The Cyber Mettle Podcast with Alyson & Omar

The Cyber Mettle Podcast with Alyson & Omar

The Cyber Mettle Podcast makes technology, and its impact on real life, understandable. In a world where technology shapes how we work, communicate, govern, and make decisions, this podcast explores how technology, business, law, resilience, and the human experience intersect in practice, not just in theory. Hosted by experienced professionals with backgrounds spanning technology, law, business, and risk, The Cyber Mettle Podcast focuses on helping listeners make sense of complexity without dumbing it down. We talk about: Technology and innovation in everyday life and work Cybersecurity, privacy, and data without the jargon Business decisions shaped by regulation and risk Leadership, accountability, and resilience in moments of change or crisis The human behaviors and incentives behind technical and legal outcomes This isn’t a podcast about gadgets or headlines. It’s about how technology actually shows up in people’s lives and organizations, and what that means for the choices we make. Why “Cyber Mettle”? Because modern challenges don’t just test systems — they test judgment, adaptability, and character. Cyber mettle is the ability to respond thoughtfully when technology, policy, and human behavior collide. Who This Podcast Is For The Cyber Mettle Podcast is for curious, thoughtful listeners who want to understand the world they’re operating in: Business leaders and professionals Legal, compliance, and technology practitioners Founders, operators, and advisors Anyone navigating work, leadership, or decision-making in a tech-shaped world You don’t need to be technical, just interested in how things really work. What Makes This Podcast Different Accessible conversations grounded in real experience Cross-disciplinary perspectives without silos No fear-mongering, no hype, no unnecessary jargon Respect for nuance, context, and human impact We connect dots others treat in isolation. Release Schedule 🎙️ New full episodes every Tuesday morning 🎧 Available on Podbean and all major podcast platforms and YouTube Subscribe to The Cyber Mettle Podcast for conversations that help you better understand technology’s role in modern life and your place within it. Keywords: Technology podcast, cybersecurity podcast, business and technology, law and technology, digital resilience, human factors, leadership, risk and decision-making, privacy, innovation, tech and society, business succession planning, sexploitation, data privacy To learn more about our hosts, visit their LinkedIn profiles at: Dr. Omar Sangurima: https://www.linkedin.com/in/dromars/ Alyson M. Laderman, Esq.: https://www.linkedin.com/in/alysonladerman/ Visit https://cybermettle.org for more information about Cyber Mettle Inc., a 501(c)(3) non-profit organization dedicated to community cyber resilience and workforce development.

  1. 1D AGO

    Cert Corner | CISM Explained: 2026 Exam Changes, What It Really Means, and Who Should Get It S1E23

    Thinking about the CISM? The exam is changing, and most people misunderstand what it actually tests and validates. Here’s what ISACA really expects, plus how to think like a manager (not an engineer) to pass. In this Cert Corner episode of  ⁨@TheCyberMettlePodcast⁩ , Dr. Omar Sangurima and Alyson Laderman break down the Certified Information Security Manager (CISM) certification: what it is, what’s changing on November 3rd, and whether it’s actually worth your time. This isn’t a surface-level overview. We get into: The new exam structure and domain weighting Why CISM is considered a “gatekeeper” certification The critical mindset shift: thinking like a manager, not a practitioner How CISM compares to CISSP and CRISC Real-world value: how it helps you connect security functions and lead programs We also cover test-taking strategy, remote proctoring realities, and why many candidates struggle. It's not because they lack knowledge, but because they answer from the wrong perspective. If you're aiming for mid-to-senior level cybersecurity roles, managing teams, or moving into leadership, then this episode is for you. ⏱️ CHAPTERS 00:00 – Welcome to Cert Corner: Why CISM Still Matters 01:45 – Big Change: New CISM Version Coming November 3 03:20 – Experience Requirements & “Gatekeeping” Reality 05:10 – New Domain Weighting: Program + Incident Management 07:00 – Who CISM Is REALLY For (Manager-Level Focus) 08:30 – CISM vs CISSP: Which One Should You Get? |10:15 – The Certification Gap Above Manager Level 11:30 – Exam Format: 150 Questions, 4 Hours, No Adaptive Scoring 12:45 – KEY TIP: Think Like a Manager, Not a Technician 14:30 – Incident Response Example: Why “Follow the Plan” Wins 16:00 – Distractors and Test Strategy Insights 18:00 – Remote Proctoring: What to Expect (and Fear) 22:00 – Real Talk: Proctoring Horror Stories & Test Anxiety 26:00 – Cost Breakdown: What You’ll Actually Spend 27:30 – CISM vs CRISC: Risk vs Program Leadership 29:30 – CISM vs CISSP Deep Comparison 33:45 – Career Impact: How CISM Changes Your Thinking 37:00 – Breaking Down Silos Across Security Teams 39:00 – Why Companies Misuse Certifications in Job Reqs 41:00 – Final Thoughts: Should You Get the CISM? 42:30 – Outro and What Certs to Cover Next Keywords: CISM certification, ISACA CISM 2025, cybersecurity certifications, CISM vs CISSP, CRISC vs CISM, cybersecurity management certification, security program management, ISACA exam changes, cybersecurity leadership cert, cyber career path #CISM #CyberSecurity #ISACA #Certifications #CISSP #CyberLeadership #GRC #InfoSec #CyberCareers #CyberMettle

    41 min

  2. APR 28

    The Revenge of the Generalist: AI, Risk, and the Future of Cybersecurity Leadership | Fred Descloux S1E22

    AI isn’t replacing cybersecurity professionals. It’s reshaping what matters. The future belongs to those who can connect the dots, not just execute tasks. In this episode of  ⁨@TheCyberMettlePodcast⁩ , Omar Sangurima and Alyson Laderman sit down with Frederic (Fred) Descloux to explore one of the biggest shifts happening in cybersecurity today: the return of the generalist. Fred Descloux is the founder of Zero Drama Security, a straight-talking advisory firm built on a simple premise: most security programs are overcomplicated, under-effective and full of noise. He works with organizations to cut through AI hype, eliminate compliance theater and focus on what actually matters: data, decisions and real risk. Alongside his advisory work, he serves as a senior security and data protection leader at a global public company, bringing a pragmatic, no-BS perspective to modern security. As AI accelerates execution and automates routine work, organizations are facing a new challenge—decision-making, accountability, and connecting fragmented systems. Fred shares insights from nearly two decades in security, privacy, and risk across consulting, global organizations, and startups. Together, they unpack: * Why AI is compressing execution and what that means for experts * The real reason “talent gaps” persist in cybersecurity * How silos, governance failures, and lack of accountability hold organizations back * Why generalists who can connect business, risk, and technology are becoming critical * How to build practical, enforceable policies (and avoid governance theater) * What the next generation of cybersecurity leaders will look like This conversation goes beyond tools and tactics—it’s about mindset, leadership, and the future of the profession. If you're in cybersecurity, risk, legal, or business leadership, this episode will challenge how you think about expertise, career growth, and organizational design. Links: https://zerodramasecurity.com https://www.linkedin.com/in/fredericdescloux  ⏱️ CHAPTERS 00:00 – Introduction and Guest Welcome 01:30 – Fred Descloux’s Background & Career Path 05:00 – The Value of Being a Generalist in Cybersecurity 07:00 – Breaking Down Silos & Organizational Friction 10:30 – AI’s Impact on Security Roles & Execution 12:00 – “The Easy Work is Gone” — What AI Changes 14:30 – Decision-Making, Ownership, and Accountability 16:30 – Why Accountability is Missing in Organizations 19:00 – Governance Basics: Policies, RACI, and Simplicity 23:00 – Writing Policies That Actually Work 27:30 – Losing Credibility Through Poor Governance 30:00 – Risk vs Compliance vs Audit — Key Differences 33:00 – Cybersecurity as a Business Function 36:00 – The Importance of “So What?” in Security Strategy 39:00 – From Chaos to Clarity: Simplicity in Security 41:00 – AI as a Revealer, Not Just a Tool 43:00 – The Rise of the Generalist Mindset 46:00 – Talent Gap Myth & Workforce Evolution 50:00 – Rethinking Career Progression in Cybersecurity 53:00 – Apprenticeship, Trust, and Learning by Doing 56:00 – The Future: Faster Growth, Younger Leaders 58:30 – Closing Thoughts KEYWORDS: cybersecurity leadership, AI in cybersecurity, risk management, governance, generalist vs specialist, cybersecurity careers, CISO strategy, security governance, RACI chart, cyber risk, AI automation security, security policy best practices, talent gap cybersecurity, cyber workforce development, security leadership mindset #CyberSecurity #AI #RiskManagement #CyberLeadership #InfoSec #Governance #CISO #CyberCareers #SecurityStrategy #TheCyberMettlePodcast

    55 min

  3. APR 21

    Protecting Seniors from Scams, AI Impersonation & Data Brokers | Cat Karow (ZoraSafe) S1E21

    Scams aren’t what they used to be, and your loved ones are the target. From AI voice cloning to data brokers, this is the conversation families need to have now. This episode of  @TheCyberMettlePodcast  tackles one of the most urgent — and uncomfortable — topics in cybersecurity today: protecting seniors and vulnerable family members from modern scams. Hosts Omar Sangurima and Alyson Laderman are joined by Cat Karow, founder of ZoraSafe, who brings over 20 years of experience in cybersecurity and product development. Together, they break down how scams have evolved from obvious fraud to highly targeted, AI-driven manipulation. This episode is more than just about technology; it's about human behavior, trust, and the reality that anyone can be targeted. In this conversation, you’ll learn: * How AI impersonation scams are changing the threat landscape * Why data brokers make scams more effective * The emotional manipulation tactics scammers rely on * Why seniors are disproportionately targeted * How to have practical, respectful conversations with loved ones * The role of shame in underreporting scams and how to change it * Why “urgency” is the biggest red flag Cat also shares how ZoraSafe is working to stop scams in real time while educating users through micro-learning and community reporting.   This is one of those conversations that may feel uncomfortable but is necessary. 👉 Resources mentioned: ZoraSafe (https://zorasafe.com)   ⏱️ CHAPTERS: 00:00 – Intro: A “tough but necessary” conversation 01:00 – Meet Cat Karow and ZoraSafe 02:00 – How real-time scam detection works 03:00 – Why scams go unreported (and why that matters) 05:00 – Real-life scam targeting a senior family member 08:00 – How scammers use purchased personal data 10:00 – Why you should stop answering unknown calls 11:00 – AI voice cloning & impersonation scams 13:00 – Hyper-targeting based on vulnerability 14:30 – Why reporting scams is critical 15:30 – The data broker ecosystem explained 18:00 – “You are the product”: data collection reality 20:30 – Living in a surveillance economy 23:00 – Information manipulation & fractured realities 26:00 – Forced digitization and its risks 27:00 – How to talk to family about scams 29:00 – The power of pausing and recognizing urgency 31:00 – Why scams are harder to detect today 32:30 – Long-con scams and crypto fraud 34:00 – Fake influencers, bots, and manipulation at scale 36:30 – The evolution of the internet (then vs now) 38:00 – Big Tech incentives and scam advertising 39:30 – Convenience vs privacy tradeoffs 40:30 – Data overcollection and “honeypot” risks 42:00 – Real-world security failures 45:00 – What happens to your data when companies fail 46:00 – Why data breach notifications come too late 48:00 – Real example: vehicle data exposure 49:00 – Can this problem actually be solved? 50:00 – Forced consent & loss of privacy 51:30 – Small business cybersecurity gaps 53:00 – Final thoughts: talk about it, remove the shame   🔑 KEYWORDS: cybersecurity podcast, scams targeting seniors, AI impersonation scams, voice cloning fraud, data brokers explained, identity theft prevention, cyber awareness, online safety for families, fraud prevention tips, ZoraSafe, Cat Karow, cyber threats 2026, digital privacy risks, scam prevention strategies #CyberSecurity #ScamPrevention #AIFraud #DataPrivacy #CyberAwareness #OnlineSafety #IdentityTheft #CyberMettle #FraudPrevention #TechEthics

    54 min

  4. APR 14

    From Historian to AI Governance Leader: How to Break Into Privacy & AI (Dr. Kyle David) S1E20

    Breaking into AI governance, privacy, or cybersecurity isn’t about where you start, it’s about how you think. Dr. Kyle David went from historian to AI governance leader and shows exactly how others can do it too.   In this episode of The Cyber Mettle Podcast, Omar Sangurima and Alyson Laderman sit down with Dr. Kyle David, founder of Dr. David Privacy and creator of leading IAPP certification training programs. Dr. David shares his unconventional path from academia to privacy and AI governance, offering a practical roadmap for career changers and professionals looking to future-proof their careers. The conversation explores: * Why AI governance is growing—but hasn’t hit “hockey stick” job growth yet * How privacy professionals are becoming AI governance leaders * The real impact of regulation vs innovation * What organizations are struggling with when adopting AI * Tactical ways to break into cybersecurity, privacy, or AI governance today   Whether you’re preparing for certifications like AIGP or exploring a transition into tech-adjacent roles, this episode delivers grounded, actionable insights.   ⏱️ CHAPTERS 00:00 – Intro & welcome to the episode 00:53 – Meet Dr. Kyle David (origin story) 02:02 – From academia to privacy: career pivot during COVID 05:41 – Discovering gaps in certification training 07:19 – Building Dr. David Privacy & AIGP success 09:47 – Entry-level challenges in privacy & AI governance 12:12 – Why AIGP is growing in demand 15:28 – Career pathways after AIGP (3 tracks) 18:21 – Regulation vs innovation in AI 23:32 – Legal perspective on fragmented regulation 24:41 – Innovating inside government systems 29:27 – Theory vs practice in learning 31:01 – How to break into cyber, privacy, or AI (3 strategies) 33:41 – Volunteering, networking, and real-world experience 36:28 – Risks and realities of “working for free” 41:18 – Learning styles and practical application 44:16 – Leveraging your current organization 46:26 – Where to find Dr. David 47:09 – Closing thoughts   KEYWORDS: AI governance careers, privacy career transition, cybersecurity entry level, AIGP certification, IAPP training, AI regulation vs innovation, privacy jobs, governance risk compliance careers, breaking into cybersecurity, Dr Kyle David, AI governance certification, privacy professional path   #CyberMettlePodcast #AIGP #AIGovernance #PrivacyCareers #CybersecurityJobs #GRC #CareerTransition #TechCareers #IAPP #AIRegulation

    47 min

  5. APR 7

    AI Governance Is Already Broken — Here’s How to Fix It | Graeme Rudd (Arise Framework) S1E19

    AI isn’t just another tool — it’s changing risk, liability, and how businesses operate. If you’re treating AI like SaaS, you’re already behind. In this episode of  @TheCyberMettlePodcast , Omar Sangurima and Alyson Laderman sit down with Graeme Rudd (former Green Beret, recovering lawyer, and founder of Assessed Intelligence) to unpack one of the most urgent issues in modern business: the convergence of AI governance and cybersecurity. Graeme explains why organizations are misjudging AI risk, how “move fast and break things” fails in regulated environments, and why governance is no longer optional—it’s a business survival strategy. From token burn risks and autonomous agents behaving unpredictably to legal liability, insurance gaps, and the future of certification standards, this conversation connects the dots across cybersecurity, legal, HR, and executive leadership. You’ll also learn about the Arise Framework, designed to unify cybersecurity and AI governance into a practical, usable model for organizations of any size. Key topics include: * Why AI risk is fundamentally different from traditional software * Token consumption as a financial and governance issue * The danger of “set it and forget it” AI workflows * AI agents as insider threats * Why cybersecurity and AI governance can no longer be separated * Legal and ethical implications of AI failures * The future of AI regulation, insurance, and certification * How organizations can start building governance today * The Arise Framework and how to use it Resources mentioned: Arise Framework (free): https://ariseframework.com Assessed Intelligence: https://assessedintelligence.com *Disclaimer: This podcast shares general insights and experiences. It is not to be construed as legal or cybersecurity advice.* 🔹 CHAPTERS 00:00 – Intro & guest welcome (Graeme Rudd) 02:02 – Why recent AI risks are accelerating 02:50 – Token burn: hidden cost & governance issue 04:55 – “Tokens as fuel” explained for business leaders 05:04 – Misconfiguration risk across AI systems 06:20 – AI introduces new legal, HR, and ethical risks 06:53 – Why AI is fundamentally different from SaaS 07:52 – AI drift and “set it and forget it” danger 09:35 – Leadership lessons from military backgrounds 10:24 – AI agents as insider threats 11:13 – Future: AI businesses will require certification 11:50 – “Muscle car with no driver training” analogy 13:07 – Veteran talent gap in cybersecurity 14:17 – Transition challenges from military to industry 18:05 – Founding Assessed Intelligence 19:49 – AI hype vs real-world limitations 21:14 – Snake oil in AI and why it persists 23:04 – Cybersecurity + AI governance must merge 24:29 – Why organizations don’t know where to start 25:25 – The problem with fragmented frameworks 26:18 – Arise Framework explained 27:34 – Ethical responsibility in AI deployment 28:47 – “Skynet’s idiot cousin” risk 30:50 – Speed vs understanding in AI development 32:32 – Why harm won’t stop adoption immediately 34:06 – Cyber insurance realities and gaps 35:25 – Why AI standards are inevitable 36:48 – Investment and copyright risks in AI 37:42 – Real-world risks: agents, deletion, manipulation 39:13 – Acceptable error rates in healthcare AI 41:29 – Cutting through hype: practical AI use 43:26 – Governance as competitive advantage 45:18 – Real incident: AI deleting critical data 47:28 – Vibe coding & IP leakage risks 49:27 – Human-in-the-loop limitations 50:22 – Free Arise Framework & maturity tool 52:20 – Final thoughts & closing   #Cybersecurity #AIGovernance #ArtificialIntelligence #RiskManagement #CyberRisk #AICompliance #Infosec #Leadership #DataGovernance #CyberMettle   Keywords: AI governance framework, cybersecurity and AI, AI risk management, Arise framework, Graeme Rudd, assessed intelligence, AI compliance, token burn AI cost, AI security risks, enterprise AI governance, AI legal risk, AI insurance risk, insider threat AI, AI maturity model, cybersecurity leadership

    56 min

  6. MAR 31

    Cybersecurity Career Paths Decoded: Red, Blue, Purple & Beyond | The Cyber Mettle Podcast S1E18

    Most people enter cybersecurity knowing they want "in." Very few know which door to walk through — and the industry does almost nothing to help them figure it out. In this episode, Dr. Omar Sangurima and Alyson Laderman, Esq. break down the full InfoSec color wheel — red, blue, white, purple, orange, yellow, and green teams — and give aspiring professionals, hiring managers, and workforce developers a practical framework for understanding where different skills, personalities, and career interests actually belong in a cybersecurity organization. This isn't a surface-level overview. Omar draws from 12 years in the field, nearly a decade at Memorial Sloan Kettering, and a front-row seat to the hiring problems that keep the wrong people in the wrong roles — or keep the right people out entirely. Alyson brings the legal and organizational lens, including how law's structured seniority and specialization model exposes what cybersecurity still hasn't figured out. Together they cover: - Why "I want to do cybersecurity" is not a career plan — and how to help people find their actual lane - The InfoSec color wheel broken down by role, mindset, and daily reality (not just job title) - Why pen testers write more reports than they break things, and what that means for career fit - The blue team's specific cognitive profile: finding patterns in noise at scale - Why purple teamers have outsized employability and how to identify if that's you - Orange team: the undervalued awareness and training function, and why data analytics matters there - Yellow team / DevSecOps: why you cannot send someone without dev fluency to talk to developers - Green team: the automation specialists who are about to become the most important people in the room - The NICE framework as a hiring and workforce development tool — and why most organizations still ignore it - Why hiring managers often cannot describe what their own roles require day to day - The cultural problem behind misaligned job specs and how to fix it from the top down - Why Omar says the version of himself from 12 years ago would not get hired today — and what that reveals about the state of the field Alyson also shares updates on Cyber Mettle Inc., the recently launched 501(c)(3) dedicated to creating real entry-level cybersecurity jobs with training and supervision while providing affordable security services to nonprofits and small businesses. The organization received IRS approval in just 19 days from submission. If you are trying to break into cybersecurity, mentor someone who is, or hire for a team that keeps getting the wrong candidates — this episode is the conversation you needed before your last job posting went live. Subscribe for new episodes every Tuesday. Learn more about Cyber Mettle Inc. at https://cybermettle.org Follow Us on LinkedIn: https://www.linkedin.com/in/dromars/ | https://www.linkedin.com/in/alysonladerman/ https://www.linkedin.com/company/cyber-mettle CHAPTERS 00:00 Intro: Why should you listen to us? 00:55 Alyson's legal + cyber journey 02:22 Omar's background: pentesting → GRC → academia 04:31 Certifications, independence, and credibility 05:10 Alyson's transition into cybersecurity leadership 06:27 Cyber Mettle mission: workforce + nonprofit support 07:54 "I want to do cybersecurity"… but what does that mean? 09:16 Mentorship: how Omar guides new entrants 12:13 The problem: cyber roles aren't standardized 14:59 Hiring mismatch: titles vs. actual skills 17:12 Reverse engineering career paths 19:11 Job descriptions are broken (and misleading) 20:33 NICE framework explained 24:06 Why better job design improves hiring outcomes 26:23 Why organizations don't adopt NICE 31:25 Cyber hiring as "hygiene" (constant iteration) 32:29 The harsh reality of breaking into cyber today 34:32 Cybersecurity career paths explained (color wheel) 35:05 Red Team (offense / pentesting) 36:05 Blue Team (defense / detection) 37:50 White Team (GRC / program management) 38:45 Purple Team (hybrid / strategic operators) 40:20 Orange Team (training & awareness) 41:46 Yellow Team (DevSecOps / engineering bridge) 43:40 Green Team (automation & scaling impact) 45:13 Why automation roles are undervalued 47:17 Building real-world cyber talent pipelines 48:31 Cyber Mettle: how to get involved 49:38 Outro: Keep it cyber mettle #CyberSecurity #CybersecurityCareers #InfoSec #RedTeam #BlueTeam #PurpleTeam #GreenTeam #DevSecOps #CyberMettle #NICEFramework #CyberWorkforce #GRC #CyberJobSearch #EntryLevelCyber #CyberLeadership #SecurityAwareness #OrangeTeam #YellowTeam #WorkforceDevelopment #CybersecurityPodcast

    50 min

  7. MAR 24

    Cert Corner AI Governance Certification (AIGP) — What It’s REALLY Like to Take the Exam S1E17

    Is the AI Governance Professional (AIGP) cert worth it? Here’s the real, unfiltered breakdown ... immediately after taking the exam. In this Cert Corner episode of The Cyber Mettle Podcast, Omar Sangurima breaks down his experience taking the AI Governance Professional (AIGP) certification from the IAPP just hours after sitting for the exam. From preparation strategies and study tools to exam structure, difficulty, and real-world applicability, this episode gives you a clear, honest look at what it takes to pass one of the most relevant certifications in today’s AI-driven landscape. You’ll learn: * What the AIGP exam actually covers * Why AI governance is harder than it looks * How international regulations (like the EU AI Act) shape the test * The biggest mistakes candidates make * Study strategies that actually work (including AI-assisted prep) * Who should — and shouldn’t — take this certification If you’re considering AI governance, privacy, or compliance roles, this is a must-watch before you invest the time and money. 🔹 CHAPTERS 00:00 Intro to Cert Corner & AIGP 00:42 What the AIGP Certification Covers 02:00 AI Governance Is a Global Problem 03:38 Why This Cert Is Personally Important 05:44 Why You Should NOT Take This First 07:11 The Study Strategy That Worked 08:51 Inside the Cohort Learning Experience 10:42 Why the Exam Questions Are So Difficult 11:54 Exam Format Explained (2-Part Structure) 13:28 Test-Taking Strategy & Time Management 14:34 Using AI to Study for an AI Exam 17:18 Who Should Take the AIGP Cert 25:49 Career Paths: Cyber, Legal, Audit, AI 26:11 Cost, Value, and ROI of the Certification 28:47 Final Thoughts & What’s Next #AIGP #AIGPCertification #AIGovernance #CyberSecurity #Privacy #IAPP #CertCorner #CyberMettle #AICompliance #Infosec KEYWORDS: AIGP certification review, AI governance professional exam, IAPP AIGP breakdown, AI compliance certification, AI governance career path, cybersecurity certifications 2026, AI regulation EU AI Act, how to pass AIGP, AI governance training, Cert Corner podcast

    33 min

  8. MAR 17

    Fixing the Cybersecurity Entry-Level Job Crisis | The Cyber Mettle Podcast S1E16

    When it comes to cybersecurity, there are those out there who point to a talent shortage within the workforce pipeline. But more and more experts are realizing that there is no shortage of talent; rather, there is a shortage of entry-level jobs for newcomers to the field to step into. And as statistics prove that that is the case, where are the next generation of cyber defenders supposed to start their careers? In this episode of The Cyber Mettle Podcast, Dr. Omar Sangurima and Alyson Laderman, Esq. tackle one of the most uncomfortable conversations in cybersecurity today: the entry-level job crisis. For years the industry has repeated the same narrative: there’s a massive cybersecurity talent shortage. But when job listings require 3–5 years of experience for “entry-level” roles, the pipeline breaks. Omar and Alyson dig into the disconnect between education, hiring practices, and real workforce development—and why cybersecurity may be accidentally gatekeeping its own future talent. They discuss: • Why the cybersecurity “skills shortage” narrative is incomplete • How current hiring practices eliminate true entry-level candidates • The unintended consequences of AI resume screening • Why organizations expect “day-one superheroes” instead of training talent • How other professions (law, medicine) train new professionals responsibly • Why GRC roles can serve as a practical entry point into cybersecurity • The leadership responsibility to build intentional training pipelines The episode also includes a major announcement: Cyber Mettle, Inc. is a recently launched nonprofit (501(c)(3) pending) designed to create real entry-level cybersecurity jobs with training and supervision while helping community organizations improve their cyber resilience. This conversation isn’t just about diagnosing the problem. It’s about changing the system that created it. Topics Covered: * Cybersecurity workforce pipeline * Entry-level cybersecurity jobs * Cyber hiring practices * Cybersecurity skills gap myth * GRC careers in cybersecurity * Cyber workforce development * Training the next generation of cyber professionals About Cyber Mettle CyberMettle is a nonprofit initiative focused on: • Hiring and training entry-level cybersecurity professionals • Providing affordable cybersecurity services to community organizations • Creating a real pipeline from training to professional experience Learn more at: https://cybermettle.org   Subscribe for More: If you care about cybersecurity, leadership, law, and technology — subscribe for conversations that tackle the real issues shaping the industry.   CHAPTERS: 00:00 – Welcome to the Cyber Mettle Podcast 00:50 – The uncomfortable conversation about cybersecurity hiring 02:10 – “Gate Busting vs Gatekeeping” explained 04:15 – The cybersecurity job shortage narrative 07:10 – The reality of job applications vs open roles 08:15 – 500k cyber jobs but almost no entry-level roles 10:20 – AI screening and hiring system problems 12:20 – Why organizations expect day-one superheroes 15:20 – Can cybersecurity truly have entry-level roles? 17:40 – Hiring for fit vs hiring for unicorns 20:00 – Lessons from legal training and mentorship models 22:20 – Where entry-level cyber roles actually can work (GRC) 26:00 – Leadership responsibility in workforce development 29:00 – The cybersecurity pipeline problem 31:00 – Announcement: The Cyber Mettle nonprofit initiative 33:20 – Real jobs, real training, real community impact 36:00 – Why unpaid internships create industry gatekeeping 39:00 – Why the cyber hiring system is getting worse 42:30 – The goal: create a new talent pipeline 46:30 – Omar speaking at NICE Conference 49:00 – Practical ways organizations can fix hiring practices 50:50 – Final thoughts on changing the cybersecurity industry

    53 min
See All (23)

Ratings & Reviews

5
out of 5
2 Ratings

About

The Cyber Mettle Podcast makes technology, and its impact on real life, understandable. In a world where technology shapes how we work, communicate, govern, and make decisions, this podcast explores how technology, business, law, resilience, and the human experience intersect in practice, not just in theory. Hosted by experienced professionals with backgrounds spanning technology, law, business, and risk, The Cyber Mettle Podcast focuses on helping listeners make sense of complexity without dumbing it down. We talk about: Technology and innovation in everyday life and work Cybersecurity, privacy, and data without the jargon Business decisions shaped by regulation and risk Leadership, accountability, and resilience in moments of change or crisis The human behaviors and incentives behind technical and legal outcomes This isn’t a podcast about gadgets or headlines. It’s about how technology actually shows up in people’s lives and organizations, and what that means for the choices we make. Why “Cyber Mettle”? Because modern challenges don’t just test systems — they test judgment, adaptability, and character. Cyber mettle is the ability to respond thoughtfully when technology, policy, and human behavior collide. Who This Podcast Is For The Cyber Mettle Podcast is for curious, thoughtful listeners who want to understand the world they’re operating in: Business leaders and professionals Legal, compliance, and technology practitioners Founders, operators, and advisors Anyone navigating work, leadership, or decision-making in a tech-shaped world You don’t need to be technical, just interested in how things really work. What Makes This Podcast Different Accessible conversations grounded in real experience Cross-disciplinary perspectives without silos No fear-mongering, no hype, no unnecessary jargon Respect for nuance, context, and human impact We connect dots others treat in isolation. Release Schedule 🎙️ New full episodes every Tuesday morning 🎧 Available on Podbean and all major podcast platforms and YouTube Subscribe to The Cyber Mettle Podcast for conversations that help you better understand technology’s role in modern life and your place within it. Keywords: Technology podcast, cybersecurity podcast, business and technology, law and technology, digital resilience, human factors, leadership, risk and decision-making, privacy, innovation, tech and society, business succession planning, sexploitation, data privacy To learn more about our hosts, visit their LinkedIn profiles at: Dr. Omar Sangurima: https://www.linkedin.com/in/dromars/ Alyson M. Laderman, Esq.: https://www.linkedin.com/in/alysonladerman/ Visit https://cybermettle.org for more information about Cyber Mettle Inc., a 501(c)(3) non-profit organization dedicated to community cyber resilience and workforce development.

Information

You Might Also Like