ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "S2E19: ByteWise - Credit Union Edition"
Episode Synopsis
In this special Credit Union Edition of the ByteWise Podcast, Daniela, Brian, and Glen are joined by Tom Costello, CEO of Upstreme, to unpack the future of the Automated Cybersecurity Examination Tool (ACET) and its impact on credit unions.
For years, ACET has been the standard tool for cybersecurity self-assessments, but with its foundation—the FFIEC’s Cybersecurity Assessment Tool (CAT)—now officially sunset, credit unions must prepare for what comes next.
What We Cover
ACET’s Rise and Sunset: Why the tool was created, its limitations, and why regulators are moving away from it.
Alternative Frameworks: Deep dive into the top three contenders—NIST CSF 2.0, the CRI Profile, and the CIS Controls—and what each offer.
Credit Union Realities: Challenges for smaller institutions, including ISE framework considerations, resource constraints, and scaling expectations.
Transition Strategies: Practical advice on mapping from ACET to modern frameworks, avoiding common mistakes, and creating a smooth shift.
Bigger Picture: How technologies like AI and Zero Trust Architecture are reshaping InfoSec, and why now is the perfect moment for credit unions to reframe cyber risk conversations with boards and leadership.
Risk & Governance: Connecting frameworks to enterprise risk management, risk appetite, and governance functions—ensuring cyber strategy aligns with organizational strategy.
Key Quotes
“All frameworks are wrong. Some of them are just more useful than others.” – Tom Costello
“The biggest mistake is doing nothing and sticking with ACET.” – Tom Costello
Resources & Links
NIST Cybersecurity Framework 2.0
Financial Services CRI Profile
CIS Controls
Upstreme
Connect with Tom
For years, ACET has been the standard tool for cybersecurity self-assessments, but with its foundation—the FFIEC’s Cybersecurity Assessment Tool (CAT)—now officially sunset, credit unions must prepare for what comes next.
What We Cover
ACET’s Rise and Sunset: Why the tool was created, its limitations, and why regulators are moving away from it.
Alternative Frameworks: Deep dive into the top three contenders—NIST CSF 2.0, the CRI Profile, and the CIS Controls—and what each offer.
Credit Union Realities: Challenges for smaller institutions, including ISE framework considerations, resource constraints, and scaling expectations.
Transition Strategies: Practical advice on mapping from ACET to modern frameworks, avoiding common mistakes, and creating a smooth shift.
Bigger Picture: How technologies like AI and Zero Trust Architecture are reshaping InfoSec, and why now is the perfect moment for credit unions to reframe cyber risk conversations with boards and leadership.
Risk & Governance: Connecting frameworks to enterprise risk management, risk appetite, and governance functions—ensuring cyber strategy aligns with organizational strategy.
Key Quotes
“All frameworks are wrong. Some of them are just more useful than others.” – Tom Costello
“The biggest mistake is doing nothing and sticking with ACET.” – Tom Costello
Resources & Links
NIST Cybersecurity Framework 2.0
Financial Services CRI Profile
CIS Controls
Upstreme
Connect with Tom
More episodes of the podcast ByteWise
S2E17 ByteWise: Unplugged
19/08/2025
S2E11 Executive Debt - Part 2
27/05/2025
S2E10 Executive Debt - Part 1
12/05/2025
S2E9 Did you test that?
29/04/2025
In God we trust