bredemarket

Do You Address Business Audiences, or Technical Audiences? Yes.

As I’ve said before, there may be many different stakeholders for a particular purchase opportunity.

For the purpose of this post I’m going to dramatically simplify the process by saying there are only two stakeholders for any RFP and any proposal responding to said RFP: “business” people, and “technical” people.

The business people are concerned about the why of the purchase. What pressing need is prompting the business (or government agency) to purchase the product or service? Do the alternatives meet the business need?

The technical people are concerned about the how of the purchase. Knowing the need, can the alternatives actually do what they say they can do?

Returning to my oft-repeated example of an automated biometric identification system purchase by the city of Ontario, California, let’s look at what the business and technical people want:

By FBI – http://www.fbi.gov/news/photos, Public Domain, https://commons.wikimedia.org/w/index.php?curid=18500900.

The business people want compliance with purchasing regulations, and superior performance that keeps citizens off the mayor’s back. (As of January 2026, still Paul Leon.)

The technical people want accurate processing of biometric evidence, proper interfaces to other ABIS systems, implementation of privacy protections, FBI certifications, iBeta or other conformance statements, and all sorts of other…um…minutiae.

So both parties are reading your proposal or other document, looking for these points.

So who is your “target audience” for your proposal?

Both of them.

Whether you’re writing a proposal or a data sheet, make sure that your document addresses the needs of both parties, and that both parties can easily find the information they’re seeking.

If I may take the liberty of stereotyping business and technical users, and if the document in question is a single sheet with printing on front and back, one suggestion is to put the business benefits on the front of the document with pretty pictures that resonate with the readers, and the technical benefits on the back of the document where engineers are accustomed to read the fine print specs.

Google Gemini. It took multiple tries to get generative AI to spell “innovate” correctly.

Or something.

But if both business and technical subject matter experts are involved in the purchase decision, cater to both. You wouldn’t want to write a document solely for the techies when the true decision maker is a person who doesn’t know NFIQ from OFIQ.

Nobot Policies Hurt Your Company and Your Product

If your security software enforces a “no bots” policy, you’re only hurting yourself.

Bad bots

Yes, there are some bots you want to keep out.

“Scrapers” that obtain your proprietary data without your consent.

“Ad clickers” from your competitors that drain your budgets.

And, of course, non-human identities that fraudulently crack legitimate human and non-human accounts (ATO, or account takeover).

Good bots

But there are some bots you want to welcome with open arms.

Such as the indexers, either web crawlers or AI search assistants, that ensure your company and its products are known to search engines and large language models. If you nobot these agents, your prospects may never hear about you.

Buybots

And what about the buybots—those AI agents designed to make legitimate purchases?

Perhaps a human wants to buy a Beanie Baby, Bitcoin, or airline ticket, but only if the price dips below a certain point. It is physically impossible for a human to monitor prices 24 hours a day, 7 days a week, so the human empowers an AI agent to make the purchase.

Do you want to keep legitimate buyers from buying just because they’re non-human identities?

(Maybe…but that’s another topic. If you’re interested, see what Vish Nandlall said in November about Amazon blocking Perplexity agents.)

Nobots

According to click fraud fighter Anura in October 2025, 51% of web traffic is non-human bots, and 37% of the total traffic is “bad bots.” Obviously you want to deny the 37%, but you want to allow the 14% “good bots.”

Nobot policies hurt. If your verification, authentication, and authorization solutions are unable to allow good bots, your business will suffer.

Let’s Talk About Occluded Face Expression Reconstruction

ORFE, OAFR, ORecFR, OFER. Let’s go!

As you may know, I’ve often used Grok to convert static images to 6-second videos. But I’ve never tried to do this with an occluded face, because I feared I’d probably fail. Grok isn’t perfect, after all.

Facia’s 2024 definition of occlusion is “an extraneous object that hinders the view of a face, for example, a beard, a scarf, sunglasses, or a mustache covering lips.” Facia also mentions the COVID practice of wearing masks.

Occlusion limits the data available to facial recognition algorithms, which has an adverse effect on accuracy. At the time, “lower chin and mouth occlusions caused an inaccuracy rate increase of 8.2%.” Occlusion of the eyes naturally caused greater inaccuracies.

So how do we account for occlusions? Facia offers three tactics:

Occlusion Robust Feature Extraction (ORFE)
Occlusion Aware Facial Recognition (OAFR)
Occlusion Recovery-Based Facial Recognition (ORecFR)

But those acronyms aren’t enough, so we’ll add one more.

At the 2025 Computer Vision and Pattern Recognition conference, a group of researchers led by Pratheba Selvaraju presented a paper entitled “OFER: Occluded Face Expression Reconstruction.” This gives us one more acronym to play around with.

Here’s the abstract of the paper:

“Reconstructing 3D face models from a single image is an inherently ill-posed problem, which becomes even more challenging in the presence of occlusions. In addition to fewer available observations, occlusions introduce an extra source of ambiguity where multiple reconstructions can be equally valid. Despite the ubiquity of the problem, very few methods address its multi-hypothesis nature. In this paper we introduce OFER, a novel approach for singleimage 3D face reconstruction that can generate plausible, diverse, and expressive 3D faces, even under strong occlusions. Specifically, we train two diffusion models to generate a shape and expression coefficients of face parametric model, conditioned on the input image. This approach captures the multi-modal nature of the problem, generating a distribution of solutions as output. However, to maintain consistency across diverse expressions, the challenge is to select the best matching shape. To achieve this, we propose a novel ranking mechanism that sorts the outputs of the shape diffusion network based on predicted shape accuracy scores. We evaluate our method using standard benchmarks and introduce CO-545, a new protocol and dataset designed to assess the accuracy of expressive faces under occlusion. Our results show improved performance over occlusion-based methods, while also enabling the generation of diverse expressions for a given image.

Cool. I was just writing about multimodal for a biometric client project, but this is a different meaning altogether.

In my non-advanced brain, the process of creating multiple options and choosing the one with the “best” fit (however that is defined) seems promising.

Although Grok didn’t do too badly with this one. Not perfect, but pretty good.

Grok.

System Award Management, [EXPLETIVE DELETED]

I unintentionally reveal my age when I use terms such as EXPLETIVE DELETED which date back to the Nixon Administration.

Or when the first “Sam” that comes to mind is Sam Winston, known for selling tires.

And you get Sam.

Sadly, Sam Winston passed away in 1995…in an automobile accident, no less.

But today I’m using SAM as an acronym for System Award Management.

The SAM.gov website is a centralized location to inform businesses of U.S. federal government procurements, saving businesses the trouble of visiting every single agency to find bidding opportunities.

When I started in government proposal management my employer focused on state and local opportunities, but today Bredemarket concentrates on federal ones. As a result I scan SAM.gov regularly. Not for me, but for my clients.

And for the record, there is one famous Sam (other than Altman) who is known to 21st century audiences: Samuel L. Jackson. Although I don’t know if Sam has the temperament to manage proposals.

Grok.

Avoiding Bot Medical Malpractice Via…Standards!

Back in the good old days, Dr. Welby’s word was law and was unquestioned.

Then we started to buy medical advice books and researched things ourselves.

Later we started to access peer-reviewed consumer medical websites and researched things ourselves.

Then we obtained our medical advice via late night TV commercials and Internet advertisements.

OK, this one’s a parody, but you know the real ones I’m talking about. Silver Solution?

Finally, we turned to generative AI to answer our medical questions.

With potentially catastrophic results.

So how do we fix this?

The U.S. National Institute of Standards and Technology (NIST) says that we should…drumroll…adopt standards.

Which is what you’d expect a standards-based government agency to say.

But since I happen to like NIST, I’ll listen to its argument.

“One way AI can prove its trustworthiness is by demonstrating its correctness. If you’ve ever had a generative AI tool confidently give you the wrong answer to a question, you probably appreciate why this is important. If an AI tool says a patient has cancer, the doctor and patient need to know the odds that the AI is right or wrong.

“Another issue is reliability, particularly of the datasets AI tools rely on for information. Just as a hacker can inject a virus into a computer network, someone could intentionally infect an AI dataset to make it work nefariously.”

So we know the risks, but how do we mitigate them?

“Like all technology, AI comes with risks that should be considered and managed. Learn about how NIST is helping to manage those risks with our AI Risk Management Framework. This free tool is recommended for use by AI users, including doctors and hospitals, to help them reap the benefits of AI while also managing the risks.”

One Minor Adjustment

Can a change in the emotional content of a written piece offer you great joy?

Let’s talk about National Blonde Brownie Day.

“National Blonde Brownie Day on January 22nd recognizes a treat often referred to as blondies.”

Blondie and Blondies.

Now if you had asked me on January 21 what a blonde brownie is, I wouldn’t have known. Now I do…and you will also.

“[A] a blonde brownie is similar to a chocolate brownie. In place of cocoa, bakers use brown sugar when making this delicious brownie, giving it a sweet-tooth-satisfying molasses flavor!”

Just one change and you get something that looks and tastes different.

As you know, one of the seven questions I ask before writing client content is about the emotions that the piece should invoke.

Look at the seventh question I ask.

Should prospects be angry? Scared? Motivated?

Or, can a change in the emotional content of a written piece evoke great paralyzing fear?

(Maybe those tasty brownies contain deadly bacteria.)

If you change the emotion words in a piece of content, you get something that looks and tastes different.

Eat to the beat. One way or another.

New Hank

Obviously fake. Created in response to this Threads response to the question “Do you happen to know any old Hank Williams songs?”

“As opposed to new ones?”

Grok.

Another Voice Deepfake Fraud Scam

Time for another voice deepfake scam.

This one’s in Schwyz, in Switzerland, which makes reading of the original story somewhat difficult. But we can safely say that “Eine unbekannte Täterschaft hat zur Täuschung künstliche Intelligenz eingesetzt und so mehrere Millionen Franken erbeutet” is NOT a good thing.

And that’s millions of Swiss francs, not millions of Al Frankens.

Millions of Al Frankens.

Luckily, someone at Biometric Update speaks German well enough to get the gist of the story.

“Deploying audio manipulated to sound like a trusted business partner, fraudsters bamboozled an entrepreneur from the canton of Schwyz into transferring “several million Swiss francs” to a bank account in Asia.”

And what do the canton police recommend? (Google Translated)

“Be wary of payment requests via telephone or voice message, even if the voice sounds familiar.”

NIST Cybersecurity Center of Excellence Announces Project Portfolio

Cybersecurity professionals need to align their efforts with those of the U.S. National Institute of Standards and Technology’s (NIST’s) National Cybersecurity Center of Excellence (NCCoE). Download the NCCoE project portfolio, and plan to attend the February 19 webinar. Details below.

From a January 21 bulletin from NIST:

“The NIST National Cybersecurity Center of Excellence (NCCoE) is excited to announce the release of our inaugural Project Portfolio, providing an overview of the NCCoE’s research priorities and active projects.”

The Project Portfolio document (PDF) begins by explaining the purpose of the NCCoE:

“The NCCoE serves as a U.S. cybersecurity innovation hub for the
technologies, standards, and architectures for today’s
cybersecurity landscape.

“Through our collaborative testbeds and hands-on work with
industry, we build and demonstrate practical architectures to
address real-world implementation challenges, strengthen
emerging standards, and support more secure, interoperable
commercial products.

“Our trusted, evidence-based guidelines show how organizations
can reduce cybersecurity risks and confidently deploy innovative
technologies aligned with secure standards.”

Sections of the document are devoted to:

Formal and informal collaborations with other entities.
The NCCoE’s four pillars: Data Protection, Trusted Enterprise, Artificial Intelligence, and Resilient Embedded Systems.
The “forming,” “active,” and “concluding” projects within the pillars, with links to each project.

For example, one of the listed AI projects is the Cyber AI Profile:

“Recent advancements in Artificial Intelligence (AI) technology bring great opportunities to organizations, but also new risks and impacts that need to be managed in the domain of cybersecurity. NIST is evaluating how to use existing frameworks, such as the Cybersecurity Framework (CSF), to assist organizations as they face new or expanded risks.”

This group has published its roadmap, including workshops, working sessions, and document drafts.

Cyber AI Profile Roadmap, from NIST, as of January 21, 2026.Download

If you are interested in cybersecurity, definitely review the project portfolio and plan to attend the online webinar on February 19.

And if you are a cybersecurity or identity company needing to communicate how your product protects your users, Bredemarket can help you bring your message to your prospects.

Book a free meeting with me and let’s discuss how we can work together.

Here are details on how Bredemarket works: its services, its process, and its pricing.

Bredemarket services, process, and pricing.

For long-time readers, I’m still working on 2026 tactical goal 1c. And, for that matter, 2026 tactical goal 2c.

Unintended Consequences of Age Assurance…and What Happens Next (VPNs vs. Zero Trust)

More and more jurisdictions are mandating age assurance (either age verification or age estimation) to access online services. Perhaps racy content, perhaps gambling content, or in some cases even plain old social media. But in a technical sense these age assurance mechanisms are a network problem…and you can just route yourself around a problem.

Your jurisdiction doesn’t allow you to visit the Sensuous Wildebeests website? Just install a virtual private network (VPN) to pretend that you’re in a different jurisdiction that allows access.

Problem solved…for now.

But Secrets of Privacy indicates what’s next:

“After the Online Safety Act triggered a 6,000+% surge in VPN usage, the House of Lords tabled an amendment to ban children from using VPNs. Under the proposal, VPN providers would have to verify the age of all UK users. The government has said it will “look very closely” at VPN usage.”

For more information on this proposal, see TechRadar.

And this is just one of many examples of government examination, and perhaps regulation, of VPN use.

But as Secrets of Privacy points out, there’s one big problem. VPN users aren’t only kids trying to dodge the law, or individuals trying to protect their privacy. There’s one very big class of VPN users who would NOT appreciate government regulation.

“VPNs are fundamental to modern business IT, which makes a “ban” hard to envision. Every corporation with remote workers uses them. Diverse industries, such as banking, law, finance, and ecom giants all depend on VPN technology. You can’t ban VPNs without breaking the backbone of modern IT systems.”

Of course, some argue that VPNs are an outmoded security mechanism. Here’s what Fortinet says:

“VPNs were developed when networks were different than they are now. Before the advent of cloud applications, resources were isolated within a secure corporate network perimeter. Now, modern networking infrastructures are being deployed that can quickly adapt and scale to new business requirements, which means applications and data are no longer contained within the corporate data center. Instead they reside across distributed multi-cloud and hybrid data center networks.

“This change has led to a rapid expansion of the attack surface, and in the face of this changing cybersecurity environment, Zero Trust Network Access (ZTNA) has received more attention as an alternative to VPNs for remote access.”

Of course, VPNs will fade away at the same time the password dies…in other words, not any time soon. And while Secrets of Privacy speculates about a two-tier solution in which corporations can use VPNs but individuals cannot…we’ll see.

Do you have trust, or zero trust, that VPNs will be regulated in ALL jurisdictions in the future?

Ask questions.