Author Archives: bredemarket

Marketing and writing services.

The Club

After a short break I’ve revived the Bredemarket Instagram account

I announced the revival in a reel which incorporated Instagram licensed music. I’m trying to be a good blogger and comply with commercial restrictions, so the version below is a silent version.

The Club. The title will make sense after you read this post.

To hear the version with sound, visit the Meta properties: Instagram, Facebook, and Threads.

Or better still, think about the song I really wanted to incorporate except Instagram didn’t have it. Start this Spotify track, and when you reach the 1:20 mark, start playing the silent video.

davaNtage, “The Club.”

Are You Ever Ready For a Bad Review?

(Imagen 4)

What do you do when you’re just starting out and face an immediate challenge?

Jennifer Zimmerman shared a story about Thomas Keller of the French Laundry:

“When a food critic made a reservation, Keller reportedly reached out and asked them not to write a review. Not because he couldn’t take the heat, but because his young chefs weren’t ready for that kind of scrutiny.

“In short: he stepped in to protect them. He gave them cover.”

Zimmerman classified this as a lesson in team leadership, but I also see a business leadership lesson here. And maybe a thin skin, common to many of us.

Most businesses are not fully formed by day one. Bredemarket certainly wasn’t when I started in 2020; I’ll let you know if it ever gets fully formed.

Chef Thomas Keller realized that it would take time for the French Laundry staff to work together well, so when MacKenzie Chung Fegan arrived at the restaurant, he ensured there wouldn’t be a review that evening. (Fegan hadn’t planned one anyway.)

Then again, Keller has a love-hate relationship with reviewers anyway, so perhaps his motives weren’t that altruistic. From Eater:

“After New York Times critic Pete Wells wrote an unflattering review in 2016 in which he referenced a mushroom soup as appetizing-looking as ‘bong water,’ Keller and his team have taken to giving critics an uncomfortable ‘gotcha’ gift of soup served in a literal weed-ready bong….”

Imagen 4.

Ceci n’est pas un bang.

But how should business owners and marketers react to a bad review? I admit I’m not that good at this. When someone whom I respect unsubscribed from the Bredemarket Instagram account, I failed to restrain all my disappointment. 

But I didn’t serve the person soup in a bong.

Are There Really Dead Content Websites?

(Imagen 4)

Do I deserve to be called out for that last post?

As a reminder, I said:

“But if I could offer a marketing word of advice to TPRM firms, the “we are better than legacy TPRM firms” message has jumped the shark. EVERYONE is better than legacy TPRM firms these days; you are nothing new. No one is completely manual any more. It’s like comparing a Tesla to a bicycle. Or any basketball team to the Washington Generals.”

But has my own messaging jumped the shark?

Such as my oft-repeated claim that some firms aren’t creating current content…and therefore need my help?

Who are these mythical companies? 

But then I ran into one (TO) that last blogged on June 18.

And another (AD) that last blogged on June 4.

And another (HM) that last blogged on March 24.

And there are probably others that haven’t blogged in 2025…but I haven’t heard about them.

If you’re a TPRM or other technology firm, Bredemarket can help you generate content. Assuming you want people to know about you. Contact me.

Stop losing prospects! Use Bredemarket content for tech marketers

Is TPRM Agentic AI, um, SAFE?

Third-party risk management (TPRM) tools take varying approaches to automated vs. manual operations.

The company SAFE addressed automation in a July 15 press release. It uses the trendy term “agentic AI” so it must shift paradigms and optimize outcomes.

After stripping out the PR fluff, here’s some of what’s left.

“[SAFE] announced the expansion of its Agentic AI strategy with the release of 12+ new autonomous agents, over the next 3 months, purpose-built for third-party risk. The next two AI agents are SnapShot and BreachWatch which help organizations proactively organize AI summaries and identify third-party breaches respectively….

“‘Legacy solutions weren’t built for risk landscape,’ said Saket Modi, CEO and co-founder of SAFE. ‘SAFE is transforming TPRM….’”

But if I could offer a marketing word of advice to TPRM firms, the “we are better than legacy TPRM firms” message has jumped the shark. EVERYONE is better than legacy TPRM firms these days; you are nothing new. No one is completely manual any more. It’s like comparing a Tesla to a bicycle. Or any basketball team to the Washington Generals.

The real question is HOW you use your automation, and how accurate your automation is. Speed alone is not enough.

It’s All About Me 2: I Ask, Then I Act

Continuing my self-promotion, as opposed to promotion of my Bredemarket marketing and writing consultancy, how do I promote myself to companies outside of identity and biometrics? 

For example, cybersecurity firms, or third-party risk management (TPRM) firms, or content management system (CMS) firms, or healthcare firms (the non-identification biometric)?

By emphasizing that I ask, then I act.

Resonating with both the Simon Sinek devotees, and the bias to action adherents.

Short in duration, heavy on symbolism, and daring to mention “B2G” before “B2B.” That will start a conversation.

And then if someone fixates on the biometric modalities…

…I will redirect the person to Part One.

I ask, then I act.

PoisonSeed: Cross-Device Authentication Shouldn’t Allow Authentication on a Fraudster’s Device

(Important July 30 update here.)

(Imagen 4)

The FIDO Alliance is one of the chief proponents of the “death of passwords” movement, and is working on delivering secure authentication. But even the most secure authentication method is not 100% secure. Nothing is.

Authentication is a complex undertaking, and the ability to authenticate on a new device is a special challenge. But the FIDO Alliance has addressed this:

“Cross device authentication allows a user to sign in with their device using a QR code. 

“FIDO Cross-Device Authentication (CDA) allows a passkey from one device to be used to sign in on another device. For example, your phone can be linked to your laptop, allowing you to use a passkey from your phone to sign into a service on your laptop.

“CDA is powered by the FIDO Client-to-Authenticator Protocol (CTAP) using “hybrid” transport. CTAP is implemented by authenticators and client platforms, not Relying Parties.”

What could go wrong? Well, according to Expel, plenty:

“After entering their username and password on the phishing site, the user was presented with a QR code…. 

“What happened behind the scenes is the phishing site automatically sent the stolen username and password to the legitimate login portal of the organization, along with a request to utilize the cross-device sign-in feature of FIDO keys. The login portal then displayed a QR code….

“In the case of this attack, the bad actors have entered the correct username and password and requested cross-device sign-in. The login portal displays a QR code, which the phishing site immediately captures and relays back to the user on the fake site. The user scans it with their MFA authenticator, the login portal and the MFA authenticator communicate, and the attackers are in.

“This process—while seemingly complicated—effectively neutralizes any protections that a FIDO key grants, and gives the attackers access to the compromised user’s account, including access to any applications, sensitive documents, and tools such access provides.”

Presumably the FIDO Alliance will address this soon.