The Military, Cyberattacks, and Maturity

Everyone knows that cyberattacks don’t just target private organizations. They also target governments, particularly aiming for agencies that either deal with a lot of money (unemployment agencies) or contribute to defending a country (military, homeland security).

The Chief Information Officer of the U.S. Department of Defense has a vested interest in preventing cyberattacks, not only against DoD, but against its third-party suppliers, which are the subject of today’s acronym, DIB (defense industrial base).

And if you’ve followed along in the Bredemarket blog lately, you know that a key component of preventing cyberattacks is raising your organization’s process maturity in the cybersecurity realm.

And yes, there’s a maturity model and a certification for that, the Cybersecurity Maturity Model Certification, or CMMC.

Cybersecurity is a top priority for the Department of Defense (DoD). The defense industrial base (DIB) faces increasingly frequent, and complex cyberattacks. To strengthen DIB cybersecurity and better safeguard DoD information, the DoD developed the Cybersecurity Maturity Model Certification (CMMC) Program to assess existing DoD cybersecurity requirements.

It’s no surprise that the CMMC incorporates multiple levels, in this case three of them.

  • Level 1: Basic Safeguarding of FCI (Federal Contract Information)
  • Level 2: Broad Protection of CUI (Controlled Unclassified Information)
  • Level 3: Higher-Level Protection of CUI Against Advanced Persistent Threats

And not only is there a maturity model certification for the defense industrial base, but there’s a conference to help everyone out. After all the geeks celebrate May the Fourth Be With You day, some of the geeks will continue to celebrate on May 5, the date of the fifth annual CMMC Day. Party on.

Also see Biometric Update’s article, as well as NIST SP 800-171 Rev. 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.

And if you need product marketing assistance with your cybersecurity product, Bredemarket has an opening for a cybersecurity client and can help with compelling content creation, winning proposal development, and actionable analysis. Book a call: https://bredemarket.com/cpa/ 

(Military wildebeest image from Imagen 3)

Startups Entering the Wonderful World of Process

I’ve talked about governance and maturity models before in regards to cybersecurity. The complicating factor is that companies with little process maturity are flung into the world of standards and auditors. 

For example, I was not initially part of the process team when the former seat-of-the-pants Printrak had to play CMM catch up with our new corporate overlord Motorola. But it was a bruising experience.

These days you have a lot of startups, not owned by multinationals, that are required by large customers and governments to comply with some standard or another. Winging it is not an option; winging it is failure. Or, in process-speak, winging it can result in a high statistical probability of a large number of adverse  findings.

Vanta wants to help.

Its early April “Guide to working with auditors: Best practices for startups” contains several suggestions. 

  • One is to engage with auditors early so that you become familiar with each other.
  • However, you should NOT give auditors access to your data early. Wait until you are ready. Assuming your data is in a Vanta instance:

“If you’re still finalizing controls in Vanta, granting early access could cause confusion. However, some firms prefer early access for familiarization—as long as they don’t start testing prematurely.”

Vanta’s guide is at https://www.vanta.com/resources/guide-to-working-with-auditors-for-startups

(Wombat image via Imagen 3)

PS to cybersecurity product marketers

Are you getting YOUR product’s message out? Or is a stretched team holding you back from creating stellar marketing materials? 

Bredemarket has an opening for a cybersecurity client and can help with compelling content creation, winning proposal development, and actionable analysis. Book a call: https://bredemarket.com/cpa/ 

Why Invela TPRM?

During my three months working with a third-party risk management (TPRM) client, I never heard anyone mention Invela.

Perhaps with reason. Although LinkedIn says the company was founded in 2024, it didn’t post its first blog until April 20, 2025, or its first LinkedIn posts until April 21.

But the second blog post, dated April 21, is the one that matters.

“Invela has officially launched a transformative network to bolster consumer protection and foster innovation within the open banking ecosystem. The Invela Network, developed in collaboration with industry-leading specialist partners, promises to revolutionize how financial institutions manage third-party risk…”

The post goes on to cite the Consumer Financial Protection Bureau (CFPB), but…well…that’s nice.

Invela’s TPRM solution specifically targets the open banking segment of the financial services industry. Open banking, featuring companies such as Plaid, Kong, and Camunda (among others), facilitates the interchange of financial data, rather than keeping it within each bank’s walled garden.

Which of course increases risk.

Hence companies such as Invela.

I was unable to find a “why” story for Invela that compared to the why story I previously found for Ubiety Technologies. Obviously the Invela people never read my book.

However, the principals at Invela come from companies such as Mastercard (although I could find no information on Invela’s CEO Steve Smith). But the Invela leadership team presumably knows their market. We will see if they know their marketing.

Which reminds me…if you need help with your cybersecurity product marketing, Bredemarket has an opening for a cybersecurity client. I can offer

  • compelling content creation
  • winning proposal development
  • actionable analysis

If Bredemarket can help your stretched staff, book a free meeting with me: https://bredemarket.com/cpa/

How Can You Maximize Your Facial Recognition Or Cybersecurity Marketing Impact?

(This news was originally supposed to be embargoed until Monday April 21, but…well…things happen.)

Facial recognition and cybersecurity marketing leaders,

Stretched?

Is a stretched team holding you back from creating stellar marketing materials? Are competitors taking your prospects from you while you remain silent?

I’m John Bredehoft from Bredemarket, and I currently have TWO openings to act as your on-demand marketing muscle for facial recognition or cybersecurity:

  • compelling content creation
  • winning proposal development
  • actionable analysis
CPA?

Bias can be good when it’s a bias to action.

Bias?

Satisfy your immediate needs and book a call: https://bredemarket.com/cpa/

A Mature Approach to Artificial Intelligence-Powered TPRM Automation

Deloitte conducts regular surveys on third-party risk management (TPRM), and just concluded a survey on (English warning) “the rise of AI in TPRM to maximise opportunities while managing the risks.”

One of the key findings:

“Despite low maturity levels, leadership teams are ambitious about embracing intelligent automation, while managing both the risks of AI in their organisations and those arising from third-party AI usage.”

I’ve talked about maturity levels before and their importance in cybersecurity. While ad hoc approaches to TPRM just won’t cut it in terms of protection, a managed or defined level or better will yield a positive return on investment.

(Imagen 3)

And one more thing…

The formal announcement is embargoed until Monday, but Bredemarket has TWO openings to act as your on-demand marketing muscle for facial recognition or cybersecurity:

  • compelling content creation
  • winning proposal development
  • actionable analysis

Book a call: https://bredemarket.com/cpa/