Core Sample

Episode 4 Your First Due Diligence Tool Is Free

I started this episode differently as yesterday (5/14/2026) I gave a talk to ISACA Phoenix and I wanted to make the presentation available to this audience. The link to the PDF presentation with the worksheets is on page 5 and 17. The worksheets help guide a career pivot and this may be relevant if you listened to Episode 3 and are interested in how Cybersecurity connects with mining, resources and defense. The link can be found in the middle of the page - https://myrtushq.com/resources. I recently came across some numbers that showed women represent 8-17% of the global mining workforce don’t quote me but I think it came from a study by McKinsey in 2021. But some studies suggest that women lack specialized financial education to take on the investment risk but what I’ve seen recently is that women want to get involved. That tells you everything you need to know about where we are right now. Women in mining and critical minerals are ready. They have the industry knowledge, the operational instincts, the sector fluency. What they’re looking for is the language and the tools to connect all of that to their financial decisions. This episode is one piece of that puzzle. And I want to start somewhere that costs nothing, requires no license, and is available to anyone with an internet connection. EDGAR. And its Canadian counterpart, SEDAR+. These are the public filing databases where companies disclose what they are required to tell investors — and a lot of what they’d probably prefer you didn’t read too carefully. In this episode I’m walking you through what these databases are, how to find a company’s filings, and specifically what to look for in the cybersecurity disclosure sections that the SEC now requires every public company to file. Here’s why that matters as an investor: since December 2023, every U.S.-listed public company has been required to describe in their annual report exactly how they assess, identify, and manage cybersecurity risk — and how their board oversees it. That’s Regulation S-K Item 106. If a material cyber incident occurs, they have four business days to disclose it publicly under Form 8-K Item 1.05. I am starting with that as we have been discussing it on previous podcasts. What those filings say — and how they say it — tells you something real about a company. Is the disclosure specific and detailed, or is it boilerplate? Does the board have actual cyber expertise, or are they checking a box? Has the company disclosed a prior incident, and if so, how did they handle it? Is there a pattern? You don’t need to be a cybersecurity professional to start reading these. You need to know where to look and what questions to ask. That’s what this episode is about. We’re starting simple. We’re starting free. And we’re building from here. In this episode: * Women are increasingly showing up to learn more about investing and what it signals about this moment * What EDGAR is, what SEDAR+ is, and how to find any public company’s filings in under five minutes * The specific cybersecurity sections now required in every U.S. public company annual report * What strong cyber disclosure looks like versus boilerplate box-checking * The questions to ask when you’re reading a filing as a potential investor * Why reputational and operational cyber risk is a valuation question, not just a technical one * How to use this as one lens in your broader due diligence — not a replacement for professional advice Resources mentioned: * EDGAR: https://www.sec.gov/search-filings * SEDAR+: sedarplus.ca * SEC Cybersecurity Disclosure Rules overview: sec.gov * Sturnella Signals Newsletter: news.sturnellahq.com Find Sturnella: sturnellahq.com Disclaimer: Before I let you go — a quick word on something important. Everything I share on Core Sample is for informational and educational purposes only. I’m here to talk about ideas, share what I’ve learned, and give you tools to ask better questions. But I don’t know your specific situation — your finances, your risk profile, your legal circumstances — and nothing on this show should be taken as investment advice, financial advice, legal advice, or a recommendation to buy or sell any security or financial instrument. Sturnella is a capital markets cybersecurity and governance advisory firm. We are not a registered investment adviser, broker-dealer, or financial institution. Women seeking investment decisions should work with licensed professionals to understand their risk profile and receive qualified advice. The information I share is based on publicly available sources and my own experience and perspective. I believe it’s accurate — but I’m not guaranteeing it, and things change. Now — with that said — I’m really glad you’re here. Pull up a chair. See you next time. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit sturnellahq.substack.com [https://sturnellahq.substack.com?utm_medium=podcast&utm_campaign=CTA_1]

Episode 3 The Ore Body Nobody is Talking About

There is an ore body in the mining and critical minerals space that nobody is talking about. It’s not a deposit. It’s a workforce gap. And it sits right at the intersection of cybersecurity governance, capital markets, and resource sector expertise. In this episode of Core Sample, I’m naming it out loud — because I don’t think enough people are. The SEC’s 2023 cybersecurity disclosure rules changed the compliance landscape for every public and pre-IPO company in the United States. Under Regulation S-K Item 106, boards must now demonstrate annual oversight of cybersecurity risk. Under Form 8-K Item 1.05, material incidents require public disclosure within four business days. For mining and critical minerals companies — sectors increasingly tangled up with national security, foreign investment review, and strategic supply chains — this creates a layered governance challenge that goes well beyond hiring a CISO. The people who can navigate that challenge need to hold law, capital markets, operational risk, and board accountability all at once. And here’s what I want you to hear: women who build careers in this sector already develop exactly that kind of range. We learn to translate complex risk into language that decision-makers can act on. We move between technical and commercial, operational and regulatory, site-level and C-suite. That is precisely the skill that capital markets cybersecurity demands. If you work in finance, legal, investor relations, operations, environmental, or risk inside this sector — you already have the hard part. The mining fluency. The sector credibility. The capital markets instinct. The cyber governance layer is learnable. And I say that as someone who earned her CISSP, CISM, and CCSP while already working in the industry. I also walk through two real April 2026 SEC disclosures — Itron and Medtronic — that show exactly what the difference between preparation and improvisation looks like in practice. This episode is an invitation. If you’ve ever been curious about where cyber governance intersects with your current role — or whether this represents a career direction worth exploring — this one is for you. In this episode: * The workforce gap hiding in plain sight in mining and critical minerals * What the SEC’s 2023 rules actually require — and why it’s a governance problem, not a technical one * Why women in this sector already have the hardest skills to acquire * Real disclosure examples from April 2026 — Itron and Medtronic * How to start if you’re curious — and why you have more of the foundation than you think * How to reach Sturnella if you want to talk Find Sturnella: sturnellahq.com Sturnella Signals Newsletter: news.sturnellahq.com Disclaimer: Everything I share on Core Sample is for informational and educational purposes only. I’m here to talk about ideas, share what I’ve learned, and spotlight the women doing incredible work in this industry. But I don’t know your specific situation — your finances, your career, your legal circumstances — and nothing on this show should be taken as investment advice, financial advice, legal advice, or a recommendation to buy or sell any security or financial instrument. Sturnella is a capital markets cybersecurity and governance advisory firm. We are not a registered investment adviser, broker-dealer, or financial institution. If you’re making investment or career decisions, please talk to a qualified professional who knows your situation. The information I share is based on publicly available sources and my own experience and perspective. I believe it’s accurate — but I’m not guaranteeing it, and things change. Now — with that said — I’m really glad you’re here. This show exists because these conversations matter. And so do you. Pull up a chair. See you next time. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit sturnellahq.substack.com [https://sturnellahq.substack.com?utm_medium=podcast&utm_campaign=CTA_1]

Episode 2 The Timing Will Feel Wrong

I ran a race this weekend. I didn’t run a great one. The time was off. My splits weren’t where I wanted them. And standing at mile 26, I made a choice about the story I was going to tell myself — the timing was off. Not the runner. There’s a difference. And it matters. In this episode of Core Sample, I’m pulling that thread through everything I do — endurance sport, entrepreneurship, and capital markets cybersecurity — because the principle underneath all of it is the same. The people who follow their intuition and do the work before anyone is watching? They finish. Not on the schedule they planned. But they cross the line. I also want to talk about what that means in a very specific, very real regulatory context. In 2023, the SEC adopted rules requiring public companies to disclose material cybersecurity incidents within four business days of determining they’re material. For a junior mining company that’s mid-transaction or weeks from listing, that clock starts whether you’re ready or not. The breach doesn’t check your calendar. The storm comes on its own schedule. The companies that navigate that well aren’t the ones who figured it out under pressure. They’re the ones who built the framework before anything happened. The training happened before the race. This episode is about lifelong learning, intuition, preparation, and why doing the work before it’s required is the whole strategy — in running, in business, and in governance. In this episode: * What mile 26 taught me about timing and identity * Why I trust the hunch even when the outcome isn’t visible yet * The SEC’s four-business-day disclosure clock and what it means in practice * Why preparation in cyber governance is a professional discipline, not an afterthought * Lifelong learning as a competitive advantage — and how I’ve lived it * Coach Bennett’s mantra and why it applies well beyond running Find Sturnella: sturnellahq.com Sturnella Signals Newsletter: news.sturnellahq.com Disclaimer: Everything on Core Sample is for informational and educational purposes only. Nothing here constitutes investment advice, financial advice, legal advice, or a recommendation to buy or sell any security. Sturnella LLC is a capital markets cybersecurity and governance advisory firm — not a registered investment adviser, broker-dealer, or financial institution. Always work with a licensed professional who knows your specific situation before making any investment decision. Pull up a chair — and do your homework. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit sturnellahq.substack.com [https://sturnellahq.substack.com?utm_medium=podcast&utm_campaign=CTA_1]

Episode 1 Original Story

Show Notes. EPISODE 1: SHOW NOTES PACKAGE Show Notes: This is the episode where it all begins. I’m Sydnie Beckman — founder of Sturnella, capital markets cybersecurity advisor, endurance athlete, and gold bug since 2001. In this first episode of Core Sample, I’m telling you exactly how I got here. Not the polished version. The real one. I walked away from a corporate career — cybersecurity, risk, big institutions, London, Singapore, global teams — with no safety net and no next job lined up. What I did have was a conviction I’d been carrying for over twenty years and a plan to finally go all in on it. I spent more than a year doing deep independent research into gold, silver, uranium, and critical minerals equities. Junior miners. SEC filings. Capital markets cycles. Sector rotation. Just me, in Wyoming, and the work. And somewhere in that research, I kept finding the same problem underneath every delayed listing and stalled transaction — CEOs, CFOs, and legal teams completely overwhelmed by SEC cybersecurity disclosure rules that were brand new, with no roadmap in sight. In July 2023, the SEC adopted sweeping rules requiring public companies to disclose material cyber incidents within four business days and describe board-level cyber oversight annually. For small mining and critical minerals companies, that’s an almost impossible standard without the right infrastructure in place. Nobody was helping them build it. So I did. In January 2026, I launched Sturnella. This episode is about the hunch, the leap, and why I built this show — for the women in mining, critical minerals, and natural resources who deserve a microphone. In this episode: * Why I left corporate without a plan B * My twenty-year conviction in gold and critical minerals * What I found as an investor that I couldn’t unsee * The SEC rules that changed the game for small mining companies * Why I launched Sturnella — and why now * What Core Sample is, who it’s for, and why pull up a chair Find Sturnella: sturnellahq.com Sturnella Signals Newsletter: news.sturnellahq.com Disclaimer:   Everything on Core Sample is for informational and educational purposes only. Nothing here constitutes investment advice, financial advice, legal advice, or a recommendation to buy or sell any security. Sturnella LLC is a capital markets cybersecurity and governance advisory firm — not a registered investment adviser, broker-dealer, or financial institution. Always work with a licensed professional who knows your specific situation before making any investment decision. Pull up a chair — and do your homework. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit sturnellahq.substack.com [https://sturnellahq.substack.com?utm_medium=podcast&utm_campaign=CTA_1]

Welcome to Core Sample

This is Core Sample — a podcast about the women who work across the full length of the mining and critical minerals supply chain. From the pit to the boardroom, from the assay lab to the trading desk, their work powers the energy transition, national defense, and the global economy. Most people have no idea. In this first episode, I’m sharing why I started this show, who it’s for, and what I hope it becomes. If you’re a woman in mining, critical minerals, or natural resources — or you know one — you’re in the right place. Hit follow, share it with someone who needs to hear it, and let’s get into it. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit sturnellahq.substack.com [https://sturnellahq.substack.com?utm_medium=podcast&utm_campaign=CTA_1]