sample was mixed with the knife sample at some point, or misidentified? Then Knox’s DNA would match to Knox’s DNA, but that may have nothing to do with the DNA that was originally on the knife.

And you know nothing.

Royals

Here’s a song.

The listed artist for this song is Royalty Free Music Background.

The song title is “Future Electronic (Upbeat Music).”

I had been using an AI music generator in Canva, but since that is now restricted to non-commercial use I switched to another music app within Canva for Bredemarket’s videos.

Taking great care to select videos that are royalty free.

Since I liked this particular song, I used it in two videos, the first of which was only 8 seconds long, the second 64 seconds long.

And then I merrily uploaded both videos to the Bredemarket blog, LinkedIn, various Meta properties, and Bluesky with no problem.

Until I got to YouTube.

The 8 second video uploaded fine, but the 64 second version was blocked worldwide because of a copyright violation.

On a band called Royalty Free Music Background.

Social media is fun.

Verifying That Credential

People can claim all sorts of accomplishments, but how do you verify (and authenticate) the truth?

The claimed credential

For those who don’t recall, I did a thing in 2021. Specifically, I achieved APMP® Bid and Proposal Management Foundation 2021 certification.

I even published the link to my certification. Here it is.

https://www.credly.com/badges/f177cbf8-e085-4fae-943a-1e418d86c872

Now if you click on that link, you will see a “Verify” link at the top left.

From Credly.

And if you click on that”Verify,” this is what you get.

The verification.

So I have verified that I am allowed to call myself John E. Bredehoft, CF APMP. It’s allowed:

In the same manner, those who have achieved one of the APMP certifications can append the appropriate certification. In the case of APMP Foundation certification, that means that I can style myself as “John E. Bredehoft, CF APMP.” (Or “John E. Bredehoft, MBA, CF APMP, RSBC” if I want to be thorough. But I probably won’t, since “RSBC” stands for “Radio Shack Battery Club.”)

But have I REALLY verified that I have achieved this accomplishment? (Not the battery club one, the proposal one. Although it would be good to know whether I really have that MBA educational accomplishment.)

The identity problem

You see, despite how impressive that Credly link is, it doesn’t prove nothing.

Sure, somebody who claimed to be John E. Bredehoft sat down in 2021 and took an online exam.

  • But was that person truly John E. Bredehoft?
  • And even if he was, am I the same John E. Bredehoft who received the certification?

Maybe there were fraudsters along the way. Maybe someone else took the test and pretended to be Bredehoft. Or maybe I’m not Bredehoft.

Sure, at one point I whipped out a credit card with Bredehoft’s name on it. But that doesn’t prove identity.

You probably know the things that prove identity. A biometric modality, including the liveness of that modality. A government-issued identity document that matches the biometric. A sensible location (was the test taker in Ontario, California as expected?).

Now perhaps this is overkill for authenticating a proposal writer, but it may not be if you need a certified plumber.

Or a certified lawyer.

Or a certified doctor.

The other problem

But there’s another problem with the whole thing, even if I am who I say I am.

Yes, my September 2021 achievement is verified.

And yes, the record was updated in January 2022.

But…to maintain a CF APMP certification, you need 20 Continuing Education Units (CEUs)/Continuing Professional Development (CPDs) every two years.

APMP continuing education requirements.

And because I truly am me, I know I didn’t meet the CEU/CPD requirement by September 2023. I don’t know how many I did achieve; the APMP was changing its CEU/CPD tracking system in early 2022, and then I joined Incode and theoretically wasn’t writing proposals any more. Theoretically.

So in truth, my shiny badge only represents a dated accomplishment. John E. Bredehoft can no longer use the CF APMP designation.

Unless I add “Emeritus” or something.

And as for those cases in which the certifications and identities truly matter…

Why Boomers Laugh at Open-Source Libraries

The first paragraph of this description may not strike anyone as humorous.

Larch is a open-source library and set of applications for processing and analyzing X-ray absorption and fluorescence spectroscopy data and X-ray fluorescence and diffraction image data from synchrotron beamlines. Larch provides a comprehensive set fo analysis tools for X-ray absorption fine-structure spectroscopy (XAFS), including both X-ray absorption near-edge spectroscopy (XANES) and extended X-ray absorption fine-structure spectroscopy (EXAFS). Larch also provides visualization and analysis tools for X-ray fluorescence (XRF) spectra and XRF and X-ray diffraction (XRD) images as collected at scanning X-ray microprobe beamlines.

But when I got to the beginning of the second paragraph, I lost it.

Larch is written in Python…

In case you missed it, this is a clear reference to a small scene from an old British television show.

Number 1…the larch.

And of course I referenced this clip myself in a February post.

(Larch image By Sciadopitys from UK – Larix decidua, CC BY-SA 2.0, https://commons.wikimedia.org/w/index.php?curid=20413271)

Over Archetyping Your Brand

You’ve probably seen the joke posts in which someone details a stupid accomplishment, but for the LinkedIn audience.

The same holds true for brand archetypes. Whether your company is a sage, maverick, hero, or something else, you can easily go overboard in aligning with the archetype.

I asked generative AI to rewrite a piece of text for the sage archetype. After reading the result, I am now convinced that you should not only prohibit generative AI from writing the first draft, but you should also prevent it from writing the second. 

Seriously.

“The wisdom of the Sage tells us that true strength lies in knowledge, not just its acquisition, but its unwavering protection.”

Um, no. I’m not going to sell security software like that.

Over Sage.

But the exercise was not a complete failure. As I reviewed the non-person entity output, I found one word that I liked.

One word.

Which is better than no words at all.

But if you want words for human beings, let me know.

CPA

(Images from Imagen 3)

FinCEN, Cartels, and Geolocation

Who says that geolocation isn’t a critical factor for persons and non-person entities alike?

ComplyAdvantage alerted me to a Geographic Targeting Order from FinCEN.

“The GTO requires all money services businesses (MSBs) located in 30 ZIP codes across California and Texas near the southwest border to file Currency Transaction Reports (CTRs) with FinCEN at a $200 threshold, in connection with cash transactions.”

Of course, the targeted “cartels, drug traffickers, and other criminal actors along the Southwest border” can easily evade the reporting requirements by going a little north, east, or west. After all, there are more than 40,000 ZIP codes….

21 Days of Bredemarket “CPA” Services

What in the heck does Bredemarket do?

Content, proposal, and analysis (“CPA”) marketing and writing services.

But what in the heck does Bredemarket DO?

During the first 21 days of March, my biometric, identity, and technology clients received blog posts, an ebook, emails, a landing page, slides, a press release, a Request for Information (RFI) response, a process, and other things.

Can I help your firm? Let me know on my “CPA” page.

CPA

Want to know how many blog posts and emails I wrote? Watch the video.

21 days of CPA.

(CPA wildebeest Imagen 3)