Whether you’re handling customer information, financial records, or proprietary product details, safeguarding that data isn’t just a compliance requirement; it’s critical to maintaining customer trust, brand reputation, and the overall health of your business. However, small and midsized businesses (SMBs) often face unique challenges, such as limited IT resources and tighter budgets, making data security all the more challenging.

Why Data Security Is Critical for SMBs

1. Brand Reputation and Customer Trust
   A single data breach can undermine years of hard-earned trust. Small and midsized businesses often rely on close customer relationships and community reputation. Maintaining robust data security measures ensures customers feel safe doing business with you.
2. Regulatory Compliance
   Various regulations like PCI and HIPAA require strict data protection. Non-compliance can result in hefty fines and legal trouble, creating significant financial strain for SMBs.
3. Preventing Operational Disruptions
   Cyber attacks can cause severe downtime, impacting your ability to serve customers. Considering SMBs typically have leaner teams, recovering from a security incident can take more time, causing a ripple effect of lost revenue and productivity.
4. Competitive Advantage
   In many industries, security assurances are becoming a key differentiator. Demonstrating rigorous data protection can help win new clients, particularly those who handle sensitive information.

Common Security Risks Facing SMBs

1. Phishing Attacks
   Cybercriminals often use deceptive emails or messages to trick employees into divulging login credentials, credit card numbers, or other sensitive information. SMBs can be especially vulnerable because they may lack formalized security protocols or employee training programs.
2. Ransomware
   Ransomware is a type of malicious software that encrypts your data, rendering it unusable until a ransom is paid. Smaller businesses might feel pressured to pay due to limited resources and backup systems, making them prime targets.
3. Insider Threats
   Employees, contractors, or partners with legitimate access can inadvertently (or intentionally) expose or misuse data. SMBs often have flat hierarchies and broad access privileges, which can increase the risk of insider threats.
4. Unsecured Network and Devices
   SMBs may rely on a mix of personal and company-owned devices, and employees might connect from unsecured networks. This creates multiple potential entry points for hackers to exploit.

Essential Data Security Best Practices

1. Implement Strong Authentication
   • Use Multi-Factor Authentication (MFA): Adding a second verification step—such as a text message code, biometric scan, or app-based token.
   • Limit Logins to Company-Owned IP Addresses: Configure access controls to allow remote access only from whitelisted IP addresses owned by the organization. This approach minimizes unauthorized login attempts by ensuring that only connections originating from your internal network or approved gateways can reach critical systems.
2. Encrypt Sensitive Data
   • Data at Rest: Store files in encrypted formats, whether on-premises or in the cloud. Modern operating systems offer built-in disk encryption such as Bitlocker, and many cloud services include encryption features.
   • Data in Transit: Use secure protocols (HTTPS, SSL/TLS) for data transfer, ensuring information is protected as it moves between internal systems or over the internet.
3. Regular Software Updates and Patch Management
   • Automated Updates: Whenever possible, enable automatic updates to keep operating systems, antivirus software, and applications current.
   • Patch Management Tools: If you have multiple devices or servers, consider a patch management solution that lets you schedule and track updates from a central console.
4. Frequent Data Backups
   • Off-Site or Cloud Backups: Keep copies of critical data in multiple locations—ideally in encrypted, secure cloud storage.
   • Test Recovery Processes: A backup is only as good as your ability to restore it. Run periodic recovery drills to ensure backups are functioning properly.
5. Network Segmentation
   • Limit Lateral Movement: If a hacker gains access to one part of your network, you want to prevent them from moving freely to other systems. Segment your network to create isolated environments for sensitive information.
   • Access Control Lists (ACLs) and Firewalls: Restrict network traffic between segments using firewalls and ACLs.
6. Employee Training and Awareness
   • Phishing Simulations: Conduct regular phishing tests to help employees recognize suspicious emails.
   • Clear Security Policies: Provide guidelines on handling data, using personal devices for work, and reporting potential threats. Clear policies help your team make secure decisions daily.
7. Endpoint and Anti-Malware Protection
   • Robust Antivirus/Anti-Malware Solutions: Deploy reputable security software to monitor and block known threats.
   • Device Management: Use Mobile Device Management (MDM) or endpoint management tools to enforce security policies on company- or employee-owned devices.

Getting Started with a Data Security Strategy

1. Conduct a Risk Assessment
   Identify the most critical systems, data assets, and vulnerabilities. This will help you prioritize your security investments where they can make the biggest impact.
2. Create an Incident Response Plan
   Plan out step-by-step procedures for handling security breaches or suspicious activity. Clearly define roles and responsibilities for your team and detail how you’ll communicate with customers, partners, and authorities.
3. Allocate a Security Budget
   Assess how much you can realistically invest in data security tools, training, and personnel. Even modest budgets can fund essential solutions—like antivirus software, firewalls, and backup systems.
4. Train Your Staff
   A security system is only as strong as its weakest link—often human error. Regular training sessions and easy-to-understand policies can turn employees into your first line of defense.

Conclusion

Data security is no longer a “nice to have”—it’s a critical component of running a successful and trusted small or midsized business. Cyber threats evolve daily, and SMBs must remain vigilant to protect sensitive information, maintain compliance, and keep operations running smoothly. By implementing strong security practices—like multi-factor authentication, encryption, network segmentation, and ongoing employee training—you can significantly reduce your risk profile and safeguard your business.

Remember: cybersecurity is a journey, not a destination. Stay informed about evolving threats and emerging best practices and continually refine your security measures. With a proactive and well-rounded approach, your SMB can secure its valuable data, build customer trust, and thrive in an increasingly digital marketplace.

Josh Barrett is the Co-founder of BlueHat, a technology success partner specializing in cyber security and IT services for the mid and small business markets.  Josh graduated from UC with a degree in cybersecurity, has been a practicing professional for more than 12 years, Josh is CISSP certified.

The technology industry is evolving rapidly, with cybersecurity and IT roles in high demand. Businesses across all sectors struggle to find skilled professionals to fill critical positions. Despite the abundance of opportunities, many talented individuals find themselves shut out—not due to a lack of qualifications but because of barriers unrelated to their technical abilities. Among the most overlooked are professionals with disabilities, who, despite meeting or exceeding job requirements, often face challenges securing interviews and job offers.

The Hidden Barrier: When Qualifications Aren’t Enough

At Phishbuster Academy, we frequently hear from students who have put in the effort to obtain the right credentials but still struggle to break into the field. There is one such student who recently came to Phishbuster Academy who truly stood out. This aspiring professional earned an associate’s degree in IT and even acquired CompTIA’s triple crown of entry-level certifications—A+, Network+, and Security+. By all accounts, this individual should be an ideal candidate for an entry-level IT or cybersecurity role. Yet, despite applying to numerous positions, he could not even secure an interview.

Unfortunately, his story is not unique.

Although this young man is fully capable and qualified for an entry-level IT position, he does have a disability. In a field that can be difficult to break into, for professionals with disabilities, they face additional barriers to employment often stemming from:

• Employer misconceptions about their capabilities.
• Rigid job requirements that do not accommodate remote or adaptive work setups.
• A lack of focus on skills-based hiring, leading to missed opportunities.

These obstacles prevent companies from accessing a talented pool of candidates who are fully capable of succeeding in IT and cybersecurity roles.

The Role of Remote & Adaptive Work Environments

One of the biggest misconceptions in hiring is that IT and cybersecurity positions require a traditional office setting. In reality, many roles in these fields are well-suited for remote work and can be adapted to accommodate a variety of needs. With the right tools and policies in place, professionals with disabilities can thrive in:

• Remote work environments, which allow for flexible scheduling and accessible setups.
• Adaptive technologies when needed, such as screen readers, voice-to-text software, and specialized hardware.
• Results-driven roles, where success is measured by skills and problem-solving ability rather than physical presence.

Despite these advantages, many companies remain hesitant to implement these hiring practices or invest in the necessary accommodations.

Consider the student mentioned earlier: He possesses the education, certifications, and motivation needed to excel in IT, yet he struggles to even get past the initial hiring stage. His experience reflects a broader industry issue that creates difficult barriers of entry. This highlights a crucial gap: while education and certifications lay the foundation, hands-on experience often serves as the missing piece.

How Employers Can Close the Gap

The IT and cybersecurity industries face a talent shortage, yet many capable professionals remain overlooked due to outdated hiring practices and misconceptions about disabilities. Companies that embrace adaptive hiring practices, flexible work environments, and skills-based evaluation will not only tap into a wealth of underutilized talent but also foster a more diverse and innovative workforce. It’s time for the industry to break these barriers and open doors—because talent should be recognized, not overlooked.

To bridge this divide and create more opportunities, companies can consider:

• Adopt skills-based hiring: Focus on an applicant’s actual technical abilities.
• Implement flexible and remote work policies: Make accommodations that enable all employees to perform at their best.
• Support internship and job simulation programs: Provide structured, hands-on opportunities that allow these professionals to gain real-world experience.

When faced with a candidate who has the education and certifications that highlight his intellectual abilities and foundational understanding of key concepts, the only thing left to do is prove that they have the technical abilities to do the job. But how can this develop if no entry-level positions are offered? That’s where job-simulated programs become a game changer.

The Path Forward

That brings us to the next steps…where do we go from here? It’s not overly complicated, the path forward is essentially giving these candidates an opportunity to complete hands-on projects that simulate real-world job responsibilities. Adding in that last piece of the puzzle, projects that can highlight their technical experience and abilities. Especially in a state like Ohio, where programs like Tech Cred can make this type of training a reality by eliminating what is often a big concern – cost.

Justin LeBrun is the VP of Operations at Phishbuster Academy, an organization dedicated to providing hands-on cybersecurity training and real-world experience through job-simulated labs. With a passion for bridging the skills gap, he works to ensure aspiring professionals have the opportunity to build successful careers in IT and cybersecurity.

The Cybersecurity Maturity Model Certification (CMMC) program, designed by the Department of Defense (DoD) to safeguard Controlled Unclassified Information (CUI) and Federal Contract Information (FCI), has undergone significant updates between its proposed rule in December 2023 and its final rule in October 2024. These changes reflect the DoD’s effort to balance cybersecurity requirements with practical considerations for contractors. With the final rule taking effect on December 16, 2024, understanding these changes is critical for contractors preparing for assessment.

One of the most important changes in the final rule is the introduction of a clearly defined phased implementation plan. The proposed rule hinted at a gradual rollout but lacked specific milestones or timelines. The final rule addresses this by implementing a four-phase plan. Phase 1 introduces mandatory self-assessments for contractors handling FCI. Phase 2 brings in Level 2 certifications for select contracts involving CUI. Phase 3 extends certification requirements to high-priority programs through Level 3 assessments. Finally, Phase 4 marks the full implementation of CMMC requirements across all applicable DoD contracts. This structured approach ensures contractors have the time to adapt while the DoD scales its assessment capabilities. Initial estimates state that approx. 80,000 defense contractors require Level 2 Certification, so with the implementation of a phased rollout, the accreditation body and ecosystem should be able to stretch with the initial demand of assessments.

Flexibility for Level 2 compliance has also been enhanced in the final rule through the introduction of conditional certification. Under the proposed rule, contractors were required to fully implement all 110 NIST SP 800-171 Rev 2 controls before achieving certification. The final rule now allows for conditional certification if contractors meet at least 80% of these requirements, provided they address gaps through a Plan of Action and Milestones (POA&M). This conditional status enables contractors to bid on contracts while granting them 180 days to close security gaps. However, failure to meet this deadline results in certification expiration, demonstrating that while the rule allows flexibility, it does not compromise accountability.

The role of POA&Ms has been significantly refined. The proposed rule permitted their use but lacked clear guidelines on timelines and follow-ups. The final rule establishes firm deadlines, requiring all security gaps documented in POA&Ms to be resolved within 180 days. A POA&M closeout assessment is then mandated to verify compliance before final certification is granted. This change ensures that contractors address vulnerabilities promptly, mitigating the risks of long-standing cybersecurity weaknesses.

The certification levels themselves have been clarified in the final rule. While the proposed rule outlined the three levels of CMMC, the final rule provides greater detail on the assessment processes and their frequency. Level 1 now mandates annual self-assessments for contractors handling FCI, with results reported in the Supplier Performance Risk System (SPRS). Level 2 introduces a distinction between self-assessments and third-party assessments conducted by CMMC Third-Party Assessment Organizations (C3PAOs). For Level 3, which is required for contractors handling critical CUI, assessments will be conducted by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC), with Level 2 certification as a prerequisite.

Another area of improvement is the tracking and affirmation of compliance. The proposed rule required annual affirmations from senior officials but did not elaborate on enforcement or tracking mechanisms. The final rule enforces these affirmations across all certification levels, with contractors required to submit them annually through SPRS. Failure to affirm compliance results in the automatic lapse of certification, reinforcing the need for continuous cybersecurity maintenance rather than viewing CMMC as a one-time achievement.

The integration of SPRS and the CMMC Enterprise Mission Assurance Support Service (eMASS) is another key update. While the proposed rule primarily relied on SPRS for self-assessment score submissions, the final rule expands this functionality. SPRS is now used for Levels 1 and 2 (Self) assessments, while eMASS is designated for third-party assessments at Level 2 (C3PAO) and Level 3. Assessment results are automatically transmitted to SPRS from eMASS, creating a seamless and centralized compliance tracking system.

Scoping requirements have also been expanded and clarified in the final rule. The proposed rule provided limited guidance on defining in-scope systems and the role of External Service Providers (ESPs). In contrast, the final rule introduces clear scoping categories, including Contractor Risk Managed Assets, Security Protection Assets, and Specialized Assets. It also requires ESPs to meet equivalent CMMC security requirements when processing CUI but does not stipulate ESPs obtain the same level CMMC certification of their clients. These changes enhance clarity and ensure that contractors appropriately define the scope of their cybersecurity efforts.

As the CMMC program evolves, contractors must prepare to align their cybersecurity programs with these updated requirements. The final rule reinforces the DoD’s commitment to safeguarding national security through a robust, scalable, and enforceable cybersecurity framework. For contractors, the path to compliance is not only a contractual obligation but a critical step in strengthening their resilience against cyber threats. Now is the time to act, ensuring readiness for the challenges and opportunities that the CMMC program brings.

Eric Parsley is a cybersecurity executive specializing in Governance, Risk, and Compliance (GRC). He is a vCISO for Expedient Technology Solutions offering cybersecurity focused MSP/MSSP Services. Eric holds a Master’s degree in Cybersecurity & Information Assurance and is a CMMC Certified Assessor.

Digital channels, including websites, mobile apps, and social media, have become the primary touchpoint for establishing new customer relationships. In fact, 91% of adults ages 18 to 49 have purchased products or services online using a smartphone, according to Consumer Affairs.1 It’s crucial to make a good first impression during these customer interactions if you hope to build a loyal customer base.

This shifting dynamic creates new challenges and opportunities for businesses looking to attract and retain customers. The right customer identity and access management (CIAM) strategy can help you provide a positive customer experience.

What Is CIAM?

CIAM allows businesses to securely capture and manage customers’ identity and profile data and control what applications, services, and information users have access to.

The traditional approach to CIAM has tended to force the customer to provide as much information as possible at the point of registration and require them to log in with a username and password for every session. Taking this approach usually forces businesses to make user experience tradeoffs to secure how customers engage with their brand online.    

Modern approaches to CIAM enable businesses to identify who their customers are and what applications they should have access to in a way that doesn’t require compromising convenience for security. By continuously assessing the trustworthiness of each customer’s identity throughout their session, businesses can dynamically adjust the level of authentication required based on real-time risk, making security visible only when necessary. This approach allows customers to securely engage with digital properties without encountering unnecessary friction. 

CIAM can also help you streamline the end-to-end customer journey by making it easier to introduce single sign-on (SSO) for customers across all your digital properties, prompt customers for multi-factor authentication (MFA) for additional security only when necessary, and ultimately move towards secure, convenient passwordless authentication experiences.

How Can CIAM Deliver a Great Customer Experience?

CIAM elevates the customer experience (CX) by simultaneously reducing friction and building trust. Our 2024 Consumer Survey found that “security” (78%) and “ease of use” (76%) were the most important aspects of interacting with brands online, highlighting the importance of delivering both secure and seamless journeys.

Reduce Friction

With CIAM, you no longer need to push every customer through the same rigid authentication processes when they visit your site. 

For example, if they’re registering for the first time, you don’t need to ask them to enter all their personal data immediately, you could just ask them to provide their email address and set a password, minimizing friction until they’re ready to make a purchase. When they decide to place their first order, then you can ask them for their address, payment details, and any other necessary information. At any given point in their journey, you’re only asking them for the information you need, so they can focus on their shopping experience, rather than filling in forms.

Similarly, when an existing customer wants to log into your site, you can make smarter decisions about how many authentication hoops you should make them jump through. For example, if they logged in successfully an hour ago on the same PC with the same IP address, and their mouse movements and typing patterns are the same as they were before, you might decide they don’t need to enter their password again. Modern CIAM systems allow businesses to fully configure the level of security required, and to specify the signals they monitor to achieve secure authentication. 

Essentially, CIAM allows you to adjust the level of friction in your authentication experience appropriately, so customers don’t feel they’re being bothered unnecessarily.

Build Trust

When we talk about adjusting friction, the key word is “appropriately.” Zero friction is rarely the right answer from a security perspective, and it’s not always what customers want, either.

For example, imagine you get a login request that seems to be coming from an existing customer, but the IP address shows that they are in a different country and using an unknown device. In that case, you might decide to send an MFA request to make sure the customer is who they say they are.

Let’s say the request does come from a genuine customer. Perhaps they’re traveling overseas, and they’ve borrowed a friend’s device because their own smartphone won’t connect to the local network. In this situation, receiving an additional security challenge doesn’t feel like unnecessary friction. It’s reassuring for the customer because it shows them, you’re taking their account security seriously. 

Only asking for the authentication you need, and always asking for authentication when you need it can prove to customers that the friction added to the experience is necessary, and you’ll find it much easier to win their trust.

What Are the Benefits of Improving CX with CIAM?

Utilizing CIAM to improve CX can unlock a variety of benefits that work together to improve business operations, reduce IT costs, and capture more revenue. Effective use of CIAM enables you to:

• Boost Customer Acquisition and Retention: Businesses can acquire more customers with CIAM and progressive profiling by streamlining the registration process, asking for information over time rather than forcing new customers to fill out a long sign-up form before checkout.
• Increase Revenue:  By using progressive profiling, businesses can get to know their customers better while building rich user profiles to offer tailored experiences across every digital property. Unifying customer identity with existing Customer Relationship Management and Customer Data Platforms allows businesses to finely target cross-sell and up-sell offers.
• Strengthen Customer Loyalty:  By enforcing appropriate security measures in the right situations, CIAM shows your customers you are a trustworthy steward of their accounts and personal data.
• Reduce Customer Support Costs:  Effective CIAM gives customers more options for authenticating with your site, which means they are less likely to fail security challenges or get locked out of their accounts.

Rich Keith, Senior Director, Product & Solution Marketing, Ping Identity has over 20 years technical and marketing experience in cyber security, IAM, AI/ML and big data analytics, and enterprise software including enterprise Java servers and transaction processing systems. Rich is a sought-after speaker at cybersecurity events worldwide. Prior to joining Ping Identity, Rich held senior positions at SailPoint (IAM), BeyondTrust (PAM), Oracle and Cofense/PhishMe. Rich holds a master's degree in Computer Science from California State University, Chico.

As we gear up for 2025, I've been doing a lot of thinking about the advancements in generative AI over the past year. It feels like over the next twelve months we could see a shift in how we approach data, interact with AI, and ensure that we're doing it all in an ethical and responsible way. I've got some thoughts on why data quality is about to become a major focus, the ways agentic AI could change our daily interactions with technology as a whole, and why we need to make sure we're handling these systems with care. So, let's dive in and take a look at what I'm seeing on the horizon for 2025.

It’s All About the Data

The phrase “data is the new oil” has been commonplace over the past decade or so, but I predict 2025 is when we’ll actually start seeing it play out. As more organizations adopt and build generative AI systems, the need to ensure those systems are ingesting good, quality data becomes increasingly important.

The shift towards quality data isn't about having more data; it's about having better data. Generative AI models are only as good as the data they're trained on. In 2025, we’ll see a focus on data quality initiatives. This means organizations will be investing heavily in data cleaning, validation, and enrichment processes, moving away from simply hoarding vast quantities of information to curating high-value datasets. This commitment to quality will be a key differentiator for AI performance and the success of these systems.

Furthermore, the role of data stewards will become increasingly crucial. These individuals (or maybe even AI agents. More on this in a moment.) will be responsible for the lifecycle management of data – from its creation and collection, through its storage and use, to its eventual archiving or removal. Good data stewardship is about more than just governance; it’s about ensuring data is accurate, consistent, secure, and used ethically and responsibly within the context of AI projects. Without solid data stewardship, the most sophisticated AI models will still struggle, leading to biased, inaccurate, or even harmful outcomes.

One conversation I've had recently is about using AI to help employees with health insurance, like asking “What are my vision benefits?" and "What in-network eye doctors are near me?” Ingesting your health insurance policy into such a system may not seem like an arduous task. But your policies will change over time. New policies will need to be added, and expired policies will need to be removed. We can’t simply feed AI a bunch of data and call it day; we need processes for the removal of data as well. This illustrates the need for effective data lifecycle management programs.

Agentic AI

The way we interact with AI systems is set to change as the popularity of agentic AI increases. But what is agentic AI?

Generative AI like ChatGPT, Gemini, or Claude is kind of like a chef in a kitchen. You give them an instruction, and they can whip up a delicious meal. That’s where the “generative” in generative AI comes from; they generate content. But an agentic AI system is more like the restaurant manager, that not only can create new recipes but also decide what ingredients to buy, how to set the menu, and how to coordinate the kitchen staff. Agentic AI systems are focused on goals and outcomes, and they can act autonomously to achieve those goals without human interaction.

While agentic AI systems leverage the creativity of generative AI models such as ChatGPT, they differ in several ways. Primarily, these systems prioritize decision-making over content generation. Secondly, they operate autonomously, driven by predefined goals – like boosting revenue, improving customer feedback, or streamlining logistics – rather than requiring constant human instruction. And finally, these systems possess a more sophisticated ability to handle complex, multi-step processes, navigating data sources and initiating workflows without manual intervention.

Because agentic AI systems are designed to carry out specific, granular tasks, they enable greater specialization of roles compared to general purpose models like ChatGPT. Some agentic systems will have an “orchestrator” which can be thought of as the main agent that interacts with and instructs all of its downstream agents. Imagine this: An AI system is monitoring a salesperson's calendar, and before each meeting, it automatically prepares a brief with information about that customer. And not just any information. Relevant information like past purchase history, previous interactions with their team, and even business trends in their industry.

Responsible AI

“With great power comes great responsibility.” In 2025, organizations will no longer be able to treat ethical AI as an afterthought; it will become a core component of any AI strategy. This means proactively establishing clear policies to guide AI development, encompassing data privacy, transparency, and bias mitigation. This will require not just technical solutions but also a broader ethical commitment across all levels of an organization.

Beyond ethical considerations, robust governance of AI systems will be critical. This includes establishing clear lines of responsibility for AI outputs, implementing testing and validation processes to ensure the reliability of AI models, and setting up clear mechanisms for recourse when things go wrong. We can’t just deploy AI and hope for the best; we have to be good stewards of it. We'll see a growing need for specialized roles, such as AI ethicists and AI risk managers, who will be tasked with ensuring that AI is used responsibly and for the benefit of all stakeholders. The path to realizing the full potential of AI is paved with careful planning, robust oversight, and a dedication to building systems that are not just powerful but also trustworthy and ethical.

I've shared my predictions, but now I'm curious – what are you seeing on the horizon for AI?

Jason Clishe

Jason is a Google Cloud Platform solutions architect at CDW with 30 years of IT experience spanning delivery consulting, partner enablement, and sales engineering. His expertise includes cloud technologies, generative AI, and on-premises solutions, and he leads the design of innovative generative AI solutions on GCP Vertex AI.

In 1993, Burger King became revolutionary. They implemented a groundbreaking technology that changed the game, challenging both customers and workers with a new process: accepting credit cards. In this video reactions were split between fear, resistance, skepticism, joy, and convenience.

In 2024, what does AI have to do with Burger King? Everything. AI in our workplaces now represents the same disruptive factors: do I want to use AI or not? How will my employees start to use it? Will they implement it correctly? How do I even use this system? Do our workforce/customers/clients now have to make new choices?

¡Prohibido arrojar NADA dentro del sanitaro!

(It is forbidden to throw NOTHING down the toilet)

Just like how credit card payments date back to the late 1950s, AI’s roots trace back to the early internet in the form of 1:1 translation. In the early days of translation websites, the level of “thinking” a system could do was literal. For example, in language, "jaguar = cat," but "Jaguar ≠ car."

“I don’t quite agree with it, but a calculator for words is an interesting framing for ChatGPT,” said Sam Altman, CEO of OpenAI. Thanks to technological and algorithmic advancements, AI now can see the “forest through the trees.” According to TechTarget, ChatGPT has over 1 trillion transformer neural networks, enabling it to distinguish between a luxury foreign vehicle and a jungle cat.

With this powerful new “calculator for words,” what does that mean for the workforce? According to a recent market-data report, as it stands now, six out of ten occupations have more than 30% of activities that are technically automatable. As AI advances, instead of “cash or credit,” we might soon have to ask ourselves, “human or AI?” (assuming we are even given a choice…).  Perhaps the best way to prevent AI from taking jobs is to embrace it and implement AI to do our jobs better.

Prompt Engineering? I call it “Prompt Writing”

Before my career as a workforce development consultant, I was a publishing intern, editor, writing tutor, and later an English Language Learner instructor (also, janitor, cook, mosquito control specialist, property abatement worker, and road construction worker—just to name a few).

When I first began using AI a few years ago, two thoughts immediately struck me:

1. I needed to stop using this system like a Google search.
2. Creating effective prompts requires finesse.

I quickly realized that I had to do a bit of writing to get the result I wanted from AI. For me in the moment, the term “prompt writing” seemed more fitting than “prompt engineering.”

There is no “e” in Ketchup

Through research and webinars, I discovered AI was full of interesting little quirks. For instance, some AI systems would confidently assert that there is no “e” in the word ketchup. Try it out today on ChatGPT, CoPilot, or Gemini without logging in—you might be surprised.

Paying attention to social media posts, I also noticed the same common AI buzzwords popping up again and again—like “dive.” Hey, everyone, let’s dive into the topic of prompt engineering, followed by an emoji. We must do better to keep language fresh, interesting, and most of all “human” even when using our fancy new word calculator. By telling AI which words not to use and giving it the proper context, we can disguise its “word calculator” tone and keep our writing more authentic.

Give AI a Job (While I Still Have Mine)

The “lightbulb” moment for me as an AI user was discovering the simple prompt structure of Role-Task-Format. Writing a great prompt starts with giving AI a job: assign it a role. For example, tell AI: Act as a sales rep, consultant, or data scientist. Giving AI the right context is essential to getting the best results.

AI knows a lot, but it doesn’t know what’s important to you until you tell it (you don’t know what you don’t know). Next, specify the task you want it to perform: Create a marketing email, blog post for Technology First, or session description for your Dayton AI Day presentation. Finally, decide on the format. Should it be 3–4 small paragraphs, a bulleted list, or something else entirely?

“Review the rough draft of this blog post and help me come up with a clever conclusion. Keep the writing style similar.”

Just as credit cards reshaped fast food transactions in 1993, AI is reshaping the workplace today. The parallels are clear: innovation challenges us to adapt, evolve, and make choices about how we engage with new technologies. Whether it’s using prompt engineering to enhance efficiency or approaching AI with a human touch, the question isn’t if AI will change the game—it’s how we’ll play along. I’m looking forward to meeting everyone at Dayton AI Day on Jan 15^th and hope to see you in my “Prompt Engineering…Basics and a Bit Beyond” session.

*This blog post was written by a human…except for the conclusion paragraph.  

Hello Tech Community!

As 2024 comes to a close, it’s incredible to reflect on how far we’ve come as a tech community. At the start of the year, many of us were focused on what lay ahead for technology—emerging trends, evolving challenges, and the innovations poised to shape our future. AI, anyone? Now, as we prepare to enter 2025, we can look back on all that’s been accomplished.

Connecting

This year, we strengthened connections across our tech community in profound ways. With over 50 events—including the Ohio Information Security Conference, Taste of IT, and two Digital Mixers—we created countless opportunities for professionals, students, and organizations to come together, share insights, and advance ideas. At the heart of our community are peer group meetings, a core member benefit that fosters collaboration and ensures the continuous exchange of knowledge.

Beyond events, we facilitated one-on-one connections between members, helping businesses and individuals find the right partners, resources, and solutions to drive their goals forward. To make connecting even easier, we introduced a new mobile app, putting opportunities to engage, network, and collaborate right at your fingertips.

Strengthening

Throughout 2024, we’ve navigated critical topics like cybersecurity, sustainable technology, and of course AI, while continuing to champion leadership and workforce development. We tackled tough questions, such as “What should every tech leader stop doing now?” and provided strategies for protecting and growing tech investments.

We often said 2024 was our year of experimentation. So, we launched the Emerging Tech Leaders program, introduced Workshops, and hosted three conferences – challenging ourselves to push the boundaries while ensuring our programs were designed to equip participants with the skills and tools to lead and adapt in a rapidly evolving landscape. Our Women 4 Tech Conference became an annual tradition, celebrating and empowering women in technology leadership.

Championing

Investing in our community and the next generation of tech leaders remains at the heart of our mission. This year, we raised over $9,000 for the Technology First Scholarship Fund at the Scramble for Scholarships, awarded more than $10,000 in scholarships to regional students, and inspired the youngest learners at the Boonshoft Museum of Discovery through our interactive Tech First Brixilated Mural.

Through initiatives like the Cyber Challenge and STEM Career Fair with the Girl Scouts, we’re introducing future leaders to careers in technology, while our Digital Mixers provided students with opportunities to connect with local employers and kickstart their tech journeys. These efforts ensure a strong pipeline of talent to sustain and grow our region’s tech community for years to come.

A Shared Commitment

Through it all, your commitment to advancing technology in our region has been the constant driving force behind our progress. Our community remained resilient and future-ready by focusing on sustainable practices, workforce growth, and innovative solutions. Together, we haven’t just adapted to change—we’ve led the way, positioning the Dayton region as a hub for innovation and economic growth.

The highlight of every year, for me personally, is watching our members come together—answering a call for help, lending a hand, and encouraging career advancement. These moments exemplify the strength of our community and lay the foundation for everything we achieve together.

Looking Ahead

As we look forward to 2025, we’re excited to continue this journey with you. Next month, we’ll share what’s on the horizon for the new year, including opportunities to connect, learn, and lead in ways that will keep our community thriving. We invite you to kick off the year right at Dayton AI Day on January 15, where we’ll dive into the practical applications and future of artificial intelligence.

But for now, let’s take a moment to celebrate all we’ve accomplished in 2024.

#UniteDaytonTech 

Melissa 

Championing Tech:  The Value of Volunteerism

For November's TECH CONNECT, a month dedicated to gratitude and giving, we’re highlighting three Tech First members who embody the spirit of service and community. Florence Renee Bacote from the Montgomery County Board of Commissioners, Jill Campbell with the Air Force Life Cycle Management Center, and Searsa Johnson of CareSource are among our most dedicated volunteers, lending their time and expertise to events like the Girl Scout Cyber Challenge and programs with the Boys and Girls Club in addition to Tech First conferences and events. Their passion for making a difference shines through in every project they touch. We sat down with Bacote, Campbell and Johnson to discuss what motivates their volunteerism and to hear their advice for those looking to get more involved.

Read on to be inspired by their commitment to giving back!

How did you first get involved with Technology First, and what inspired you to start volunteering?

Bacote: I first became involved with Technology First through my employer, Montgomery County, enrollment as an attendee of the annual Tast of IT Conference and then later as a peer member of the Women 4 Tech peer group. I have always believed that volunteering can have a real impact on the lives of others in need of assistance or direction which continues to help me realize that this impact is a part of something bigger than myself.

Campbell: There have been times in my life when I needed guidance or support and found it lacking, which has driven me to volunteer and give back to others. Volunteering offers me the chance to share my skills and expertise in ways that might benefit others and make a positive difference. I believe the knowledge exchanged through volunteering is incredibly valuable—every experience adds to my growth and understanding. Additionally, it’s rewarding to provide time and services to those who may not have access or the means to seek out this support on their own.

What has been the most rewarding part of your volunteer experience?

Bacote: I have really enjoyed giving my time, energy, and knowledge while connecting to others in the Dayton community. I have always enjoyed working with others and making new friends in an environment that promotes growth along with helping others learn and gain professional experience.

Can you share a specific moment or experience that stands out to you during your time volunteering? 

Campbell: Being sought as an expert and leader while I was facilitating a session at Taste of IT!  It was an honor to hear "I was told I needed to meet you."  To be recognized by peers as a knowledgeable leader and, in this instance, to eventually have a job offer from [the volunteer interaction], was quite a satisfying experience!

What makes our volunteer community special, and why do you continue to give your time?

Johnson: Connection. My continued engagement is driven by connecting with the Technology First community and their caring and dedicated staff. It is vital to be part of a community that openly discusses cyber security and evolving technology.

How has volunteering impacted your personal or professional life?

Bacote: Volunteering has helped keep me keen on my communication, project planning, and teamwork skills. It has also helped me to make great connections and meet new people in the Dayton community.

Campbell:  I have been humbled by the amount of expertise I’ve been exposed to and a substantial amount of my diverse knowledge and “career wisdom” has come from the interactions with the people whom I’ve met through volunteering.  Also, it’s about the network – I can sincerely say that ALL – with the exception of TWO connections – on my LinkedIn network are people I’ve met face to face.

What do you see as the future of volunteerism, especially within the technology sector?

Bacote: The future of volunteerism in the technology sector will likely see a significant increase in digital volunteering, where people can use their technical skills remotely as more and more people are working in remote positions and not physically working in buildings in the community.  I still hope there will be individuals who will still want to do “in-person” volunteering.  There will always be a need for tech professionals with specific skills like web development, graphic design, and especially cybersecurity, whose technical knowledge can be more valuable when demonstrating or teaching these ideas in person with ability to give hands-on instruction or experience.  

Campbell: The Dayton area seems to be skipped over in the areas of technology in regard to large events and connection to the surrounding areas. I believe the more volunteerism that occurs, the "louder" we can be, and the more connected Dayton will be.  Dayton is a vast source of technological knowledge and should not miss out on what is happening around us.  Lets all jump on the volunteering band wagon so we can participate in the opportunities that are happening!

What advice would you give to someone who is considering volunteering but hasn’t taken the step yet?

Johnson: What are you waiting for!?! For someone who is a true introvert and struggles with public speaking anxiety, volunteering with Technology First served as a steppingstone in building my confidence. These volunteering opportunities provided me a safe space to practice public speaking, enhance networking skills, and re-connecting with my peers. Sign up now!

As we wrap up this month of gratitude, we’re reminded of the incredible impact that dedicated volunteers like Florence Renee, Jill, and Searsa have on our community. Their stories encourage us all to find ways to give back, connect, and create lasting change.

Here’s to making a difference together!

Conferences. Are they just a whirlwind of half hearted networking, average coffee, and questionable after-parties? Not for me! I see conferences as a goldmine – a chance to unearth valuable insights, capture educational moments, and ultimately, boost my sales.

Here's the thing: most people attend conferences, passively absorb information, and then…crickets. But the real magic happens after the event. It's about taking those nuggets of knowledge and weaving them into your sales strategy.

Here's how to turn conference chatter into client conversions:

1. The "Hot-off-the-Press" Pitch:

● Identify Key Takeaways: Jot down the most impactful trends, innovative solutions, and industry challenges discussed.

● Craft a Timely Narrative: Incorporate these insights into my outreach. For example, "At the recent [Conference Name], there was a lot of buzz around [hot topic]. It got me thinking about how [your company] could help businesses like yours navigate this…" Be as specific as possible about how the learnings from the conference can apply to your specific prospects environment.

● Establish Thought Leadership: Sharing these timely insights positions me as an expert and demonstrates that I'm invested in staying ahead of the curve.

2. Name Dropping Done Right:

● Strategic Networking: Make a point of connecting with influential speakers and industry leaders.

● Leverage Connections: In follow-up emails, you might say, "[Speaker Name] made a great point about [topic] at [Conference Name]. It resonated with me because…" This adds credibility and context to your outreach.

● Build Relationships: Conferences are a breeding ground for genuine connections. These relationships can translate into warm leads and referrals down the line.

3. Content is King (and Conferences are the Kingdom):

● Repurpose Content: Leverage conference presentations, workshops, and keynotes to create valuable content for my prospects. Think blog posts, social media updates, or even short videos summarizing key takeaways. Don’t be afraid to take selfies or quick videos in the hallways.

● Offer Exclusive Access: Sharing exclusive insights or resources from the conference adds value to my outreach and incentivizes prospects to engage.

4. The Follow-Up Frenzy:

● Strike While the Iron's Hot: Follow up with connections and leads immediately after the conference. The event is still fresh in their minds, making them more receptive to my message.

● Personalize Your Approach: Reference specific conversations or shared experiences to make your outreach more meaningful.

Conferences are an investment – of time, money, and energy. But by strategically leveraging the learnings and connections, I turn that investment into a sales bonanza. So, the next time you're at a conference, remember: don't just attend, capitalize!

About NextStep Networking: NextStep Networking partners with schools to excite and empower students, businesses that make us think, non-profits that want to maximize their impact and government agencies that rely on safety and security. We will bring new ideas and find creative and innovative ways to help your business with technology. Built on a foundation of integrity and community partnership, we believe that helping other like-minded organizations prosper will pave the way to a better future. Join our mission of making a positive impact in the lives of those we serve.

As 2024 draws to a close, the business landscape is evolving rapidly, especially in enterprise communications, technology, and economic trends. For companies to stay competitive, it is essential to remain informed and adaptable. Below, we explore the key developments and insights that will define enterprise communications in the year ahead.

Key Industry Trends in Enterprise Communications

AI’s Expanding Role in Customer Experience and Call Centers
Artificial intelligence (AI) continues to transform customer service and call centers by improving efficiency and personalization. Many businesses are integrating AI-powered tools to automate repetitive tasks, streamline interactions, and provide customized experiences. As AI becomes more advanced and accessible, its adoption will only grow, though the rising costs of implementation and maintenance remain a challenge. Maximizing the potential of AI requires leveraging its data across various departments—sales, marketing, and support—to create a seamless and integrated customer journey.

New Compliance Regulations for Financial Services
The European Union’s Digital Operational Resilience Act (DORA) will go into effect in January 2025, impacting financial institutions and their technology providers. These firms must meet rigorous cybersecurity and operational resilience standards, requiring gap analyses, improved risk management, and resilience testing. While DORA directly affects financial services, businesses in other sectors, including enterprise communications, will also need to prioritize securing their data and systems to stay compliant across industries.

The Evolution of Hybrid Work

Hybrid work models have become a permanent feature of the post-pandemic business world. Although some organizations aim for a return to full-time office work, many employees still prefer the flexibility of hybrid setups. The challenge for businesses is to sustain collaboration, productivity, and company culture in this environment. Investing in advanced video conferencing, collaboration platforms, and secure remote access tools will be critical for staying competitive and attracting talent.

Key Timelines and Regulatory Changes

• January 2025: DORA compliance deadline for financial services and related industries. Ensuring cybersecurity and resilience standards are met will be vital to avoid penalties.

Challenges and Opportunities for Businesses

Economic Uncertainty
Inflation, layoffs, and commercial real estate challenges are contributing to an uncertain economic landscape. Businesses need to be agile, managing costs carefully while investing in technologies that will future-proof operations.

Rising AI Development Costs
While AI offers considerable efficiency gains in customer service and other areas, the costs associated with its deployment and maintenance are increasing. Businesses must evaluate the long-term return on investment (ROI) of AI solutions to ensure scalability and adaptability to future needs.

Evolving Communication Tools
The importance of video conferencing, collaboration platforms, and messaging apps has grown immensely. Companies should continually assess their tech stack to ensure they are using flexible, secure, and well-integrated communication tools that align with their broader business systems.

Strategic Recommendations

1. Invest in AI Thoughtfully: AI can be transformative, but strategic integration across departments is key. Focus on scalable AI solutions that deliver valuable data insights while integrating with existing technologies.
2. Prepare for Regulatory Changes: Businesses in finance and technology must align with new regulations like DORA. Regularly review cybersecurity protocols, third-party contracts, and resilience measures to avoid compliance risks.
3. Support Hybrid Work Models: Hybrid work is here to stay. To remain competitive, invest in technologies that enable employees to seamlessly transition between office and remote work, ensuring productivity and security.
4. Optimize Communication Platforms: Companies should consider consolidating communication tools that offer security, resilience, and integration with IT systems to ensure smooth operations.

Looking Ahead

The remainder of 2024 and early 2025 will bring both challenges and opportunities, including advances in AI and tightening regulatory landscapes. By staying informed, businesses can navigate these changes effectively. Balancing innovation with economic and regulatory readiness will be crucial for long-term success.

At NexusBlue, we are dedicated to helping businesses make informed decisions and adapt to the ever-changing enterprise communications and technology landscape. By acting now, organizations can position themselves for sustainable success and long-term resilience.

NexusBlue
NexusBlue specializes in rescuing, fixing, and reimagining business operations through enterprise communications, digital transformation strategies, and AI assessments. We help companies navigate the complexities of technology and regulation to drive lasting ROI in today’s fast-evolving business environment.