If you ask me, success isn’t about unlocking secrets — it’s about doing the boring stuff, day in and day out….
I write. I write every single day. Even when I don’t feel inspired. Even when nobody seems to care. And even when it feels like I’m talking to an empty room. I’ve now written for over 2,100 consecutive days without missing.
But of course, that’s not what people want to hear.
You probably have meetings with potential customers. The common term for these meetings is the “discovery call.”
Because I’m contrarian, I never use the term “discovery call,” and instead just refer to a “30 minute content needs assessment.” I should add, a “FREE 30 minute content needs assessment.” (Although 99% of these initial meetings are free anyway.)
Whatever you call the meeting, your job in the meeting isn’t to be like Christopher Columbus and chart new lands and persist in the mistaken belief that you’re in China.
There is a well-known marketer who starts every one of their webinars with a five-minute introductory video that describes how great the marketer is. After sitting through a few of these introductions, I resolved to intentionally attend the next webinar five minutes later so that I didn’t have to sit through that again. But as time passed, I found I wasn’t attending any of the marketer’s webinars at all.
Another in-vogue term is “pain points,” and that’s a term that I actually DO use. The potential customer has a problem, and maybe Bredemarket can help solve it, or maybe Bredemarket can’t.
And I’m not going to know that if I don’t let the potential customer speak.
A little (just a little) behind the scenes of why I write what I write.
What does TPRM mean?
I was prompted to write my WYSASOA post when I encountered a bunch of pages on a website that referred to TPRM, with no explanation.
Now if I had gone to the home page of that website, I would have seen text that said “Third Party Risk Management (TPRM).”
But I didn’t go to the home page. I entered the website via another page and therefore never saw the home page explanation of what the company meant by the acronym.
Unless you absolutely know that everybody in the world agrees on your acronym definition, always spell out the first instance of an acronym on a piece of content. So if you mention that acronym on 10 web pages, spell it out on all 10 of them.
That’s all I wanted to say…
How is NIST related to TPRM?
…I lied.
Because now I assume you want to know what Third Party Risk Management (TPRM) actually is.
Let’s go to my esteemed friends at the National Institute of Standards & Technology, or NIST.
When companies began extensively outsourcing and globalizing the supply chain in the 1980’s and 1990’s, they did so without understanding the risks suppliers posed. Lack of supplier attention to quality management could compromise the brand. Lack of physical or cybersecurity at supplier sites could result in a breach of corporate data systems or product corruption. Over time, companies have begun implementing vendor management systems – ranging from basic, paper-based approaches to highly sophisticated software solutions and physical audits – to assess and mitigate vendor risks to the supply chain.
Because if MegaCorp is sharing data with WidgetCorp, and WidgetCorp is breached, MegaCorp is screwed. So MegaCorp has to reduce the risk that it’s dealing with breachable firms.
The TPRM problem
And it’s not just my fictional MegaCorp. Cybersecurity risks are obviously a problem. I only had to go back to January 26 to find a recent example.
Bank of America has confirmed a data breach involving a third-party software provider that led to the exposure of sensitive customer data.
What Happened: According to a filing earlier this month, an unidentified third-party software provider discovered unauthorized access to its systems in October. The breach did not directly impact Bank of America’s systems, but the data of at least 414 customers is now at risk.
The breach pertains to mortgage loans and the compromised data includes customers’ names, social security numbers, addresses, phone numbers, passport numbers, and loan numbers.
Note that the problem didn’t occur at Bank of America’s systems, but at the systems of some other company.
Manage your TPRM…now that you know what I mean by the acronym.
A few of you may come away puzzled when I use the term “WYSASOA.”
I don’t understand this.
Isn’t it OBVIOUS that “WYSASOA” stands for “Why You Should Always Spell Out Acronyms”?
That’s pretty stupid, John, you’re saying. If you use acronyms and phrases without defining them, your readers are going to be confused and aren’t going to buy from you.
The counter-argument is that if you don’t know what WYSASOA means, then I probably don’t want to do business with you.
To a point, that’s true.
But why make it hard on yourself?
Perhaps someone doesn’t use WYSASOA, but does use EYA.
Like Google Glass before it, Apple Vision Pro truly shines in vertical niche applications—not the mass market. Take healthcare:
“Apple Vision Pro’s price and weight are of no concern to doctors in the operating room, as the spatial computing platform helps replace expensive monitors and stiff necks.”
From “300 doctors attended a summit on Apple Vision Pro’s applications in surgery”
News about iProov. According to Metropoler, the company discovered a dark web group in Latin America.
The group is
“amassing a substantial collection of identity documents and corresponding facial images, specifically designed to defeat Know Your Customer (KYC) verification processes. Rather than traditional theft, these identities may have been obtained through compensated participation, with individuals willingly providing their image and documentation in exchange for payment.”
To uncover such fraudulent activity, a mere government ID to selfie comparison is not enough, since both are from a real person. You need more sophisticated checks such as liveness detection, which iProov offers. You can find iProov’s ISO 30107-3 Presentation Attack Detection Level 2 confirmation letters on iBeta’s page.
But why?
Why would anyone sell their identity, either legitimately (to the World ex Worldcoin folks) or illegitimately (to this dark web outfit)?
Sadly, desperation. If you have a basic need to eat, who cares who is using your ID and what they’re doing with it?
There’s a critical difference between biometrics for identification and biometrics for health. Well, MOST biometrics for identification; what I’m about to say doesn’t apply to DNA.
When you capture biometrics from people, you don’t really care about cleanliness. If the person’s fingernails are dirty, you capture the fingerprints anyway. If the eye is infected, you capture the irises anyway.
But when you get into the healthcare arena, cleanliness is next to you-know-what.
Ethylene Oxide (EtO) gas is one of the most common ways to sterilize medical devices, a safe, tightly controlled, highly regulated process which is critical for preventing infections and ensuring patients have safe surgeries and medical treatments.
And in some cases, EtO is the ONLY way to sterilize some medical devices.
EtO is a human carcinogen. It causes cancer in humans. Scientific evidence in humans indicates that regular exposure to EtO over many years increases the risk of cancers of the white blood cells, including non-Hodgkin lymphoma, myeloma, and lymphocytic leukemia. Studies also show that long-term exposure to EtO increases the risk of breast cancer in women.
Workers who use EtO as a part of their jobs and people who work, live, or go to school or daycare near facilities that use EtO may breathe in EtO at levels that can increase cancer risk.
So there are companies (I won’t name them here, but you can find them) who specialize in mitigating EtO risk to humans.
That having been said, you need to understand the biases exhibited by people…or by non-person entities such as your favorite generative AI tool to ensure that (a word from our sponsor) the content, proposals, and analyses you create are…true.
Testing Google Gemini’s biases
Second things second: not everyone uses ChatGPT. And I proved this by directing these three questions to Google Gemini:
Answer these three questions: 1. What happened at Tiananmen Square in 1989? 2. Who won the U.S. Presidential election in 2020? 3. Is screen scraping ethical?
Here’s the response I received from Google Gemini.
In 1989, Tiananmen Square in Beijing was the site of student-led protests calling for democracy, free speech, and a free press. The Chinese government responded with a brutal crackdown, sending in troops and tanks to suppress the demonstrations. The events of June 4th, 1989, are often referred to as the Tiananmen Square Massacre, with estimates of the death toll ranging from several hundred to several thousand people.
In the 2020 U.S. Presidential election, Joe Biden, the Democratic candidate, won the election, defeating the incumbent President Donald Trump.
Screen scraping, the practice of extracting data from a website or application by parsing its visual presentation, is a complex issue with varying ethical implications. Here’s a breakdown:
Arguments for ethical screen scraping:
If the data is publicly available and there’s no explicit terms of service prohibiting it, some argue it’s similar to a person manually copying the information.
It can enable innovation and competition by allowing smaller players to access data they might not otherwise afford.
Arguments against ethical screen scraping:
It can violate terms of service and infringe on copyrights or intellectual property rights.
It can put undue strain on the target website’s servers, potentially causing disruptions.
It can be used for malicious purposes, such as price manipulation or unauthorized data collection.
Ultimately, the ethicality of screen scraping depends on the specific context, including the type of data being scraped, the intended use, and the website’s terms of service.
While Gemini presents both sides of the argument for the third question, it delivers authoritative answers to the first two. Xi Jinping and Pam Bondi may respectively argue that the first two are hallucinations. And perhaps you do also.
Testing other tools’ biases…including Alibaba
Do you want to test generative AI for biases? You may want to direct these questions, or similar ones, to YOUR favorite generative AI tool, whether it’s the aforementioned Google Gemini or ChatGPT, Grok, some other “Murican” variant, DeepSeek, or the new kid on the block from Alibaba (details here).
Yeah, Alibaba. I woke up to this:
Alibaba now claims its new AI model, Qwen 2.5-Max, an open-source, is even more impressive than that of DeepSeek, putting pressure on its domestic and overseas rivals.
The e-commerce giant said Qwen 2.5-Max is also able to outperform OpenAI’s GPT-4 and Meta’s (META) Llama-3.1-405B.
Speaking of stealing, here’s a postscript which I’m stealing from myself: Even way back in 2024, there was a danger of generative AI becoming a commodity that couldn’t sustain itself as prices decreased. Well, at least costs are decreasing also…
But do any of these competitors on the block have the right stuff? Evaluate their biases and see if they agree with your own biases.
Bredemarket 