The Cyber Mettle Podcast with Alyson & Omar Titelbild

The Cyber Mettle Podcast with Alyson & Omar

The Cyber Mettle Podcast with Alyson & Omar

Von: The Cyber Mettle Podcast with Alyson & Omar
Jetzt kostenlos hören, ohne Abo

Über diesen Titel

The Cyber Mettle Podcast makes technology, and its impact on real life, understandable.


In a world where technology shapes how we work, communicate, govern, and make decisions, this podcast explores how technology, business, law, resilience, and the human experience intersect in practice, not just in theory.

Hosted by experienced professionals with backgrounds spanning technology, law, business, and risk, The Cyber Mettle Podcast focuses on helping listeners make sense of complexity without dumbing it down.


We talk about:

  • Technology and innovation in everyday life and work

  • Cybersecurity, privacy, and data without the jargon

  • Business decisions shaped by regulation and risk

  • Leadership, accountability, and resilience in moments of change or crisis

  • The human behaviors and incentives behind technical and legal outcomes

This isn’t a podcast about gadgets or headlines. It’s about how technology actually shows up in people’s lives and organizations, and what that means for the choices we make.

Why “Cyber Mettle”?

Because modern challenges don’t just test systems — they test judgment, adaptability, and character.
Cyber mettle is the ability to respond thoughtfully when technology, policy, and human behavior collide.

Who This Podcast Is For

The Cyber Mettle Podcast is for curious, thoughtful listeners who want to understand the world they’re operating in:

  • Business leaders and professionals

  • Legal, compliance, and technology practitioners

  • Founders, operators, and advisors

  • Anyone navigating work, leadership, or decision-making in a tech-shaped world

You don’t need to be technical, just interested in how things really work.

What Makes This Podcast Different

  • Accessible conversations grounded in real experience

  • Cross-disciplinary perspectives without silos

  • No fear-mongering, no hype, no unnecessary jargon

  • Respect for nuance, context, and human impact

We connect dots others treat in isolation.

Release Schedule

🎙️ New full episodes every other Tuesday
🎧 Available on Podbean and all major podcast platforms and YouTube


Subscribe to The Cyber Mettle Podcast for conversations that help you better understand technology’s role in modern life and your place within it.

Keywords: Technology podcast, cybersecurity podcast, business and technology, law and technology, digital resilience, human factors, leadership, risk and decision-making, privacy, innovation, tech and society, business succession planning, sexploitation, data privacy


To learn more about our hosts, visit their LinkedIn profiles at:

Dr. Omar Sangurima: https://www.linkedin.com/in/dromars/

Alyson M. Laderman, Esq.: https://www.linkedin.com/in/alysonladerman/

Copyright 2026 All rights reserved.
  • COSO ERM Explained for CISOs | Enterprise Risk Management for Cyber Leaders (AICPA Review) S1E12
    Feb 17 2026

    In this Cert Corner episode, Omar Sangurima reviews the COSO Enterprise Risk Management (ERM) certificate offered through the AICPA. As cybersecurity professionals increasingly present to boards and executive leadership, understanding enterprise risk becomes critical. Omar shares his candid experience with the course structure, exam difficulty, cost, and practical value — and reflects on how ERM reframes risk as part of business strategy and performance. Alyson Laderman adds insight into how certification exams are built and why question clarity matters. A practical conversation for CISOs, aspiring CISOs, and cyber leaders looking to bridge the business-risk gap. CHAPTERS:

    00:00 – Welcome to Cert Corner

    00:37 – Why COSO ERM?

    02:55 – Don’t trust — verify: AI research and due diligence

    04:27 – Cyber risk vs. enterprise risk language

    05:39 – Are murky exam questions intentional?

    06:01 – How certification exams are made (behind the scenes)

    12:21 – Who should take COSO ERM?

    15:30 – Exam cost breakdown (member vs. non-member)

    18:35 – Course structure and prep time

    20:53 – Final exam format (open book, timed)

    21:50 – COSO ERM framework overview (5 domains, 20 principles)

    24:09 – Section exams vs. final exam experience

    28:54 – COSO vs. COBIT comparison

    29:47 – Certificate vs. certification (CPE requirements)

    31:19 – Translating cyber into business language

    33:20 – Measuring ROI over time

    35:29 – Lessons learned (and don’t cram during a snowstorm)

    📌 About COSO ERM

    The COSO Enterprise Risk Management framework integrates risk management into strategy and performance. Unlike cyber-focused frameworks (e.g., COBIT), ERM emphasizes enterprise-wide governance, business objectives, and organizational performance.

    🎙 About The Cyber Mettle Podcast

    Where law, business, and cybersecurity intersect. Practical conversations for professionals navigating risk, governance, leadership, and resilience.

    #CyberMettle #COSO #EnterpriseRiskManagement #ERM #CISO #CyberLeadership #BoardReporting #RiskManagement #Governance #CyberStrategy #AICPA #CertCorner

    Mehr anzeigen Weniger anzeigen
    36 Min.
  • GRC Isn’t a Checkbox: Dr. Mike Brass on AI Governance, Risk & the Three Lines of Defense S1E11
    Feb 13 2026

    GRC isn’t about checklists. It’s about structure, accountability, and human behavior.

    In this episode of The Cyber Mettle Podcast, Dr. Mike Brass — Head of Governance, Risk & Compliance and Enterprise Security Architecture at National Highways (UK) — joins Dr. Omar Sangurima and Alyson Laderman, Esq. for a deep dive into:

    • Why cybersecurity is fundamentally about human behavior • The evolution (and misuse) of “GRC engineering” • AI governance beyond the hype • The three lines of defense model and why it still matters • Why automation ≠ strategy • How apprenticeship models are reshaping cyber talent pipelines

    Dr. Brass brings a rare interdisciplinary lens — from archaeology and anthropology to global IT leadership — explaining why governance must be holistic, structured, and aligned to business outcomes.

    If your organization is being told AI can replace GRC… this conversation is for you.

    🔎 What We Cover:
    • Why GRC is a second-line-of-defense function — not a checkbox

    • The difference between automation and governance

    • Why AI controls must extend existing frameworks — not bypass them

    • The role of Enterprise Security Architecture (ESA)

    • Apprenticeships vs. “mythical unicorn” hiring

    • CAF, ISO 42001, NIST AI RMF, CSA guidance

    • Aligning security to business mission

    • Why governance is about asking “why” — not just “how”

    📘 Featured Book

    Governance, Risk and Compliance Dr. Mike Brass Published by CRC Press (Taylor & Francis)

    ⚠️ Standard Podcast Disclaimer

    Though Dr. Brass and Dr. Sangurima are cybersecurity experts, and Alyson Laderman is an attorney, this podcast does not provide legal advice or specific cybersecurity consulting guidance. We share lived experience to help you think critically and make informed decisions.

    ⏱️ Chapters

    00:00 – Omar’s “Fanboy” Moment & Intro 00:34 – Podcast Disclaimer 01:26 – Dr. Mike Brass Background (Archaeology → Cybersecurity) 03:46 – The Moment That Changed His View of Cybersecurity 07:12 – Human Behavior as the Core of Security 10:43 – Apprenticeships vs. Traditional Entry Paths 14:54 – UK Cyber Apprenticeship Model Explained 20:35 – Why Diversity of Thought Matters in Security 22:48 – What GRC Actually Does (Second Line of Defense) 28:47 – The “GRC Engineering” Debate 32:54 – AI Marketing vs. AI Reality 37:36 – AI Governance Frameworks (ISO 42001, NIST, CSA, ISACA) 44:40 – Aligning Controls to Business Outcomes 51:52 – AI, Supply Chain & Hidden Risk 56:59 – Enterprise Security Architecture’s Role 59:30 – Final Advice for Business Leaders 1:01:07 – Book Mention & Where to Find It 1:01:31 – Closing Thoughts

    #CyberSecurity #GRC #AIGovernance #RiskManagement #InfoSec #ThreeLinesOfDefense #CyberLeadership #Governance #EnterpriseSecurity #CyberMettle

    🔑 Keywords

    Dr Mike Brass interview, GRC explained, governance risk compliance podcast, AI governance framework, ISO 42001 overview, NIST AI RMF, CAF framework UK, three lines of defense cybersecurity, enterprise security architecture, cybersecurity apprenticeships UK, automation vs governance, AI risk management, cyber leadership strategy

    Mehr anzeigen Weniger anzeigen
    1 Std. und 2 Min.
  • Small Business Cybersecurity Made Practical (NIST CSF 2.0 + Quick Start Guide) | Daniel Eliot S1E10
    Jan 27 2026

    Small businesses aren’t “too small” for cybercrime; they’re often the easiest target. NIST’s Daniel Eliot breaks down free, practical on-ramps to CSF 2.0, starting with MFA. In this episode, Omar Sangurima and Alyson Laderman are joined by Daniel Eliot (NIST), who leads small business engagement in NIST’s Applied Cybersecurity Division. Together, they unpack what small businesses actually need to do to reduce risk without getting overwhelmed.

    You’ll learn:

    • Why “we’re too small to be targeted” is a logical fallacy (wide-net attacks don’t discriminate)

    • Why cybersecurity is becoming a competitive advantage (customers + supply chain expectations)

    • The real value of inventory + crown jewels thinking (“what breaks the business if we lose access?”)

    • How CSF 2.0 evolved into a framework for organizations of all sizes and sectors

    • Daniel’s “magic wand” first step: enable multi-factor authentication (MFA)

    • The NIST Small Business Cybersecurity Corner (70+ free resources) and how resources are selected

    • How to give feedback to NIST: csf@nist.gov and public comment periods

    • A newer resource: Building Out Your Small Business Cybersecurity Team (MSP/MSSP, upskilling, universities, nonprofits)

    Resources mentioned (as stated in the episode):

    • NIST Small Business Cybersecurity Corner: nist.gov/itl/smallbusinesscyber

    • CSF feedback email: csf@nist.gov

    • (Referenced) OLIR / Informative References database (Daniel calls it “O-L-I-R”)

    Chapters:

    0:00 — Welcome + show disclaimer 1:25 — Meet Daniel Eliot (NIST): small business engagement

    3:20 — Why NIST built small business resources (2014 + 2018 Acts)

    4:56 — Where to find the “Small Business Cybersecurity Corner”

    6:39 — “We’re too small” is a myth: why small businesses are targets

    8:39 — Cybersecurity as a competitive advantage (customers + supply chain)

    10:58 — Inventory & “crown jewels”: what happens if you lose access?

    12:16 — Vendor/supplier incidents: resilience beyond your own systems

    16:06 — CSF 2.0: why it’s now for all sectors (not just critical infrastructure)

    18:03 — Magic wand advice: enable MFA

    20:13 — Small Business CSF 2.0 Quick Start Guide (how it was built)

    24:42 — How to give NIST feedback (email + public comment)

    27:30 — Will CSF 3.0 happen soon? what might drive versioning

    35:50 — OLIR: mapping CSF to other standards (crosswalk support)

    44:41 — New resource: “Building Out Your Small Business Cybersecurity Team”

    49:00 — Closing: Keep It Cyber Mettle!

    #CyberMettlePodcast #NIST #CybersecurityFramework #CSF2 #SmallBusinessCybersecurity #MFA #CyberResilience #VendorRisk #SupplyChainSecurity #GRC #Cybersecurity

    Keywords:

    NIST small business cybersecurity, NIST CSF 2.0, cybersecurity framework 2.0, small business cyber resilience, multi factor authentication small business, NIST quick start guide, supply chain cybersecurity, vendor risk management, cybersecurity for SMBs, NIST cybersecurity resources, small business ransomware preparedness, cybersecurity inventory crown jewels, NIST OLIR informative references

    Mehr anzeigen Weniger anzeigen
    45 Min.
Noch keine Rezensionen vorhanden