Tag Archives: competitive analysis

Frictionless Friction Ridges and Other Biometric Modalities

I wanted to write a list of the biometric modalities for which I provide experience.

So I started my usual list from memory: fingerprint, face, iris, voice, and DNA.

Then I stopped myself.

My experience with skin goes way beyond fingerprints, since I’ve spent over two decades working with palm prints.

(Can you say “Cambridgeshire method”? I knew you could. It was a 1990s method to use the 10 standard rolled fingerprint boxes to input palm prints into an automated fingerprint identification system. Because Cambridgeshire had a bias to action and didn’t want to wait for the standards folks to figure out how to enter palm prints. But I digress.)

So instead of saying fingerprints, I thought about saying friction ridges.

But there are two problems with this.

First, many people don’t know what “friction ridges” are. They’re the ridges that form on a person’s fingers, palms, toes, and feet, all of which can conceivably identify individuals.

But there’s a second problem. The word “friction” has two meanings: the one mentioned above, and a meaning that describes how biometric data is captured.

No, there is not a friction method to capture faces.
From https://www.youtube.com/watch?v=4XhWFHKWCSE.

No, there is not a friction method to capture faces. Squishing 

  • If you have to do something to provide your biometric data, such as press your fingers against a platen, that’s friction.
  • If you don’t have to do anything other than wave your fingers, hold your fingers in the air, or show your face as you stand near or walk by a camera, that’s frictionless.

More and more people capture friction ridges with frictionless methods. I did this years ago using MorphoWAVE at MorphoTrak facilities, and I did it today at Whole Foods Market.

So I could list my biometric modalities as friction ridge (fingerprint and palm print via both friction and frictionless capture methods), face, iris, voice, and DNA.

But I won’t.

Anyway, if you need content, proposal, or analysis assistance with any of these modalities, Bredemarket can help you. Book a meeting at https://bredemarket.com/cpa/

Why Replacing Your Employees with VLM NPE Bots Won’t Defeat Social Engineering

(Scammed bot finger picture from Imagen 3)

Your cybersecurity firm can provide the most amazing protection software to your clients, and the clients still won’t be safe.

Why not? Because of the human element. All it takes is one half-asleep employee to answer that “We received your $3,495 payment” email. Then all your protections go for naught.

The solution is simple: eliminate the humans.

Eliminating the human element

Companies are replacing humans with bots for other rea$on$. But an added benefit is that when you bring in the non-person entities (NPEs) who are never tired and never emotional, social engineering is no longer effective. Right?

Well, you can social engineer the bot NPEs also.

Birthday MINJA

Last month I wrote a post entitled “An ‘Injection’ Attack That Doesn’t Bypass Standard Channels?” It discussed a technique known as a memory injection attack (MINJA). In the post I was able to sort of (danged quotes!) get an LLM to say that Donald Trump was born on February 22, 1732.

(Image from a Google Gemini prompt and response)

Fooling vision-language models

But there are more serious instances in which bots can be fooled, according to Ben Dickson.

“Visual agents that understand graphical user interfaces and perform actions are becoming frontiers of competition in the AI arms race….

“These agents use vision-language models (VLMs) to interpret graphical user interfaces (GUI) like web pages or screenshots. Given a user request, the agent parses the visual information, locates the relevant elements on the page, and takes actions like clicking buttons or filling forms.”

Clicking buttons seems safe…until you realize that some buttons are so obviously scambait that most humans are smart enough NOT to click on them.

What about the NPE bots?

“They carefully designed and positioned adversarial pop-ups on web pages and tested their effects on several frontier VLMs, including different variants of GPT-4, Gemini, and Claude.

“The results of the experiments show that all tested models were highly susceptible to the adversarial pop-ups, with attack success rates (ASR) exceeding 80% on some tests.”

Educating your users

Your cybersecurity firm needs to educate. You need to warn humans about social engineering. And you need to warn AI masters that bots can also be social engineered.

But what if you can’t? What if your resources are already stretched thin?

If you need help with your cybersecurity product marketing, Bredemarket has an opening for a cybersecurity  client. I can offer

  • compelling content creation
  • winning proposal development
  • actionable analysis

If Bredemarket can help your stretched staff, book a free meeting with me: https://bredemarket.com/cpa/

Is Milwaukee Selling PII for Free Facial Recognition Software Access?

(Part of the biometric product marketing expert series)

Perhaps facial recognition product marketers have heard of stories like this. Or perhaps they haven’t.

Tight budgets. Demands that government agencies save money. Is this the solution?

“Milwaukee police are mulling a trade: 2.5 million mugshots for free use of facial recognition technology.

“Officials from the Milwaukee Police Department say swapping the photos with the software firm Biometrica will lead to quicker arrests and solving of crimes.”

Read the article at https://www.jsonline.com/story/news/crime/2025/04/25/milwaukee-police-considering-trading-mugshots-for-facial-recognition-tech/83084223007/

As expected, activists raised all sorts of other concerns about facial recognition in general. But there’s an outstanding question:

What will Biometrica do with the 2.5 million images?

  • Use them for algorithmic training? 
  • Allow other agencies to search them?
  • Something else?
  • And what happens to the images if another company acquires Biometrica and/or its data? (See 23andMe.)

Biometrica didn’t respond to a request for comment.

And other facial recognition vendors operate differently.

How does your company treat customer data?

And how do you tell your story?

Do you have the resources to market your product, or are your resources already stretched thin?

If you need help with your facial recognition product marketing, Bredemarket has an opening for a facial recognition client. I can offer

  • compelling content creation
  • winning proposal development
  • actionable analysis

If Bredemarket can help your stretched staff, book a free meeting with me: https://bredemarket.com/cpa/

(Wheelbarrows from Imagen 3)

Why Invela TPRM?

During my three months working with a third-party risk management (TPRM) client, I never heard anyone mention Invela.

Perhaps with reason. Although LinkedIn says the company was founded in 2024, it didn’t post its first blog until April 20, 2025, or its first LinkedIn posts until April 21.

But the second blog post, dated April 21, is the one that matters.

“Invela has officially launched a transformative network to bolster consumer protection and foster innovation within the open banking ecosystem. The Invela Network, developed in collaboration with industry-leading specialist partners, promises to revolutionize how financial institutions manage third-party risk…”

The post goes on to cite the Consumer Financial Protection Bureau (CFPB), but…well…that’s nice.

Invela’s TPRM solution specifically targets the open banking segment of the financial services industry. Open banking, featuring companies such as Plaid, Kong, and Camunda (among others), facilitates the interchange of financial data, rather than keeping it within each bank’s walled garden.

Which of course increases risk.

Hence companies such as Invela.

I was unable to find a “why” story for Invela that compared to the why story I previously found for Ubiety Technologies. Obviously the Invela people never read my book.

However, the principals at Invela come from companies such as Mastercard (although I could find no information on Invela’s CEO Steve Smith). But the Invela leadership team presumably knows their market. We will see if they know their marketing.

Which reminds me…if you need help with your cybersecurity product marketing, Bredemarket has an opening for a cybersecurity client. I can offer

  • compelling content creation
  • winning proposal development
  • actionable analysis

If Bredemarket can help your stretched staff, book a free meeting with me: https://bredemarket.com/cpa/

Facial Recognition Marketing Leaders, Riding on the Metro

I just read a story about a young man who went to the Metro, was identified by a facial recognition system, and was snatched up by authorities.

Who wanted him to fight in Ukraine.

Now some of you are puzzled and wondering why Trump wants to send U.S. troops to fight in Ukraine. That…um…doesn’t sound like him.

I forgot to clarify something. This wasn’t the Washington DC Metro. This was the MOSCOW Metro.

“Timofey Vaskin, a lawyer with the nonprofit human rights project Shkola Prizyvnika, told independent Russian TV channel Dozhd that the illegal detention of those potentially liable for conscription had become a massive problem this year, with young males most at risk of being snatched while using the Moscow metro, which has an advanced facial recognition system in place and police officers on duty at every station.”

For the record, use of facial recognition for this purpose is legal in Russia. In the same way that use of facial recognition for national security purposes is legal in the U.S.A. Because when national security is at stake—or when government agencies say national security is at stake—most notions of INFORMED consent go out the window.

Know your use cases…or get someone who does

Facial recognition isn’t only used for national security, or for after-the-fact analysis of a crime such as the Boston Marathon bombings. It’s also used for less lethal purposes, such as familiar face detection on doorbell cameras…except in Illinois.

If you are marketing a facial recognition product, you need to understand all the different use cases for facial recognition, and understand which use cases your product marketing should address, and which it should not.

And if you need help with your facial recognition product marketing, Bredemarket has an opening for a facial recognition client. I can offer

  • compelling content creation
  • winning proposal development
  • actionable analysis

If Bredemarket can help your stretched staff, book a free meeting with me: https://bredemarket.com/cpa/

Imagen 3. Bredemarket has client openings.

How Can You Maximize Your Facial Recognition Or Cybersecurity Marketing Impact?

(This news was originally supposed to be embargoed until Monday April 21, but…well…things happen.)

Facial recognition and cybersecurity marketing leaders,

Stretched?

Is a stretched team holding you back from creating stellar marketing materials? Are competitors taking your prospects from you while you remain silent?

I’m John Bredehoft from Bredemarket, and I currently have TWO openings to act as your on-demand marketing muscle for facial recognition or cybersecurity:

  • compelling content creation
  • winning proposal development
  • actionable analysis
CPA?

Bias can be good when it’s a bias to action.

Bias?

Satisfy your immediate needs and book a call: https://bredemarket.com/cpa/

Enter the Wildebeest Truckers

You can bet that I paid attention to AKings’ latest post after I saw how it began:

“Indiana. The Crossroads of America. A place where colossal semi-trucks roar in from the north, south, east, west, and every conceivable direction in between, like a great migration of diesel-belching wildebeests on their way to deliver vital supplies.”

Bredemarket’s self-promotional content is replete with wildebeests, iguanas, and wombats. Much of this was from an urge to differentiate from those who eat their own dog food. So Bredemarket ate its own iguana food, then its own wildebeest food.

But “wildebeest trucker” is a new one on me.

How do you differentiate your marketing content from that of your competitors?

Or do you eat their dog food?

But goin’ back to Indiana, AKings’ post is a literal tour of the state over a year, including an encounter with angry union members in Kokomo (not that Kokomo). Recommended reading.

(Wildebeest truck driver Imagen 3)

RACI WOMBAT Talk

Earlier this month I posted a revelation:

I don’t want to reveal Bredemarket’s secret process, so I’m just going to call it WOMBAT. Not that WOMBAT is unique to Bredemarket; far from it. Many companies use WOMBAT.

And many companies don’t use WOMBAT. In fact, they abhor WOMBAT and call it stifling. (Emotion words. Geddit?)

But I’ve found over the years that if you don’t use WOMBAT, there’s a very good chance that you’ll break things.

And who catches hell? The consultant. “Why did you do what we asked you to do? Now look at the mess you made!”

So out of a sense of fear and self-preservation (geddit?), there are times that I’ve secretly used WOMBAT and not told my clients I’m doing it.

Well, I’m going to reveal one component of WOMBAT in this post because I’m surprised that I haven’t already discussed it.

But there’s a risk involved, because once I discuss this component, there are about five people in the world who will immediately know what my WOMBAT is. But luckily for me, none of them read the Bredemarket blog, so my secret is safe.

(Speaking of risk, the racy—not RACI—wombat image was created by Imagen 3.)

RACI

As some of you undoubtedly figured out, I’m going to discuss RACI: Responsible, Accountable, Consulted, and Informed.

Assume for the moment that Bredemarket grows beyond its sole proprietorship origins and becomes a multinational employing thousands of people. At some point I’ll be sitting in my luxurious executive suite, nibbling on caviar, and I’ll bark out an order:

“Write a blog post about a wildebeest amusement park!”

Now the blog post won’t just magically happen. And because the fictional Bredemarket is a huge enterprise, it will take more than one person to make it so. Perhaps four, perhaps more, perhaps fewer. Here’s how Bob Kantor at CIO defines Responsible, Accountable, Consulted, and Informed:

Responsible: People or stakeholders who do the work. They must complete the task or objective or make the decision. Several people can be jointly Responsible.

Accountable: Person or stakeholder who is the “owner” of the work. He or she must sign off or approve when the task, objective or decision is complete. This person must make sure that responsibilities are assigned in the matrix for all related activities. Success requires that there is only one person Accountable, which means that “the buck stops there.”

Consulted: People or stakeholders who need to give input before the work can be done and signed-off on. These people are “in the loop” and active participants.

Informed: People or stakeholders who need to be kept “in the picture.” They need updates on progress or decisions, but they do not need to be formally consulted, nor do they contribute directly to the task or decision.

Personally, there may be cases when you only want a single person to be responsible for the work. But I agree that only one should be accountable.

Applying RACI

Using my ludicrous example, one (or more) people will be responsible for writing the wildebeest amusement park blog post, a single person (presumably one of my junior vice presidents) will be accountable for approving it, and various entities will be consulted for feedback (and, in the ideal world, may actually provide feedback). Then there are a few people who will be informed about the project, merely to roll their eyes at the whole thing.

Regardless of the process you institute, whether it is my super-secret WOMBAT process or something else, RACI responsibilities will help tremendously. Here’s another quote from Bob Kantor at CIO:

Having managed and rescued dozens of projects, and helped others do so, I’ve noted that there is always one critical success factor (CSF) that has either been effectively addressed or missed/messed up: clarity around the roles and responsibilities for each project participant and key stakeholder. No matter how detailed and complete a project plan may be for any project, confusion or omission of participant roles and responsibilities will cause major problems.

And some Accountable person approved what Kantor said.

Reapplying RACI

And this also affects Bredemarket’s content, proposal, and analysis work. For example, let’s look at the proposal that I recently helped a Bredemarket client win.

  • Two of us were jointly responsible for completing and submitting the proposal: myself, and a person at the client company. Yes, I know what I just said about preferring that only one person be responsible, but the federal agency in question would not let me submit the proposal; someone from the client had to do it.
  • This second person was the one who was accountable for the submission of the proposal.
  • There were several people who were consulted regarding this proposal. I cannot reveal their roles, but let’s just say that all of them were…um…critically important.
  • Then there were a few people here and there who were informed of the proposal progress.

Perhaps Bredemarket can work on a project with you. Let me know. https://bredemarket.com/cpa/