The Cyber Mettle Podcast with Alyson & Omar

Yael Grauer joins The Cyber Mettle Podcast for a candid conversation about data brokers, cybersecurity journalism, OSINT culture, digital privacy, surveillance technology, and the growing tension between public information and personal safety. The discussion explores how investigative journalists and hackers navigate trust, why personal information is so easy to obtain online, and what individuals can realistically do to reduce their exposure. The episode also dives into online investigation culture, doxxing, public records, and the ethical complexity of privacy in the digital age — all mixed with surprisingly relatable stories from the jiu-jitsu world.

Cybersecurity hiring is changing fast — and not always for the better. In this episode, recruiter Pete Strouse joins The Cyber Mettle Podcast to discuss how AI, automation, and risk-averse hiring practices are reshaping the cybersecurity workforce. From disappearing entry-level opportunities to the rise of GRC engineering and AI governance, Pete explains what employers are really looking for and why networking and transferable skills matter more than ever. The conversation also dives into hiring bias, private equity’s growing role in cybersecurity, compliance automation trends, and the long-term risks of failing to build future talent pipelines. A must-listen for cybersecurity professionals, GRC practitioners, hiring managers, and anyone trying to navigate the modern cybersecurity job market.

AI isn’t eliminating cybersecurity roles—it’s redefining them. In this episode, Fred Descloux joins The Cyber Mettle Podcast to explore how automation is shifting value away from execution and toward decision-making, accountability, and systems thinking. From dismantling silos to redefining talent development, this conversation challenges long-held assumptions about expertise, career paths, and leadership in cybersecurity. If you’ve ever wondered whether being a generalist is a weakness or a strength—this episode makes a compelling case for the latter.

Dr. Kyle David (Dr. David Privacy) shares how he transitioned from academia into privacy and AI governance and what that journey reveals about breaking into today’s most in-demand tech-adjacent careers. This episode explores the current state of AI governance jobs, the role of regulation, and practical strategies for gaining experience, even without a traditional background. From certifications to volunteering to internal career pivots, this conversation offers a clear, realistic roadmap for professionals looking to enter privacy, cybersecurity, or AI governance.

Most people entering cybersecurity know they want in. Very few know which role actually fits them — and the field does remarkably little to bridge that gap. In this episode of The Cyber Mettle Podcast, Dr. Omar Sangurima and Alyson Laderman, Esq. break down the InfoSec color wheel in practical terms: red, blue, white, purple, orange, yellow, and green teams — what each one actually does, what kind of thinker thrives there, and why the industry’s chaotic approach to job titles and role definitions makes it harder than it needs to be for aspiring professionals to find their fit. Omar draws from 12 years in cybersecurity, including his work at Memorial Sloan Kettering and years of informal mentorship, to walk through how he helps people reverse-engineer a career path — starting with what they are curious about, not what certification they should chase. Alyson applies the legal profession’s structured specialization model as a lens for what cybersecurity has yet to build. The conversation also covers the NICE framework as a practical tool for hiring managers and workforce developers, the cultural problem behind misaligned job specs, and why hiring quality almost always starts with tone from leadership. Alyson shares an update on Cyber Mettle Inc., a newly approved 501(c)(3) focused on creating supervised, entry-level cybersecurity jobs while providing affordable security services to nonprofits and qualifying small businesses. The organization is targeting a fall 2026 launch for job applications and services. Learn more at https://cybermettle.org. Subscribe for new episodes every Tuesday on all major platforms and YouTube.

Is cybersecurity really facing a talent shortage — or a pipeline problem? In this episode of The Cyber Mettle Podcast, Omar Sangurima and Alyson Laderman unpack the growing disconnect between cybersecurity hiring practices and workforce development. Despite hundreds of thousands of open cybersecurity roles, most require years of experience, leaving aspiring professionals unable to enter the field. The hosts explore why the industry struggles to create true entry-level opportunities, how hiring practices and AI screening contribute to the problem, and why leadership must take a more deliberate approach to training. They also introduce Cyber Mettle, a nonprofit initiative designed to create real entry-level cybersecurity jobs while helping community organizations improve their cyber resilience. This conversation challenges long-held assumptions about the cybersecurity talent shortage and offers practical ways the industry can move forward.

AI is reshaping agriculture — from autonomous tractors to precision crop monitoring — but cybersecurity hasn’t kept pace. In this episode, Ezekiel “Zeke” McReynolds joins The Cyber Mettle Podcast to discuss how connected farming systems are expanding the attack surface of critical food infrastructure. We explore AI-enabled crop analytics, remote sensing, right-to-repair battles, ransomware risks, and why agriculture has a narrow window to build security in before full autonomy arrives. Food systems are more connected than ever. The question is whether they’re resilient enough.

In this Cert Corner episode, Omar Sangurima reviews the COSO Enterprise Risk Management (ERM) certificate offered through the AICPA. As cybersecurity professionals increasingly present to boards and executive leadership, understanding enterprise risk becomes critical. Omar shares his candid experience with the course structure, exam difficulty, cost, and practical value — and reflects on how ERM reframes risk as part of business strategy and performance. Alyson Laderman adds insight into how certification exams are built and why question clarity matters. A practical conversation for CISOs, aspiring CISOs, and cyber leaders looking to bridge the business-risk gap.

Small businesses aren’t “too small” to be targeted, and attackers don’t need to know who you are to compromise you. In this episode, Omar and Alyson talk with Daniel Eliot from NIST, who leads small business engagement in NIST’s Applied Cybersecurity Division. They break down NIST’s Small Business Cybersecurity Corner, why cybersecurity is increasingly a competitive advantage, and how to use CSF 2.0 and the Small Business Quick Start Guide without getting overwhelmed. Daniel’s first-step recommendation is clear: turn on MFA. They also cover how small businesses can build a cybersecurity “team” through MSPs, upskilling, nonprofits, and universities and how to give feedback directly to NIST.

In the first episode of Cert Corner, Omar breaks down the Shared Assessments CTPRA exam: what it tests, how scenario-based questions show up in practice, and why SIG, standardized control assessments, and risk tiering are core to third-party risk work. He also shares the proctoring experience, time expectations, prep course takeaways, and a candid view on price/value, especially if you’re considering paying out of pocket.

Lawyers often get called when everything has already gone wrong. In this episode of The Cyber Mettle Podcast, Omar Sangurima and Alyson Laderman explain why that mindset is backwards. Drawing on decades of legal and cybersecurity experience, they unpack why lawyers aren’t your enemy, why prevention matters more than cleanup, and why legal professionals and cyber teams think far more alike than most people realize. This is an honest, practical conversation about trust, risk, and why having the right experts on your side early can change everything. CHAPTERS 00:00 – Welcome to The Cyber Mettle Podcast02:30 – Why lawyers have such a bad reputation04:20 – Lawyers as bearers of bad news06:00 – Media portrayals and the “villain lawyer” trope08:00 – Why prevention is cheaper than litigation11:00 – Lawyers, cyber professionals, and shared thinking models14:30 – Personal stories: business, contracts, and buying a home17:00 – Specialization in law, medicine, and cybersecurity20:00 – Choosing the right lawyer for the right job23:30 – Courtroom experience and real-world nuance27:00 – Why lawyers are trained to learn anything quickly30:00 – The danger of lying to your lawyer33:00 – AI, ChatGPT, and legal reality checks36:00 – Instant gratification vs real legal thinking39:00 – Emotional weight and responsibility of legal work42:00 – Lawyers as allies, not friends-for-hire45:00 – Gray areas, judgment, and real-world decision-making49:00 – Final thoughts: why lawyers belong on your teamBe sure to subscribe, so that you don't miss the latest episodes of The Cyber Mettle Podcast.

AI is already inside your organization. The question is not if AI is being used, but whether you know how it’s being used. Alyson and Omar break down Shadow AI, hidden data training, and the real risks leaders face when employees and vendors rely on tools you can’t see or control.

In our debut of The Cyber Mettle, Omar Sangurima and Alyson Laderman dig into the human side of security — where tech, law, and everyday behavior collide. We tackle a dual challenge many organizations face: leadership that treats security as a pure cost center, and a rising apathy from digital-native generations (“my data’s already out there”). From simple cyber hygiene and school-level education to the realities of cyber insurance, we explore how to build a culture of resilience that actually sticks—top-down and bottom-up. What we cover: * Why “apathy is a hacker’s best friend” (and how to replace it with agency) * Household-level digital safety: practical norms that scale to the workplace * Cyber hygiene as a core subject in K–12 and higher ed * The patchwork of privacy/cyber laws (and why courts still look to “best practice”) * Cyber insurance without illusions: coverage, exclusions, MFA, premiums, and risk transfer * Resilience by design: breaking silos with real cross-department planning Who this helps: * Business leaders and GRC teams building security culture * Educators shaping the workforce of tomorrow * Security, IT, and legal pros who need a plain-English bridge between policy and practice About the hosts: * Alyson Laderman — CEO of AKYLADE and a 20+ year litigation attorney. Builds cybersecurity certifications that bridge learning and doing. * Omar Sangurima — GRC practitioner focused on risk, culture, and practical governance that organizations can live with Monday to Monday. Key takeaways: * Culture beats controls when it comes to day-to-day defense. * Teach the basics early: MFA, strong passwords, privacy awareness, and digital footprints. * Don’t assume your cyber policy covers you — read the terms, meet the requirements, and document controls. * Resilience improves when cybersecurity, legal, ops, and community stakeholders plan together.