The Cyber Mettle Podcast with Alyson & Omar

The Cyber Mettle Podcast with Alyson & Omar
  • 5.0 (1)
  • TECHNOLOGY

The Cyber Mettle Podcast makes technology, and its impact on real life, understandable. In a world where technology shapes how we work, communicate, govern, and make decisions, this podcast explores how technology, business, law, resilience, and the human experience intersect in practice, not just in theory. Hosted by experienced professionals with backgrounds spanning technology, law, business, and risk, The Cyber Mettle Podcast focuses on helping listeners make sense of complexity without dumbing it down. We talk about: Technology and innovation in everyday life and work Cybersecurity, privacy, and data without the jargon Business decisions shaped by regulation and risk Leadership, accountability, and resilience in moments of change or crisis The human behaviors and incentives behind technical and legal outcomes This isn’t a podcast about gadgets or headlines. It’s about how technology actually shows up in people’s lives and organizations, and what that means for the choices we make. Why “Cyber Mettle”? Because modern challenges don’t just test systems — they test judgment, adaptability, and character. Cyber mettle is the ability to respond thoughtfully when technology, policy, and human behavior collide. Who This Podcast Is For The Cyber Mettle Podcast is for curious, thoughtful listeners who want to understand the world they’re operating in: Business leaders and professionals Legal, compliance, and technology practitioners Founders, operators, and advisors Anyone navigating work, leadership, or decision-making in a tech-shaped world You don’t need to be technical, just interested in how things really work. What Makes This Podcast Different Accessible conversations grounded in real experience Cross-disciplinary perspectives without silos No fear-mongering, no hype, no unnecessary jargon Respect for nuance, context, and human impact We connect dots others treat in isolation. Release Schedule 🎙️ New full episodes every other Tuesday 🎧 Available on Podbean and all major podcast platforms and YouTube Subscribe to The Cyber Mettle Podcast for conversations that help you better understand technology’s role in modern life and your place within it. Keywords: Technology podcast, cybersecurity podcast, business and technology, law and technology, digital resilience, human factors, leadership, risk and decision-making, privacy, innovation, tech and society, business succession planning, sexploitation, data privacy To learn more about our hosts, visit their LinkedIn profiles at: Dr. Omar Sangurima: https://www.linkedin.com/in/dromars/ Alyson M. Laderman, Esq.: https://www.linkedin.com/in/alysonladerman/

Episodes

  1. 5D AGO

    COSO ERM Explained for CISOs | Enterprise Risk Management for Cyber Leaders (AICPA Review) S1E12

    In this Cert Corner episode, Omar Sangurima reviews the COSO Enterprise Risk Management (ERM) certificate offered through the AICPA. As cybersecurity professionals increasingly present to boards and executive leadership, understanding enterprise risk becomes critical. Omar shares his candid experience with the course structure, exam difficulty, cost, and practical value — and reflects on how ERM reframes risk as part of business strategy and performance. Alyson Laderman adds insight into how certification exams are built and why question clarity matters. A practical conversation for CISOs, aspiring CISOs, and cyber leaders looking to bridge the business-risk gap. CHAPTERS: 00:00 – Welcome to Cert Corner 00:37 – Why COSO ERM? 02:55 – Don’t trust — verify: AI research and due diligence 04:27 – Cyber risk vs. enterprise risk language 05:39 – Are murky exam questions intentional? 06:01 – How certification exams are made (behind the scenes) 12:21 – Who should take COSO ERM? 15:30 – Exam cost breakdown (member vs. non-member) 18:35 – Course structure and prep time 20:53 – Final exam format (open book, timed) 21:50 – COSO ERM framework overview (5 domains, 20 principles) 24:09 – Section exams vs. final exam experience 28:54 – COSO vs. COBIT comparison 29:47 – Certificate vs. certification (CPE requirements) 31:19 – Translating cyber into business language 33:20 – Measuring ROI over time 35:29 – Lessons learned (and don’t cram during a snowstorm)     📌 About COSO ERM The COSO Enterprise Risk Management framework integrates risk management into strategy and performance. Unlike cyber-focused frameworks (e.g., COBIT), ERM emphasizes enterprise-wide governance, business objectives, and organizational performance. 🎙 About The Cyber Mettle Podcast Where law, business, and cybersecurity intersect. Practical conversations for professionals navigating risk, governance, leadership, and resilience.   #CyberMettle #COSO #EnterpriseRiskManagement #ERM #CISO #CyberLeadership #BoardReporting #RiskManagement #Governance #CyberStrategy #AICPA #CertCorner

    36 min

  2. FEB 13

    GRC Isn’t a Checkbox: Dr. Mike Brass on AI Governance, Risk & the Three Lines of Defense S1E11

    GRC isn’t about checklists. It’s about structure, accountability, and human behavior. In this episode of The Cyber Mettle Podcast, Dr. Mike Brass — Head of Governance, Risk & Compliance and Enterprise Security Architecture at National Highways (UK) — joins Dr. Omar Sangurima and Alyson Laderman, Esq. for a deep dive into: • Why cybersecurity is fundamentally about human behavior • The evolution (and misuse) of “GRC engineering” • AI governance beyond the hype • The three lines of defense model and why it still matters • Why automation ≠ strategy • How apprenticeship models are reshaping cyber talent pipelines Dr. Brass brings a rare interdisciplinary lens — from archaeology and anthropology to global IT leadership — explaining why governance must be holistic, structured, and aligned to business outcomes. If your organization is being told AI can replace GRC… this conversation is for you. 🔎 What We Cover: Why GRC is a second-line-of-defense function — not a checkbox The difference between automation and governance Why AI controls must extend existing frameworks — not bypass them The role of Enterprise Security Architecture (ESA) Apprenticeships vs. “mythical unicorn” hiring CAF, ISO 42001, NIST AI RMF, CSA guidance Aligning security to business mission Why governance is about asking “why” — not just “how” 📘 Featured Book Governance, Risk and Compliance Dr. Mike Brass Published by CRC Press (Taylor & Francis) ⚠️ Standard Podcast Disclaimer Though Dr. Brass and Dr. Sangurima are cybersecurity experts, and Alyson Laderman is an attorney, this podcast does not provide legal advice or specific cybersecurity consulting guidance. We share lived experience to help you think critically and make informed decisions. ⏱️ Chapters 00:00 – Omar’s “Fanboy” Moment & Intro 00:34 – Podcast Disclaimer 01:26 – Dr. Mike Brass Background (Archaeology → Cybersecurity) 03:46 – The Moment That Changed His View of Cybersecurity 07:12 – Human Behavior as the Core of Security 10:43 – Apprenticeships vs. Traditional Entry Paths 14:54 – UK Cyber Apprenticeship Model Explained 20:35 – Why Diversity of Thought Matters in Security 22:48 – What GRC Actually Does (Second Line of Defense) 28:47 – The “GRC Engineering” Debate 32:54 – AI Marketing vs. AI Reality 37:36 – AI Governance Frameworks (ISO 42001, NIST, CSA, ISACA) 44:40 – Aligning Controls to Business Outcomes 51:52 – AI, Supply Chain & Hidden Risk 56:59 – Enterprise Security Architecture’s Role 59:30 – Final Advice for Business Leaders 1:01:07 – Book Mention & Where to Find It 1:01:31 – Closing Thoughts   #CyberSecurity #GRC #AIGovernance #RiskManagement #InfoSec #ThreeLinesOfDefense #CyberLeadership #Governance #EnterpriseSecurity #CyberMettle 🔑 Keywords Dr Mike Brass interview, GRC explained, governance risk compliance podcast, AI governance framework, ISO 42001 overview, NIST AI RMF, CAF framework UK, three lines of defense cybersecurity, enterprise security architecture, cybersecurity apprenticeships UK, automation vs governance, AI risk management, cyber leadership strategy

    1h 2m

  3. JAN 27

    Small Business Cybersecurity Made Practical (NIST CSF 2.0 + Quick Start Guide) | Daniel Eliot S1E10

    Small businesses aren’t “too small” for cybercrime; they’re often the easiest target. NIST’s Daniel Eliot breaks down free, practical on-ramps to CSF 2.0, starting with MFA. In this episode, Omar Sangurima and Alyson Laderman are joined by Daniel Eliot (NIST), who leads small business engagement in NIST’s Applied Cybersecurity Division. Together, they unpack what small businesses actually need to do to reduce risk without getting overwhelmed. You’ll learn: Why “we’re too small to be targeted” is a logical fallacy (wide-net attacks don’t discriminate) Why cybersecurity is becoming a competitive advantage (customers + supply chain expectations) The real value of inventory + crown jewels thinking (“what breaks the business if we lose access?”) How CSF 2.0 evolved into a framework for organizations of all sizes and sectors Daniel’s “magic wand” first step: enable multi-factor authentication (MFA) The NIST Small Business Cybersecurity Corner (70+ free resources) and how resources are selected How to give feedback to NIST: csf@nist.gov and public comment periods A newer resource: Building Out Your Small Business Cybersecurity Team (MSP/MSSP, upskilling, universities, nonprofits) Resources mentioned (as stated in the episode): NIST Small Business Cybersecurity Corner: nist.gov/itl/smallbusinesscyber CSF feedback email: csf@nist.gov (Referenced) OLIR / Informative References database (Daniel calls it “O-L-I-R”)   Chapters: 0:00 — Welcome + show disclaimer 1:25 — Meet Daniel Eliot (NIST): small business engagement 3:20 — Why NIST built small business resources (2014 + 2018 Acts) 4:56 — Where to find the “Small Business Cybersecurity Corner” 6:39 — “We’re too small” is a myth: why small businesses are targets 8:39 — Cybersecurity as a competitive advantage (customers + supply chain) 10:58 — Inventory & “crown jewels”: what happens if you lose access? 12:16 — Vendor/supplier incidents: resilience beyond your own systems 16:06 — CSF 2.0: why it’s now for all sectors (not just critical infrastructure) 18:03 — Magic wand advice: enable MFA 20:13 — Small Business CSF 2.0 Quick Start Guide (how it was built) 24:42 — How to give NIST feedback (email + public comment) 27:30 — Will CSF 3.0 happen soon? what might drive versioning 35:50 — OLIR: mapping CSF to other standards (crosswalk support) 44:41 — New resource: “Building Out Your Small Business Cybersecurity Team” 49:00 — Closing: Keep It Cyber Mettle! #CyberMettlePodcast #NIST #CybersecurityFramework #CSF2 #SmallBusinessCybersecurity #MFA #CyberResilience #VendorRisk #SupplyChainSecurity #GRC #Cybersecurity   Keywords: NIST small business cybersecurity, NIST CSF 2.0, cybersecurity framework 2.0, small business cyber resilience, multi factor authentication small business, NIST quick start guide, supply chain cybersecurity, vendor risk management, cybersecurity for SMBs, NIST cybersecurity resources, small business ransomware preparedness, cybersecurity inventory crown jewels, NIST OLIR informative references

    45 min

  4. JAN 20

    Tough Conversations: How Online Grooming Actually Starts (Games, Chats, “Harmless” Apps) S1E9

    Online exploitation doesn’t look the way most people expect.   In this episode of The Cyber Mettle Podcast, hosts Omar Sangurima and Alyson Laderman are joined by cybersecurity professional and parent Jessica Weiland to unpack how online grooming, sextortion, and digital exploitation actually begin, often through games, chat features, and apps children and teens use every day.   Rather than focusing on fear, this conversation focuses on awareness, trust, and practical guidance. The panel explains how manipulation typically escalates gradually, why kids don’t always recognize danger in digital spaces, and how silence and shame increase harm.   Topics discussed include: How online grooming starts inside gaming platforms and chat tools Why children don’t perceive avatars as real people Sextortion scams targeting teens and young adults AI-generated images, permanence of online content, and consent App permissions, privacy erosion, and becoming “the product” Social-engineering tactics that affect both kids and adults How parents can have age-appropriate, non-shaming conversations Why pausing under emotional pressure is a critical digital safety skill This episode is designed for parents, guardians, educators, and anyone responsible for helping young people navigate digital environments safely. Listener discretion advised. If this conversation resonates, please follow, rate, and share the episode to help more families start these conversations earlier. Chapters: 00:00 — Intro: Why this is a “special episode” 01:20 — Welcome + guest setup (Jessica Weiland) 01:44 — Disclaimer + topic framing: sexploitation online / kids + connected toys 03:17 — Jessica intro: cybersecurity + parenting + how this evolved from AIM to today 05:08 — How gaming changed: from closed games to always-on social interaction 06:50 — Start early: why digital safety conversations begin around age 5–6 08:56 — “Stranger danger” online: Minecraft example + circle of trust 10:03 — Kids don’t see “people” behind avatars 12:10 — How manipulation starts: harmless questions → personal details (doxing parallels) 14:07 — What to share online: social media, “private” apps, screenshots, permanence 16:14 — “Trust no one until you can verify” (practical boundary-setting for kids) 18:55 — AI + image manipulation: why “the internet is forever” is even harder now 19:16 — The rule: if you feel unsure, end the conversation and tell a trusted adult 20:12 — Consent framing: body + information + boundaries 23:30 — Permanence: why consent becomes “effectively permanent” once shared online 25:00 — Platforms + incentives: why takedowns don’t fix what spreads 27:25 — App permissions: why games ask for camera/photos/contacts (and what that means) 29:23 — Real-world sextortion scam example: dating app → fake “underage” claim → extortion 32:57 — “People don’t rise to panic…”: why training/conversations matter before crisis 33:48 — Pause under pressure: emotional triggers are the attacker’s advantage 35:35 — Suicide risk + why shame/silence make outcomes worse 36:33 — Social engineering lens: this impacts adults too (and that’s the point) 41:09 — Call to action: share what’s worked for your family (comments) 44:52 — Monitoring and parental controls: transparency + teachable moments 47:06 — Tools + being present: approvals, room supervision, and explaining what’s “not normal” 49:21 — Additional risk area: tech misuse in domestic violence / coercive control contexts 50:38 — Final takeaways: curiosity, verification, and asking “why does this need Wi-Fi?” 52:53 — Close: meet kids where they are + verify identities + wrap up

    1h 2m

  5. JAN 13 · BONUS

    Cert Corner: Shared Assessments CTPRA - What’s on the Exam + Is It Worth It? S1E8

    Thinking about the Shared Assessments CTPRA certificate? Omar breaks down what’s actually tested, including SIG, standardized control assessments, and risk tiering, plus what surprised him. Also: proctoring, time management, pricing, and who this cert is really for. Welcome to the first episode of Cert Corner, a new Cyber Mettle segment where Omar shares practical, experience-based breakdowns of security and risk certifications. In this episode, Omar walks through his recent experience taking the Shared Assessments Certified Third-Party Risk Assessor (CTPRA) exam—what the content focuses on, what the exam style feels like, and what you should realistically expect if you’re considering it. Topics include: The CTPRA vs. CTPRP (assessor vs. practitioner/architect perspective) Why Shared Assessments emphasizes the SIG (Standard Information Gathering questionnaire) The role of SCA (Standardized Control Assessment) and evidence-based validation Risk tiering and how to defend tiering logic to business stakeholders Exam logistics: 120 questions / 3 hours, proctoring experience, and pacing Price/value considerations (including when it’s worth self-paying vs. employer-sponsored) Prep course notes and what made the training effective Questions about CTPRA or CTPRP? Drop them in the comments.

    31 min

  6. JAN 6

    The Cyber Pipeline Myth: Why Entry-Level Cyber Jobs Are Broken | Jennifer Cutler-Scotti S1E7

    Is there really a cybersecurity talent shortage, or are we defining “entry-level” wrong? Jennifer Cutler-Scotti joins The Cyber Mettle Podcast to challenge the pipeline myth, explain how experiential learning fills real gaps, and outline what industry, academia, and government must do together to prepare the next generation of cyber professionals. CHAPTERS  00:00 – Introduction & guest overview 01:13 – Welcome to the Cyber Mettle Podcast 02:58 – Jennifer Cutler-Scotti’s background and role at Texas A&M 05:05 – “What do you want to be when you grow up?” framing cyber careers 06:34 – People roles vs technical roles in cybersecurity 08:25 – Why communication skills matter even for technical roles 09:09 – Experiential learning and the “other education” at Texas A&M 10:27 – Student clubs, certifications, and peer-led training 11:21 – Internships, apprenticeships, and hands-on exposure 12:38 – The entry-level job problem: 2–3 years required 14:26 – Translating unpaid experience into resume value 16:37 – Why career fairs don’t solve the problem 18:28 – Industry engagement beyond recruiting 20:14 – Where the disconnect between industry and academia happens 24:00 – Are entry-level cyber roles disappearing? 26:08 – Cyber readiness, cost barriers, and small businesses 27:43 – Real-world student cybersecurity assessments 31:03 – Risk prioritization, budget realities, and human behavior 33:52 – Why textbooks can’t keep up with cyber reality 40:37 – Why cybersecurity education must start earlier 42:35 – Teaching security before systems are built 45:58 – The future of cyber, AI, and data science careers 49:55 – Industry, academia, and government alignment gaps 54:16 – Training, retention, and investing in people 56:36 – Final reflections and call to engage students

    1 hr

  7. 12/23/2025

    Tough Conversations: Lawyers as Homies -- Why Lawyers Aren’t Your Enemy (Cyber, Business & Reality Checks) S1E6

    Lawyers often get called when everything has already gone wrong. In this episode of The Cyber Mettle Podcast, Omar Sangurima and Alyson Laderman explain why that mindset is backwards. Drawing on decades of legal and cybersecurity experience, they unpack why lawyers aren’t your enemy, why prevention matters more than cleanup, and why legal professionals and cyber teams think far more alike than most people realize. This is an honest, practical conversation about trust, risk, and why having the right experts on your side early can change everything. CHAPTERS  00:00 – Welcome to The Cyber Mettle Podcast 02:30 – Why lawyers have such a bad reputation 04:20 – Lawyers as bearers of bad news 06:00 – Media portrayals and the “villain lawyer” trope 08:00 – Why prevention is cheaper than litigation 11:00 – Lawyers, cyber professionals, and shared thinking models 14:30 – Personal stories: business, contracts, and buying a home 17:00 – Specialization in law, medicine, and cybersecurity 20:00 – Choosing the right lawyer for the right job 23:30 – Courtroom experience and real-world nuance 27:00 – Why lawyers are trained to learn anything quickly 30:00 – The danger of lying to your lawyer 33:00 – AI, ChatGPT, and legal reality checks 36:00 – Instant gratification vs real legal thinking 39:00 – Emotional weight and responsibility of legal work 42:00 – Lawyers as allies, not friends-for-hire 45:00 – Gray areas, judgment, and real-world decision-making 49:00 – Final thoughts: why lawyers belong on your team Be sure to subscribe, so that you don't miss the latest episodes of The Cyber Mettle Podcast.

    51 min

  8. 12/16/2025

    AI Isn’t “Set It and Forget It”: Model Drift, Governance, and the Real Risks Leaders Miss with Guest Aby Rao S1E5

    AI doesn’t usually fail loudly. It drifts — quietly, gradually, and often invisibly. In this episode of The Cyber Mettle Podcast, Alyson Laderman and Dr. Omar Sangurima are joined by cybersecurity and AI security leader Aby Rao to unpack the risks organizations overlook when they treat AI as a one-time implementation instead of a living system. The conversation moves beyond hype to explore why AI requires continuous governance, how model drift undermines business goals, and why “responsible AI” often lacks clear ownership inside organizations. The panel also tackles shadow AI, data leakage risks, and what small and mid-sized businesses can realistically do without enterprise-level tooling. The episode closes with a forward-looking discussion on where AI adoption is headed in 2026, including why GenAI will become table stakes, where agentic AI has limits, and why AGI remains the true wildcard. This is a practical, leadership-focused discussion for executives, security professionals, legal teams, and anyone responsible for deploying AI in real organizations, not just talking about it. Chapters / Timestamps 00:00 – Introduction & Episode Focus Why AI maintenance, not novelty, is the real leadership challenge   01:00 – Aby Rao’s Background in Cybersecurity & AI From IAM and cloud security to AI risk and governance   02:10 – AI Doesn’t Break — It Drifts Why model drift is more dangerous than outright failure   04:00 – “Set It and Forget It” Is a Myth Why AI requires continuous operations, not one-time installs   05:00 – Measuring Success: Goals, KPIs, and Drift Indicators How organizations should track whether AI is still doing what it was designed to do   07:00 – Governance, Audits, and Independent Oversight Why AI ecosystems need external perspectives—not just builders   08:30 – Responsible AI: Everyone’s Job, No One’s Owner The accountability gap holding organizations back   10:30 – Ethics, Incentives, and the Missing Role of AI Ownership Why “responsible AI” struggles without clear leadership   12:00 – Regulation, Liability, and Why Case Law Will Matter How accountability will likely be enforced before legislation catches up   14:00 – Healthcare, Bioethics, and Where AI Ethics Already Exists Why some industries are ahead of others on ethical guardrails   15:30 – Frameworks vs. Reality Why NIST AI RMF helps—but isn’t enough on its own   16:00 – Start With Business Goals, Not Technology Why buying AI first and figuring out value later is risky   18:00 – AI Isn’t New—We’ve Been Automating for Years Reframing AI as evolution, not revolution   20:00 – Shadow AI and Data Leakage Risks How employees quietly introduce risk using unsanctioned tools   21:30 – AI DLP and Monitoring Without Policing How organizations can detect misuse without killing productivity   23:30 – Practical Advice for Small Businesses Affordable steps: training, secure browsers, and awareness   25:30 – AI in 2026: What Changes and What Doesn’t GenAI as table stakes, agentic AI’s ceiling, and AGI’s potential impact   28:30 – What Aby Is Watching Next Tracking AI maturity, leadership ownership, and real-world execution   29:30 – Closing & Where to Find More from Aby Rao

    30 min

  9. 12/02/2025

    AI Security Essentials: Shadow AI, Data Risks & What Businesses MUST Know - The Cyber Mettle S1E4

    AI is everywhere — in your inbox, your office tools, your phone, and probably in places your business never approved.   In this episode, Alyson and Omar break down what AI really does behind the scenes, how “shadow AI” sneaks into organizations, and the red-flag risks business leaders must understand before adopting any AI technology.   Omar and Alyson dig into:  Why tools like Gmail, Google Workspace, LinkedIn, and meeting transcription bots are training on your data by default What “shadow AI” actually means and why it can quietly put your organization at risk Real examples of data exposure, privacy breakdowns, and AI systems behaving badly The business and legal dangers of using AI-generated contracts, customer service tools, or code A practical checklist to evaluate ANY AI vendor before you deploy them inside your company How mis-trained or garbage-in-garbage-out models can cause catastrophic business mistakes Why your vendors’ use of AI directly becomes your risk The future: data governance, transparency, and the uncomfortable imbalance of power between tech giants and consumers This episode blends expertise, humor, and blunt honesty; it's a human conversation about a technology that affects every business decision today. 👉 If this episode helps you, please like, subscribe, and share. Sharing really fuels our mission to make cybersecurity more human, accessible, and resilient. Chapters: 00:00 – Intro & disclaimers 02:30 – Why tough conversations matter 03:30 – What is Shadow AI? 04:30 – Unmonitored AI and business risk 05:00 – Gmail, Google, LinkedIn & default AI training on your data 08:50 – AI listening devices & privacy concerns 11:00 – Meeting transcripts, confidentiality & inappropriate recording 14:45 – Celebrity privacy, consent, and the “ask before you film” principle 19:20 – Do you really need AI? Machine learning vs actual intelligence 21:00 – Garbage-in, garbage-out models and data poisoning 24:00 – Business risk when you don’t understand the tool you’re using 26:00 – AI customer service gone wrong 28:00 – What to look for in AI contracts: training rights, data deletion, shared models 31:00 – Web grounding, enterprise use, and user revolt 37:00 – IP concerns, AI art, music models & stolen datasets 43:00 – Vendor management & why your supplier’s AI becomes your risk 49:00 – Consumers, opt-in vs opt-out defaults & unfair advantages 55:00 – Insurance, data scanning & the terrifying future of personalized underwriting 1:02:00 – Why businesses must ask vendors how they use AI 1:10:00 – Free book giveaway & closing thoughts

    1h 13m

  10. 11/18/2025

    From Military to Cybersecurity: Veteran Jose Toledo on Transition, Identity & Leadership - The Cyber Mettle S1E3

    What happens when you leave the military and step into the civilian cybersecurity world? In this episode, Air Force veteran and cybersecurity consultant Jose Toledo joins us to talk about the real (and often overlooked) challenges of the military-to-tech transition.   Jose’s career spans defense contracting, OT security, and strategic consulting with Google. He shares honest insights into identity loss, translating military experience into corporate language, navigating communication differences, and finding purpose after leaving a mission-driven environment.   In this conversation, we explore: • why the military-to-civilian transition can feel disorienting • how veterans can turn leadership under pressure into an advantage • the challenge of “translating” military jargon into business value • soft skills veterans bring to cybersecurity and tech roles • communication differences: directness vs. corporate nuance • how office politics land for people trained in no-excuses environments • what veterans miss most after the uniform comes off • where to find purpose, meaning, and community after service • networking strategies for introverts, ambiverts, and those who hate small talk • the truth behind: “The tech is easy. The people are hard.” Whether you're a veteran transitioning into cybersecurity, a hiring manager looking to understand veteran talent, or a cybersecurity leader navigating identity and career growth, this episode offers clarity, perspective, and actionable guidance.   ⏱️ CHAPTERS 00:00 – Intro & Welcome 01:12 – Meet Our Guest: Cyber Consultant & Air Force Veteran Jose Toledo 04:20 – How Jose Entered Cybersecurity Through the Military 07:58 – The Military Mindset: “Do More With Less” 10:45 – Why Translating Military Experience Is So Difficult 15:28 – Veterans Undervaluing Their Skills and Accomplishments 18:40 – The Interview Moment That Changed Jose’s Career 23:04 – Stress Leadership, Soft Skills & Mission Focus 27:52 – Responsibility at a Young Age: The Veteran Narrative 32:10 – The Mission-Shaped Hole After Leaving the Military 36:58 – Communication Style Differences: Directness vs. Corporate Culture 42:21 – Office Politics, Expectations & Emotional Intelligence 46:30 – Networking for Introverts and Ambiverts 51:12 – Teaching, Volunteering & Finding Purpose After Service 55:44 – Legal vs. Cyber: Translating Meaning Across Disciplines 59:20 – Final Advice: Reframing Your Value as a Veteran 01:02:10 – Closing & Subscribe   New episodes of The Cyber Mettle Podcast drop every other week. Follow The Cyber Mettle for conversations on cybersecurity, leadership, law, business resilience, and the human challenges behind the keyboard.

    1h 7m

  11. 11/04/2025

    Tough Conversations: Death, Incapacitation & Resilience in Life and Business - The Cyber Mettle S1E2

    Avoiding tough topics doesn’t protect your business — it weakens it. This episode reveals how confronting death and incapacity builds lasting strength, resilience, and continuity. We all say we value resilience, but few of us talk about the moments that truly test it. In this episode of The Cyber Mettle Podcast, hosts Alyson Laderman, Esq. and Dr. Omar Sangurima confront one of the hardest leadership topics: what happens when the leader or teammate is suddenly gone? From death and incapacitation to business succession and legacy planning, this conversation blends personal stories, legal insights, and cybersecurity strategy to explore what real resilience looks like — in life and in business. 💬 “Avoiding the conversation doesn’t protect anyone. It just leaves chaos for the people you love.” Whether you’re a founder, executive, cybersecurity professional, or anyone responsible for others, this episode will challenge how you think about continuity, preparedness, and legacy. Because the best leaders don’t just protect their businesses, they protect the people behind them. 💡 In This Episode: How death and incapacitation fit into resilience planning Why avoidance is the biggest threat to business continuity Real stories of unpreparedness and the lessons they teach How to create a “resilience playbook” for your life and organization The crossover between estate planning and cyber resilience What legacy really means for modern leaders 🎯 You’ll Learn: How to start difficult but necessary conversations How to plan for continuity and protect your digital assets Why transparency and documentation matter for teams and families How to turn uncomfortable topics into acts of love and leadership 🔥 Chapters: 00:00 – Welcome & Intro 03:00 – Why “tough conversations” matter 06:00 – Real-world stories of loss, chaos & resilience 12:30 – Probate nightmares and legal lessons 19:00 – Alyson’s personal story: from courtroom to caregiver 35:00 – The Gift Box: A blueprint for peace of mind 42:00 – Digital continuity and shared secrets 57:00 – Power of Attorney, living wills & 18-year-old planning 1:00:00 – Even the Muppets get it: Have the talk 1:04:00 – Closing thoughts on resilience & legacy Hosts: 🎙️ Alyson Laderman, Esq. — CEO of AKYLADE, attorney, and cybersecurity strategist 🎙️ Dr. Omar Sangurima — Cybersecurity and GRC leader, educator, and speaker Together, they explore the human side of technology, leadership, business, and law, and what it takes to thrive when things get tough. Keywords: business succession, leadership, resilience, business continuity, incapacitation planning, estate planning, cybersecurity podcast, GRC, risk management, continuity planning, digital legacy, resilience podcast, crisis management, The Cyber Mettle Podcast, Alyson Laderman, Omar Sangurima, leadership development, cybersecurity awareness, resilience strategy #Leadership #Resilience #Cybersecurity #BusinessContinuity #SuccessionPlanning #EstatePlanning #GRC #Podcast #TheCyberMettlePodcast Listen now on: 🎧 Apple Podcasts | Spotify | Podbean | Amazon Music | iHeartRadio Subscribe and follow for new episodes exploring how to lead, adapt, and build real resilience in a digital world.

    1h 6m

  12. 10/20/2025

    The Human Side of Cybersecurity: How to Build a Culture of Resilience - The Cyber Mettle S1E1

    Cybersecurity isn’t just about firewalls and passwords — it’s about people. Omar and Alyson explore how empathy, education, and collaboration can build a culture of cyber resilience. Detailed Description: In this first episode of The Cyber Mettle Podcast, hosts Omar Sangurima and Alyson Laderman explore the human side of cybersecurity — where technology meets business, law, and culture. They discuss why so many organizations struggle to create a true culture of resilience, how education and empathy can overcome apathy, and why the law and policy must evolve alongside our understanding of human behavior and cyber insurance. This episode breaks down complex issues from data ethics and AI integration to community-driven resilience and reminds us that cybersecurity isn’t just about systems, it’s about people. Watch now to learn how conversations, collaboration, and compassion can redefine cybersecurity for the modern world. 🔗 Watch & Subscribe 🎥 Watch now: https://youtu.be/avZ318FGFYA 💡 Subscribe for more conversations that connect cybersecurity, law, and humanity. #Cybersecurity #CyberResilience #CyberCulture #DataPrivacy #CyberAwareness #CyberInsurance #CyberMettlePodcast #AIandCybersecurity #DigitalEthics #HumanFactor #AlysonLaderman #OmarSangurima Chapters 00:00 Introduction to Cybersecurity and Law 01:38 The Dual Challenge in Cybersecurity 05:12 Understanding the Apathy Towards Cybersecurity 08:52 The Importance of Cyber Hygiene 12:37 Tough Conversations About Online Safety 16:12 The Role of Education in Cybersecurity Awareness 19:51 The Importance of Basic Education in Data Awareness 21:55 Societal Responsibility and Data Ethics 23:05 Integrating Cybersecurity and AI Education 25:29 The Role of Government in Cybersecurity 28:21 Navigating the Patchwork of Cyber Laws 31:09 The Human Cost of Cybersecurity Decisions 37:14 Bridging the Communication Gap in Cybersecurity 38:13 The Role of Cyber Insurance in Risk Management 41:46 Understanding Cyber Insurance Policies 47:22 Building Resilience Through Collaboration 49:32 The Importance of Community in Cybersecurity 54:54 Holistic Approaches to Risk Assessment

    56 min
  • 12 Episodes

About

The Cyber Mettle Podcast makes technology, and its impact on real life, understandable. In a world where technology shapes how we work, communicate, govern, and make decisions, this podcast explores how technology, business, law, resilience, and the human experience intersect in practice, not just in theory. Hosted by experienced professionals with backgrounds spanning technology, law, business, and risk, The Cyber Mettle Podcast focuses on helping listeners make sense of complexity without dumbing it down. We talk about: Technology and innovation in everyday life and work Cybersecurity, privacy, and data without the jargon Business decisions shaped by regulation and risk Leadership, accountability, and resilience in moments of change or crisis The human behaviors and incentives behind technical and legal outcomes This isn’t a podcast about gadgets or headlines. It’s about how technology actually shows up in people’s lives and organizations, and what that means for the choices we make. Why “Cyber Mettle”? Because modern challenges don’t just test systems — they test judgment, adaptability, and character. Cyber mettle is the ability to respond thoughtfully when technology, policy, and human behavior collide. Who This Podcast Is For The Cyber Mettle Podcast is for curious, thoughtful listeners who want to understand the world they’re operating in: Business leaders and professionals Legal, compliance, and technology practitioners Founders, operators, and advisors Anyone navigating work, leadership, or decision-making in a tech-shaped world You don’t need to be technical, just interested in how things really work. What Makes This Podcast Different Accessible conversations grounded in real experience Cross-disciplinary perspectives without silos No fear-mongering, no hype, no unnecessary jargon Respect for nuance, context, and human impact We connect dots others treat in isolation. Release Schedule 🎙️ New full episodes every other Tuesday 🎧 Available on Podbean and all major podcast platforms and YouTube Subscribe to The Cyber Mettle Podcast for conversations that help you better understand technology’s role in modern life and your place within it. Keywords: Technology podcast, cybersecurity podcast, business and technology, law and technology, digital resilience, human factors, leadership, risk and decision-making, privacy, innovation, tech and society, business succession planning, sexploitation, data privacy To learn more about our hosts, visit their LinkedIn profiles at: Dr. Omar Sangurima: https://www.linkedin.com/in/dromars/ Alyson M. Laderman, Esq.: https://www.linkedin.com/in/alysonladerman/

Information