Cash in the Cyber Sheets: Making Money From Being Secure & Compliant

James Bowers II

Shattering the myth that security and compliance are just necessary evils and profit-sucking business bottlenecks, “Cash in the Cyber Sheets” reveals how they’re actually launchpads for profit and how they lay the groundwork for golden opportunities. Dive between the spreadsheets with James Bowers II, CEO of Input Output each week as he unzips the secrets of turning obligatory fine print and security management into financial foreplay. It's time to make security, compliance, and risk management your business bedrock – turning them into strategic assets that aren't just about avoiding risks, but about creating value, sharpening your operations, and yes, padding your pockets.

  1. 5D AGO

    #70: Top 5 Reasons SPF, DKIM, and DMARC Fail

    Cash in the Cyber Sheets is where small and midsize business owners finally get the straight talk on cybersecurity without the jargon, the scare tactics, or the thousand-page compliance manuals. Each week, we pull back the curtain on the hidden forces that make or break your business online, from email deliverability to data protection, and give you simple, actionable steps you can use right now. Email is still the front door of every business and attackers know it. Spoofing, phishing, and spam aren’t just annoyances, they’re direct threats to your sales pipeline, your customer relationships, and your reputation. That’s why we spend time breaking down the three most important email authentication protocols you need to understand: SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance). But here’s the thing: setting them up once isn’t enough. Every week, we see small businesses losing revenue because of common mistakes, missing DNS records, too many SPF lookups, expired DKIM keys, or misaligned domains that silently break authentication. In our episodes, we don’t just explain what SPF, DKIM, and DMARC are, we explain why they fail, how to spot the problems early, and what you can do to fix them before they wreck your deliverability. We keep it practical, with clear analogies and business-owner-friendly examples: SPF is your guest list, DKIM is your digital wax seal, and DMARC is your rulebook that ties them together. Whether you’re sending invoices, running email campaigns, or just trying to keep phishing out of your client inboxes, these protocols matter and we make them simple. 👉 Want to check if your setup is solid? Use our free tools: SPF Record Check: https://www.inputoutput.com/email-spf-record-check  DKIM Record Check: https://www.inputoutput.com/dkim-checker  DMARC Check: https://www.inputoutput.com/email-audit  👉 Ready to go further? Get started with iO™ ClickSafe™ eMail today: https://www.inputoutput.com/offers/3pzaLMep/checkout  If you’re tired of losing deals to spam folders, if you’re done with spoofers damaging your brand, and if you want cybersecurity advice that speaks your language, subscribe now. It’s time to protect your inbox, boost your deliverability, and cash in the cyber sheets.

    17 min

  2. SEP 18

    #69: SPF, DKIM & DMARC Explained for Small Business

    Have you ever sent an important business email and wondered if it actually made it to your client’s inbox? Or worse, discovered later that your emails were quietly landing in spam? You’re not alone. Every day, small and mid-sized businesses lose money, opportunities, and credibility because of one simple issue: email authentication. In this episode of Cash in the Cyber Sheets, we’re breaking down the three most important protocols you need to know: SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance). Don’t worry, we’ll cut through the jargon and explain these in plain English so you can finally understand what they do, why they matter, and how to check if your domain is set up correctly. Here’s what we cover in this 15-minute crash course: What email authentication is and why it’s essential for inbox deliverability. How SPF works like a “guest list” for your email servers. How DKIM acts like a digital wax seal to prevent tampering. How DMARC enforces the rules and protects your brand from spoofing. The top three mistakes SMBs make when setting these up. Quick wins you can use to improve deliverability immediately.   👉 Want to see if your email domain is properly set up? Check out our free tools and resources: Tool: SPF Record Checker  Tool: DKIM Checker  Blog: How to Setup DMARC (Blog Guide)  Blog: How to Setup Multiple SPF Includes for Your Domain For deeper help, grab a free Email Audit  and discover if your emails are actually reaching inboxes. If you’ve been struggling with deliverability (emails going to spam, bouncing, or disappearing) this episode is for you. By the end, you’ll understand how SPF, DKIM, and DMARC work together, what happens when they’re missing, and how to take the first steps toward securing your domain. Cybersecurity doesn’t have to be complicated. Sometimes, it’s just about learning how to spell out the acronyms that keep your business safe. So sit back, grab a coffee, and let’s unlock the secrets behind the protocols running quietly in the background of every email you send. 🎧 Listen now and take control of your email deliverability.

    18 min

  3. SEP 11

    #68: Cash in the Cyber Sheets - AI Policy Development

    Welcome to Cash in the Cyber Sheets, a channel dedicated to helping organizations understand and strengthen their information security programs. Hosted by James from Input Output, we provide practical insights into policies, compliance, risk management, and the real-world challenges of securing technology in business environments. Artificial intelligence is transforming how companies operate, but it also introduces new risks that must be managed responsibly. This channel highlights the importance of structured policies and controls that address both the opportunities and threats posed by AI. Recent episodes focus on the development of an improved AI policy, shaped by input from multiple organizations, subject matter experts, an advisor to the FBI, the ISO 42001 standard, and penetration testing exercises. The result is a set of proposed controls that organizations can adapt and implement within their security frameworks. These include: AI Usage and Risk Management Establish practices to ensure AI is used securely, ethically, and in compliance with regulations. Acceptable AI Use Define and communicate policies outlining what employees can and cannot do when using AI systems. Personal Account Restrictions Prohibit the use of non-corporate AI accounts to protect organizational information from being disclosed or retained outside approved environments. Protection Against Exploitation Implement safeguards against prompt injection and malicious manipulation that could compromise data integrity or confidentiality. Data Retention and Deletion Define rules for storing and deleting data processed by AI, ensuring compliance with regulatory and contractual requirements. Legal Discovery Considerations Incorporate AI into legal discovery processes to support data preservation, retrieval, and production when required. Training Restrictions Prevent organizational data from being used to train or fine-tune AI models without explicit approval and safeguards. Role-Based Access Controls Enforce access restrictions so employees and AI systems only process the minimum information necessary. The goal of this channel is to make cybersecurity policy and compliance actionable for businesses of all sizes. Whether you manage IT, own a business, or oversee compliance, you will find guidance here to strengthen your security posture and align with modern risks. If your organization needs assistance developing or improving its policies, visit Input Output to learn how we can help.

    17 min

  4. SEP 4

    #67: Cash in the Cyber Sheets - SPF Blunders

    Welcome to Cash in the Cyber Sheets, the podcast where we cut through the noise of cybersecurity and talk about the things that actually hit your business where it hurts — your bottom line. In this episode, we dive into one of the most deceptively simple yet frequently botched pieces of email security: your SPF record. On paper, Sender Policy Framework (SPF) sounds easy enough. You publish a DNS record that tells the world which servers are allowed to send emails on behalf of your domain. Done, right? Not so fast. In practice, most organizations end up with SPF records that resemble Frankenstein’s monster — stitched together with copy-paste errors, forgotten senders, and design flaws that guarantee your emails will be banished to spam folders. Here’s what we cover in today’s episode: The Human Factor — typos and copy-paste disasters that silently break authentication. Forgetting Key Sending Sources — from CRMs to marketing platforms, the usual suspects people leave out. Bad SPF Design Choices — multiple SPF records, exceeding the 10-lookup limit, and the cardinal sin of using “+all.” Maintenance Failures — when vendors update their infrastructure but you don’t update your record. Misunderstanding SPF Behavior — the myths around “From” headers, forwarding, and DMARC’s magical powers. If you’re thinking, “Uh oh, that sounds like my setup,” you’re not alone. Nine out of ten businesses have email authentication issues that cost them leads, clients, and credibility. The good news is that these problems are fixable once you know where to look. We’ve put together some resources to help you clean this up before your next marketing campaign dies in the spam folder: How to Improve Email Deliverability  Setting Up Multiple SPF Includes Without Breaking Everything  If you want to check your current email setup right now, run it through our free ClickSafe Email Checker . It will show you exactly what’s working, what’s broken, and where you’re most vulnerable. And if you’re ready to take control of your email security and deliverability once and for all, explore our ClickSafe Email Tool . It’s built to keep your messages out of the spam folder and in front of your clients, where they belong. Because in the world of cybersecurity, protecting your inbox isn’t just about security — it’s about making sure your business actually gets paid.

    16 min

  5. AUG 21

    #66: InfoSec Program Pillars | Plan, Do, Check, Act

    In this shorter solo episode of Cash in the Cyber Sheets, James breaks down the four core structures often referred to as the Plan Do Check Act cycle that serve as the foundation of a successful information security program. While “pillars of security” might sound like something only a compliance consultant would get excited about (guilty as charged), the reality is these four steps are what keep your program from feeling like an endless game of whack a mole. We explore what it means to PLAN your program with intention, DO the actual work of implementation, CHECK to ensure controls are functioning as expected, and ACT on findings to continuously improve. This simple cycle is more than a framework. It is a way to create rhythm and repeatability so your security program does not collapse under the weight of its own policies. James also shares why approaching your program through the PDCA lens makes managing security not only easier but more strategic. If you are pursuing a certification such as ISO 27001 or PCI DSS or trying to align with frameworks like NIST or the FTC Safeguards Rule, applying this cycle ensures you are in a strong position when the auditors come knocking. Even if you are not certification bound, PDCA gives you clarity. It helps you understand where you stand today, where you are falling short, and how to fix it without wasting resources. By the end of this episode, you will walk away with a clearer picture of how to implement, manage, and review your security program in a way that feels less like chaos and more like controlled progress. Whether you are a business owner wearing the accidental CISO hat or an IT lead trying to get leadership buy in, these four pillars can help you build confidence, streamline your efforts, and stay ahead of both threats and compliance headaches. So grab your coffee (or something stronger,... no judgment) and join James for a practical, no fluff breakdown of why PDCA should be your new best friend in cybersecurity.

    14 min

  6. AUG 14

    #65: The Hidden Dangers of Personal AI in the Workplace

    Artificial Intelligence is everywhere — from helping us write emails faster to predicting our next snack craving. But when it comes to workplace security and compliance, “everywhere” isn’t always a good thing. In Episode 65 of Cash in the Cyber Sheets, we pull back the curtain on a growing problem we’ve been seeing during audits and with multiple clients: employees using their own personal AI accounts for business purposes. On the surface, it might seem harmless — after all, they’re just asking a chatbot to draft a report or summarize meeting notes. But when that “help” comes from an account outside company control, you’re stepping onto a compliance landmine. Personal AI usage can easily trigger: Compliance Violations — Think FTC Safeguards Rule, HIPAA, GDPR, CCPA… pick your acronym. Data Incidents — Sensitive client data could slip into the training pool of a third-party AI without your consent. Contractual Breaches — Your agreements with clients, partners, and suppliers often forbid sharing certain information outside approved channels. Reputation Damage — One careless AI query can make your company look reckless, untrustworthy, or even incompetent. We’ll explore the real-world risks, how they manifest during audits, and the subtle ways this behavior undermines your organization’s compliance posture. We’ll also talk about what these incidents cost — not just in potential fines or legal action, but in the long-term erosion of trust with your stakeholders and the market at large. You’ll walk away with practical insights on: Spotting the warning signs of unapproved AI use in your organization. Implementing policies to control and monitor AI usage without stifling productivity. Educating employees on why “just using my personal account this one time” can be a very expensive mistake. Whether you’re a business owner, IT leader, compliance manager, or just someone curious about how AI can go from futuristic helper to security nightmare, this episode is for you.

    17 min

  7. AUG 7

    #64: Writing Security Policies That Work for Business

    So you've got frameworks, regulatory requirements, client expectations, and a million checkboxes to tick... but how do you actually write policies that make sense, get followed, and don’t make your staff cry? That’s exactly what we’re tackling in this solo episode of Cash in the Cyber Sheets. In this episode, James pulls back the curtain on one of the most common pain points organizations face—translating a mess of compliance obligations into clear, useful, and auditable information security policies. You’ll hear about: The disconnect between frameworks and real-world implementation How to stop chasing “perfect” policies and focus on practical ones The simple method we use at Input Output to create policy sets that are easy to build, communicate, implement, and audit Whether you're working with NIST, ISO, CMMC, HIPAA, GLBA/FTC Safeguards Rule, or a Frankenstein mix of frameworks, James walks you through a refreshingly human (and slightly irreverent) approach to solving your policy puzzle. You’ll hear how we bridge the gap between checkbox compliance and operational reality—with strategies that even non-technical stakeholders can wrap their heads around. You’ll also get a glimpse of how this approach supports ongoing audits, internal reviews, and policy updates without starting from scratch every time someone sneezes near a new regulation. So if you’ve ever stared at a blank “Acceptable Use Policy” and wondered where to start—or if you’ve inherited a pile of legacy policies that are 18 pages too long and 5 years out of date—this one’s for you. 🧠 Practical. 🔐 Secure. 📝 Scalable. Tune in and learn how to write policies that work for your business, not just the auditor.

    16 min

  8. JUL 31

    #63: Lockouts, Cold Storage Fails & Upgrade Pitfalls

    Ever had that heart-stopping moment when you can’t get into your password manager? In this episode of Cash in the Cyber Sheets, we’re back with Bryan Barnhart from Infiltration Labs to talk about exactly that—because it almost happened to both of us. We unpack the nightmare scenario of getting locked out of your own encrypted vault, the ripple effects it can have on your digital life, and why your carefully planned “secure” setup may not be as resilient as you think. From there, we dive into multi-factor authentication (MFA) alternatives—specifically YubiKeys and other hardware tokens—and how they compare to traditional app-based MFA. Spoiler: physical keys can save you, but they also introduce new risks you might not have considered. We also dig into the messy world of cold storage for encryption keys. On paper, it sounds like the ultimate security solution. In reality, it can leave you stranded if anything goes wrong—lost keys, corrupted backups, or just simple human error. But that’s not all. We vent about planned obsolescence—how updates and “improvements” often make devices and software slower, harder to use, and more time-consuming to manage. As tech professionals, we’re spending more and more hours on “basic upkeep” just to keep systems functional. Are these changes truly for security, or are they just making our lives harder? Finally, we ask a question for the audience: Can you think of a single software or system update that’s genuinely made your life easier? Or are we all just stuck in the endless cycle of patching, troubleshooting, and relearning? If you’ve ever: Forgotten a password and sweated bullets, Questioned if your MFA setup is enough, Wondered why your “upgraded” laptop runs slower than your old one… …this episode is for you. It’s equal parts cautionary tale, therapy session, and practical advice on how to avoid digital self-sabotage.

    39 min
See All (70)

About

Shattering the myth that security and compliance are just necessary evils and profit-sucking business bottlenecks, “Cash in the Cyber Sheets” reveals how they’re actually launchpads for profit and how they lay the groundwork for golden opportunities. Dive between the spreadsheets with James Bowers II, CEO of Input Output each week as he unzips the secrets of turning obligatory fine print and security management into financial foreplay. It's time to make security, compliance, and risk management your business bedrock – turning them into strategic assets that aren't just about avoiding risks, but about creating value, sharpening your operations, and yes, padding your pockets.

Information