Risk and Reels: A Cybersecurity Podcast

Systemic Cyber Risk: A CISO’s Impossible Task

Jeffrey Wheatman — Wed, 04 Jun 2025 06:00:00 -0700

In this episode, Jeffrey Wheatman sits down with Paul Guckian, former BISO at Lloyd’s of London and author of Systemic Cyber Resilience: Why CISOs Can’t Fix Cybersecurity. They unpack why the traditional security model is broken, how systemic risk is the real enemy, and why putting the weight of an entire ecosystem on a single CISO sets everyone up for failure. From resilient thinking to lessons from fire safety and finance, Paul brings an academic lens—and a pragmatic mindset—to a critical conversation.

Link to Paul’s book.

Phishing for Truth: Fixing the Flaws in Security Awareness

Jeffrey Wheatman — Wed, 28 May 2025 06:00:00 -0700

Jeffrey Wheatman sits down with Cary Johnson, founder of Phishbusters Audit and Consulting, to expose the failures of traditional phishing simulations. They discuss why standard metrics fall short, how self-assessment distorts results, and what it really takes to track — and influence — behavioral change in security awareness programs.

The Accidental CISO

Jeffrey Wheatman — Wed, 21 May 2025 06:00:00 -0700

In this episode of Risk & Reels, Jeffrey Wheatman sits down with RJ Friedman, CEO of Dayone Cyber, to talk frameworks, risk, and leadership. RJ shares how his start in sales shaped his approach as a CISO, why CIS 18 remains his go-to, and how mapping frameworks to business goals makes all the difference. It's a sharp, honest look at what makes cybersecurity leadership actually work.

A Story of Limited Resources

Jeffrey Wheatman — Wed, 07 May 2025 06:00:00 -0700

In this episode of Risk & Reels, Jeffrey Wheatman sits down with Craig Taylor, CEO of CyberHoot, to talk about how small businesses are navigating the evolving world of cybersecurity compliance—especially the demanding standards of CMMC. From Apollo 13-style ingenuity to the unintended consequences of regulation, Craig shares a 30-year perspective rooted in psychology, education, and operational realism. Tune in for a conversation that covers limited resources, positive reinforcement, and why now is the time to prepare.

From Homicide to Hackers: Fixing Cybersecurity’s Broken Model

Jeffrey Wheatman — Wed, 23 Apr 2025 06:00:00 -0700

In this episode, Jeffrey Wheatman sits down with Carter Schoenberg, Chief Security Officer at Soundway Consulting and author of Why Cybersecurity Fails in America. From his unexpected transition from homicide detective to cybersecurity leader, Carter shares hard-earned insights into the failures of our current cyber risk models—and how to fix them. They dive into cybercriminal collaboration, the stagnation of HR and hiring practices, and why security leaders need to learn to “speak CFO.”

This Isn't the Wolf of Wall Street: Recruitment, Rewired

Jeffrey Wheatman — Wed, 16 Apr 2025 06:00:00 -0700

Richie Lampani—self-proclaimed Chief Recruiter Dude—joins Jeffrey Wheatman to talk about the real state of hiring today. From music industry war stories to navigating post-pandemic expectations, Richie drops insights on transparency, mentorship, and why the “perfect candidate” is a myth. Candid, sharp, and unexpectedly hilarious.

I Robbed a Bank with a Solar Eclipse

Jeffrey Wheatman — Wed, 09 Apr 2025 06:00:00 -0700

Jayson Street, Chief Adversarial Officer at Secure Yeti, returns to Risk and Reels for a no-holds-barred conversation on hacking human nature, creating teachable moments, and why kindness matters in cybersecurity. From robbing banks during celestial events to sneaky USB exploits involving hearing aids, Jayson shares stories that are as outrageous as they are enlightening. Plus: the power of the pause, avoiding blame culture, and how code words like “rutabaga” can save your family from scams.

A Confluence of Errors and a Little Help From Friends

Jeffrey Wheatman — Wed, 02 Apr 2025 06:00:00 -0700

In this episode of Risk & Reels, host Jeffrey Wheatman sits down with Ed Gaudet, CEO and founder of Censinet, for an insightful conversation about entrepreneurship, product innovation, and the evolution of cybersecurity in healthcare. Ed shares the winding path that led him to founding Censinet, why listening to customers is a game-changer, and how authentic leadership and human connection have shaped his journey. The two also geek out over company origin stories in film—think Tucker, BlackBerry, and of course, Jobs. With lessons on vision, leverage, and not losing sight of the people you serve, this episode is a must-listen for builders, dreamers, and anyone navigating the fast-moving world of tech and risk.

Cyber Truths, Intelligence Myths, and Life after the NSA

Jeffrey Wheatman — Wed, 26 Mar 2025 06:00:00 -0700

In this episode of Risk and Reels, host Jeffrey Wheatman welcomes security veteran and former NSA executive Don Boian for a wide-ranging conversation on intelligence, cybersecurity, and life on both sides of the public-private divide. Don reflects on his 30-year NSA career, shares myths about intelligence agencies, and explains how AI is shifting the balance for defenders. He also dives into his work as an expert witness, his boardroom insights, and how introverts can thrive in public speaking and leadership roles. It’s a blend of wisdom, war stories, and actionable advice for anyone in or entering the cybersecurity world.

Here's the list of the books Don mentions - Note: He does not endorse or profit from these books. Some have facts, fiction, and a little of both.
* Dark Territory

* Sandworm

* Countdown to Zero Day

* This is How They Tell Me the World Ends

Every Day is a Risk Decision

Jeffrey Wheatman — Wed, 19 Mar 2025 06:00:00 -0700

In this episode of Risk and Reels, host Jeffrey Wheatman sits down with seasoned cybersecurity leader Kimberly Trapani to discuss the evolving role of the CISO. With over 30 years in security, Kimberly shares insights from her career, emphasizing the importance of bridging the gap between business and technology.

Drawing inspiration from Apollo 13, likening a CISO’s role to mission control, she highlights navigating unexpected challenges with agility and confidence and shifting from a compliance-driven security program to a more integrated, business-resilient approach.

Silent Risk - How Do We Figure Out What We Don't Know?

Jeffrey Wheatman — Wed, 12 Mar 2025 06:00:00 -0700

In this episode of Risk and Reels, Jeffrey Wheatman (interviewing himself!) dives into the concept of the 'silent breach'—cybersecurity exposures that organizations don’t realize exist until it’s too late. He explores real-world examples of major supply chain vulnerabilities and the challenges of visibility in today’s digital ecosystem. Wheatman also discusses how organizations can improve risk assessment and response strategies to mitigate the cascading effects of hidden threats.

Telling YOUR Story Within Your Organization

Jeffrey Wheatman — Wed, 26 Feb 2025 06:00:00 -0800

In this episode (throwback to Black Hat 2024), Jeffrey talks to Munish Walther-Puri, Adjunct Fellow at NYU Center for Global Affairs. Jeffrey and Munish discuss exploring real-life challenges through fantasy and science fiction movies, allowing us to think through the more "uncomfortable" topics in a comfortable space. Have you heard of a "pirate unicorn?" Doubtful. Listen to episode 80 to find out.

The Concerning Impact of Cybersecurity on National Security

Jeffrey Wheatman — Wed, 19 Feb 2025 06:00:00 -0800

In this episode, Jeffrey talks to Dr. David Bray, PhD, who shares his extensive background in cybersecurity, national security and technology in the public sector. The conversation explores the accurate portrayal of cybersecurity in movies, the challenges of supply chain security, and the importance of deep hardware interrogation to ensure the integrity of technology.

Dr. Bray emphasizes the need for proactive measures in cybersecurity and the significance of understanding the perception of reality in the context of social engineering and national security. They also dig into the evolving landscape of cybersecurity, focusing on the challenges posed by compromised hardware, the rise of scams and ransomware and the dynamics between government and non-state actors. The conversation also touches on the implications of generative AI in cybersecurity and emphasize the need for proactive measures and innovative solutions to address these threats.

Meet an Attorney Who Keeps CISOs Out of Legal Hot Water

Jeffrey Wheatman — Wed, 12 Feb 2025 06:00:00 -0800

In this episode, Jeffrey talks to Steven Teppler, a partner at Mandelbaum Barrett and the lead of the firm's Privacy and Cybersecurity practice group. Steve is an ISACA-certified Certified Data Privacy Solutions Engineer (CDPSE) and the firm's chief cybersecurity legal officer. They discuss sci-fi movies and the intersection of cybersecurity and law — focusing on the evolving role of Chief Information Security Officers (CISOs) and the legal implications they face. They also explore the increasing legal exposure for CISOs, the complexities of downstream liability and the importance of defensibility in cybersecurity practices.

Addressing Cybersecurity’s Education and Engagement Challenges

Jeffrey Wheatman — Wed, 05 Feb 2025 06:00:00 -0800

In this episode, Jeffrey talks to Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance. They discuss their favorite movie-based educators, the importance of cybersecurity awareness, the challenges in measuring its effectiveness and the need for engaging educational content.

Fresh Perspectives from a Future Cybersecurity Leader

Jeffrey Wheatman — Wed, 29 Jan 2025 06:00:00 -0800

Cybersecurity veterans see the industry through the lens of experience. But how do those visions align with the outlooks of up-and-coming cybersecurity pros? In this episode, Jeffrey talks to Nick Crabb, a senior at Florida Gulf Coast University majoring in computer information systems, focusing on cybersecurity. They discuss their favorite college movies, Nick's educational journey, the challenges of entering the field and AI's impact on future job prospects.

What the Trump Administration Could Mean for Cybersecurity

Jeffrey Wheatman — Wed, 22 Jan 2025 06:00:00 -0800

In this episode, Jeffrey talks to Merritt Baer, CISO and advisory board member for Reco. Merritt also advises private businesses like Expanso, Andesite, Enkrypt AI and Level 6 Cybersecurity. She has a background in cybersecurity within the U.S. government and spent five years at AWS. Jeffrey and Merritt discuss their favorite fictitious world leaders, how the Trump administration may impact cybersecurity and the importance of public/private partnerships.

Everything is an Endpoint — and Other Zero Trust Insight

Jeffrey Wheatman — Wed, 15 Jan 2025 06:00:00 -0800

In this episode, Jeffrey talks to Jessica Dapelo, a zero trust expert and founder of Jessica Dapelo Enterprises, a consulting firm specializing in cybersecurity guidance for public sector organizations and agencies. They discuss movies about the convergence of two worlds, the importance of understanding zero trust as a proactive cybersecurity methodology, the implications of ethical AI on data privacy and the need for organizations to be aware of their data storage and access permissions.

We Really Need to Shake S*** Up in Cybersecurity Research and Insight

Jeffrey Wheatman — Wed, 08 Jan 2025 06:00:00 -0800

In this episode, Jeffrey speaks with cybersecurity marketing extraordinaire Dani Woolf, co-founder of CyberSynapse and CEO/host of the Audience 1st podcast. They discuss movies where the main character rocks the status quo, the unique challenges of marketing in the cybersecurity space, the shortcomings of traditional analyst models and the importance of direct customer engagement. The conversation also touches on the necessity of collaboration within the cybersecurity community and the common pitfalls smaller vendors face when trying to penetrate the enterprise market.

Yes, CISOs Should Be Ethical — But Maybe We Stop Lying To Them

Jeffrey Wheatman — Wed, 18 Dec 2024 06:00:00 -0800

In this episode, Jeffrey talks to Robert “RSnake” Hansen, Managing Director at Grossman Ventures. He’s also a computer hacker, executive and entrepreneur. He’s most well-known for his security research and disclosures such as Slowloris, Clickjacking, Fierce DNS enumeration tool and others.

RSnake produces a wide range of security content including The RSnake Report newsletter, a podcast called The RSnake Show and a book entitled AI’s Best Friend. Jeffrey and Robert discuss movies where a main character struggles with an ethical dilemma, the temptations for CISOs to act unethically and how companies should support CISOs to minimize the prevalence of those temptations.

Turtles All the Way Down — Looking for Third-Party Risk in DORA

Jeffrey Wheatman — Wed, 11 Dec 2024 06:00:00 -0800

In this episode, Jeffrey Wheatman talks to Sandra Saliba, TPP Governance Manager at APS Bank. Jeffrey and Sandra dig into the Digital Operational Resilience Act (DORA), the implications of DORA for financial institutions, and the importance of managing third-party risk in the face of increasing cyber threats.

Enough With the Cybersecurity Gatekeeping — Be a Genuine Mentor

Jeffrey Wheatman — Wed, 04 Dec 2024 06:00:00 -0800

In this episode, Jeffrey talks with Dave Ruiz — aka “CyberDAve” — cybersecurity leader for the Public Works Commission in Fayetteville, North Carolina. Dave is an Army veteran with over 20 years of experience in information assurance and security, governance risk and compliance and IT/OT Security. And he plays a mean guitar. Jeffrey and Dave discuss movies in which a mentor/mentee relationship is critical to the plot, how gatekeeping is detrimental to the future of cybersecurity and why genuine mentorship is so important to move the industry forward.

Hey, Cybersecurity Pros: Complexity is the Enemy of Execution

Jeffrey Wheatman — Wed, 27 Nov 2024 06:00:00 -0800

In this episode, Jeffrey talks to Edgar Jones, co-founder of Luminated in Thought — aka L.I.T. — an organization specializing in individual and group coaching for professionals. Edgar uses his background and lessons learned as a former NFL player to help professionals take on overwhelming situations and determine a clear path to breaking through complexity. He and Jeffrey discuss movies where a character exhibits leadership traits, navigating conflict via communication skills and how the best leaders are those who make connections — and how it all relates to cybersecurity.

Navigating Bias — Cybersecurity’s Crooked Mirror

Jeffrey Wheatman — Wed, 20 Nov 2024 06:00:00 -0800

In this episode, Jeffrey talks to Dr. Dustin Sachs, Chief Technologist and Sr. Director of Programs at the CyberRisk Collaborative. They discuss movies in which a main character’s misunderstanding of a situation creates chaos, then dive into Dustin’s extensive scholarly research on bias and explore its impact on making sound cybersecurity decisions.

Helping CISOs Communicate Their Way To Positive Outcomes

Jeffrey Wheatman — Wed, 13 Nov 2024 06:00:00 -0800

In this episode, Jeffrey talks to Rock Lambros, founder and CEO of RockCyber. Along with coaching CISOs and serving as a vCISO, Rock is also a published thought leader, co-authoring the book, “The CISO Evolution: Business Knowledge for Cybersecurity Executives.” Rock and Jeffrey talk about “little fish in a big pond” movies, the evolving landscape of cybersecurity for SMBs, transitioning from management to leadership in cybersecurity and the need for effective communication and collaboration between cybersecurity and operational teams.

The Art of Throwing the (Calculated) Cybersecurity Hail Mary

Jeffrey Wheatman — Wed, 06 Nov 2024 06:00:00 -0800

In this episode, Jeffrey talks to Mel Reyes, CEO of Elite Technical Concierge. Mel’s background is deep, with expertise in helping organizations build successful security programs with limited resources. He also heads a nonprofit organization, Fellowship of Digital Guardians that seeks to elevate awareness of IT, cybersecurity and compliance domains among individuals and organizations. Jeffrey and Mel discuss movies with unlikely heroes, the need for speed and agility in defense strategies and why innovative — and sometimes risky — ideas are critical to cybersecurity success.

What the Military’s “Elegant and Brutal” Model Can Teach Us About Cybersecurity

Jeffrey Wheatman — Wed, 30 Oct 2024 06:00:00 -0700

In this episode, Jeffrey talks to Cindy Seipert, an InfoSec GRC analyst at Health Catalyst. They discuss movies that challenge our identity, Cindy’s unique career path from the military to the tech industry and her experiences as a woman in cybersecurity.

You’ve Got To Be Audacious To Succeed

Jeffrey Wheatman — Wed, 23 Oct 2024 06:00:00 -0700

In this episode, Jeffrey talks with Keren de Via, Go-to-Market Director at Cyturus Technologies. Keren has a deep cybersecurity background and was the first female Combat Communications and Cyber Defense Officer in the Israel Defense Forces. They discuss movies where a character experiences a perspective-shifting transformation, Keren’s transition from military to civilian life and the importance of overcoming imposter syndrome.

What Better Time Than Now? (And Other Considerations for Aspiring Security Professionals)

Jeffrey Wheatman — Wed, 16 Oct 2024 06:00:00 -0700

In this episode, Jeffrey talks to Tanara Burke-Lloyd, SOC Analyst at Littler, the largest global employment and labor law practice. They discuss “fish out of water” movies, her inspiring journey into cybersecurity and the importance of mentorship, documentation and understanding the actual problems in cybersecurity.

Why “Always Be Collaborating” Should Overshadow “Always Be Closing” in Security Sales

Jeffrey Wheatman — Wed, 09 Oct 2024 06:00:00 -0700

In this episode, Jeffrey talks to entrepreneur and four-time CISO Demetrios Lazarikos — aka Laz. Laz is the founder and IT security consultant of Blue Lava Consulting. They discuss why security salespeople should look for ways to solve problems instead of focusing solely on closing and how CISOs can better communicate to a wider audience.

How CISOs Manage Risk Acceptance

Jeffrey Wheatman — Wed, 02 Oct 2024 06:00:00 -0700

In this episode, Jeffrey talks to Evelin Biro, a CISO advisor and cybersecurity expert. They discuss movies where a character goes through a significant life change, the role risk acceptance plays for CISOs and the difficult disconnect between regulatory requirements and business expectations.

AppSec Ain’t Easy — But it Doesn’t Have to be Impossible

Jeffrey Wheatman — Wed, 25 Sep 2024 06:00:00 -0700

In this episode, Jeffrey talks to Pete Chestna, Checkmarx's CISO of the Americas. They discuss movies in which a character feels threatened by the introduction of a new character, why successful AppSec requires better security/developer symbiosis and how CISOs take on the myriad challenges they face.

Building Business Resilience in the Face of Risk

Jeffrey Wheatman — Wed, 18 Sep 2024 06:00:00 -0700

In this episode, Jeffrey talks to Sara Ricci, an accomplished consultant and executive with a proven track record in global leadership roles, specializing in building new capabilities and enhancing organizational resilience. Jeffrey and Sara discuss movies with characters who exhibit great strength in the face of risk, the difference between resilience and business continuity and the need for collaboration and communication across different teams and levels of an organization.

Calculating the Cost of Cyber Risk

Jeffrey Wheatman — Wed, 04 Sep 2024 06:00:00 -0700

In this episode, Jeffrey talks to veteran CISO and cybersecurity practitioner Jason Taule. Jason has worked with Booz Allen, General Dynamics, HITRUST and others. Today, he serves as a virtual CISO for various clients. Jeffrey and Jason discuss movies that highlight character transitions, approaches to risk conversations and the cost calculations of cyber risk.

How Security Advisors Support Sales — Without Actually Selling

Jeffrey Wheatman — Wed, 28 Aug 2024 06:00:00 -0700

In this episode, Jeffrey talks to Helen Patton, cybersecurity advisor at Cisco. They discuss movies where the main character undergoes a career change, the challenges of being a cybersecurity advisor and maintaining your reputation as an independent thinker when working for a large company.

An Uncommon Cybersecurity Question: What Makes Your Soul Sing?

Jeffrey Wheatman — Wed, 21 Aug 2024 06:00:00 -0700

In this episode, Jeffrey talks with Dom Vogel, founder of Vogel Leadership & Coaching, where he helps cybersecurity executives to be the best leaders possible. Jeffrey and Dom discuss their favorite tear-jerkers, the power of empathetic leadership and “epic friend-building.”

Wanna Tackle Third-Party Risk? Collaborate, Collaborate, Collaborate!

Jeffrey Wheatman — Wed, 31 Jul 2024 06:00:00 -0700

In this episode, Jeffrey talks to Richard Stiennon, Chief Research Analyst at IT-Harvest. They discuss their favorite buddy movies, the art of collaboration with vendors and third parties and how CISOs and their teams can work with partners across the supply chain.

You Can't Ease off the Security Gas Pedal — Especially in Healthcare

Jeffrey Wheatman — Wed, 24 Jul 2024 06:00:00 -0700

In this episode, Jeffrey talks to Adam Moore, Head of Global Cloud Solutions for Elekta. They discuss movies that look forward and backward, security threats — including AI — to healthcare data and why you can never say “we’re good” with your security posture.

CISOs Need to Tell Good Stories and the Right Allies to Help Tell Them

Jeffrey Wheatman — Wed, 17 Jul 2024 06:00:00 -0700

In this episode, Jeffrey is joined by Matthew Webster, founder, CEO and CISO for Cyvergence. Jeffrey and Matthew discuss movies where miscommunication impacts a character, the importance of CISOs communicating the business impact of cybersecurity and finding allies to help them do it.

Third Party Risk Management Doesn’t Stop When the Contract is Executed

Jeffrey Wheatman — Wed, 10 Jul 2024 06:00:00 -0700

In this episode, Jeffrey talks to Melissa Mellen, Head of Third Party Risk Management for the Federal Reserve Bank of New York. They discuss movies that have unforeseen plot twists and the myriad challenges related to addressing third party risk management in cybersecurity.

An Honest Look at Diversity and Inclusion in the Security Industry

Jeffrey Wheatman — Wed, 03 Jul 2024 06:00:00 -0700

In this episode, Jeffrey talks to Octavia Howell, CISO at Equifax. Jeffrey and Octavia discuss movies that have done a good job at implementing diversity in storylines and characters, the isolation that women and people of color can feel at security events and what can be done to make the industry more inclusive.

If You’re Not Leading With Empathy, Are You Really Leading?

Jeffrey Wheatman — Wed, 12 Jun 2024 06:00:00 -0700

In this episode, Jeffrey talks with Tammy Klotz, CISO of Trinseo. Recorded at the recent Gartner Security & Risk Management Summit, they discuss their favorite low-budget movies, lessons from Tammy’s book, “Leading with Empathy and Grace” and how the manufacturing industry has embraced cybersecurity in recent years.

The Trials and Tribulations of a Virtual CISO and Startup Advisor

Jeffrey Wheatman — Wed, 05 Jun 2024 06:00:00 -0700

In this episode, Jeffrey talks to Tony Gonzalez, a former CTO, CIO and CISO in sectors such as biotech, pharma, specialty chemicals, finance and insurance. Today, Tony offers startup advisory and virtual CISO services. Jeffrey and Tony talk about movies where the main character unsuccessfully retires, the interesting nature of being a virtual CISO and how Tony assists startups.

Getting the Cybersecurity Budget you Need Doesn't Just Happen

Jeffrey Wheatman — Wed, 29 May 2024 06:00:00 -0700

In this episode, Jeffrey talks with Ira Winkler, CISO for CYE. They discuss their favorite low-budget movies and strategies for convincing decision-makers to approve the cybersecurity budgets necessary to comprehensively address risk.

The Risk & Reels Mix Tape — Some of our Favorite Guests

Jeffrey Wheatman — Wed, 22 May 2024 06:00:00 -0700

From time to time, it’s fun to look back and share snippets from some of our best conversations on the podcast. In this episode, you’ll hear cool insight from Ang Brown, Team Leader at TCS Security, Dave Mahdi, CIO of Transmit Security and Anna Belak, Director of the Office of Cybersecurity Strategy of Sysdig. There’s lots of movie talk and exciting insight into career journeys, the importance of standards and being able to communicate with diverse audiences.

From Outsider to Cybersecurity Insider — Leaning into the Power of Transitions

Jeffrey Wheatman — Wed, 15 May 2024 06:00:00 -0700

In this episode, Jeffrey talks to Mariana Padilla, co-founder and CEO of HACKERVERSE. Jeffrey and Mariana discuss movies (and TV shows) where the main character goes through a significant transition, Mariana’s journey from marketing to the security industry and the integration of AI and security solutions.

Are You Really You? The Fascinating World of Identity Access Management

Jeffrey Wheatman — Wed, 08 May 2024 06:00:00 -0700

In this episode, Jeffrey talks to Rick Patterson, CISO at CLEAR. They discuss movies about mistaken identities, the challenges and future of identity access management and a bizarre identity swap case from Rick’s time in the Secret Service.

Want to be a Successful CISO? Know Your Audience

Jeffrey Wheatman — Wed, 01 May 2024 06:00:00 -0700

In this episode, Jeffrey talks to Marcos Marrero, CISO at H.I.G. Capital. Jeffrey and Marcos discuss their favorite music-themed movies, how CISOs must move at the same speed as the business and the importance of being a master communicator.

There’s No Excuse to Ignore Supply Chain Cyber Risk

Jeffrey Wheatman — Wed, 24 Apr 2024 06:00:00 -0700

In this episode, Jeffrey talks to JC Dodson, former CSO for BAE Systems and the founder of global risk, resilience, and response advisory firm JCarl Group. Jeffrey and JC discuss movies where characters are confronted with new and challenging situations, the evolution of supply chain security and the critical nature of presenting cyber risks as a business concern.

The Intersection of OT and ICS Security

Jeffrey Wheatman — Wed, 10 Apr 2024 06:00:00 -0700

In this episode, Jeffrey talks to Mike Holcomb, Fellow of Cybersecurity and the ICS/OT Cybersecurity Global Lead for Fluor — one of the world's largest construction and engineering firms. Jeffrey and Mike discuss movies highlighting the clash of two worlds and the convergence of operational technology (OT) security and industrial control systems (ICS) security.

The Art of Managing — and Communicating — Third-party Security Risks

Jeffrey Wheatman — Wed, 03 Apr 2024 06:00:00 -0700

In this episode, Jeffrey talks to Phillip Addison, manager of third-party cyber risk management for The Hershey Company. Jeffrey and Phillip discuss buddy movies, key players in maintaining a secure ecosystem and tips for communicating third-party cyber risk to the C-Suite.

What Makes a Great Modern CISO?

Jeffrey Wheatman — Wed, 13 Mar 2024 06:00:00 -0700

In this episode, Jeffrey talks to Joe Head, a CISO coach and mentor with Intaso. They discuss “fish out of water” movies, the challenges related to being a CISO and advice for aspiring CISOs.

Pearls of Wisdom from a ‘Been There, Done That’ CISO

Jeffrey Wheatman — Wed, 06 Mar 2024 06:00:00 -0800

In this episode, Jeffrey talks to six-time CISO — and respected security thought leader — Jim Routh. They cover movies where miscommunication plays a major role in the plot, the scrutiny CISOs are under and the importance of crisis communication training.

The Ins and Outs of Fractional CISOs

Jeffrey Wheatman — Wed, 28 Feb 2024 08:00:00 -0800

In this episode, Jeffrey speaks to Carlota Sage, founder and CEO of Pocket CISO, to discuss obscure movies with Elvis characters, the emergence of Fractional CISOs and the unique security challenges she’s solving for SMB clients.

The Funniest — or “Least Boring” — Man in Cybersecurity

Jeffrey Wheatman — Wed, 21 Feb 2024 07:00:00 -0800

In this episode, Jeffrey talks to Keyaan Williams, Founder and CEO of Cyber Leadership and Strategy Solutions on his affinity for “The Long Kiss Goodnight,” his inspiration for becoming a cybersecurity professional and why he coins himself “The Funniest Man in Cybersecurity.”

Have Your CISO's Back

Jeffrey Wheatman — Wed, 14 Feb 2024 06:00:00 -0800

In this episode Jeffrey speaks with David Anderson, vice president of cyber at Woodruff Sawyer to discuss why he dislikes heist movies, his love for romantic comedies, and how the cyber insurance business works.

The Unpredictable Career Trajectory of a Cyber Professional

Jeffrey Wheatman — Wed, 07 Feb 2024 09:00:00 -0800

Steve Magowan, CISO and CISSP and Jeffrey Wheatman talk about their favorite movies with a small world and how to build a career in cyber security.

How to Make Businesses Care about Security

Jeffrey Wheatman — Wed, 31 Jan 2024 07:00:00 -0800

Dr. Anna Belak, director, office of cybersecurity at Sydig and Black Kite's Jeffrey Wheatman discuss how to make security a business priority.

Finding your Path

Jeffrey Wheatman — Wed, 24 Jan 2024 08:00:00 -0800

Ang Brown from TCM Security and Jeffrey Wheatman talk career paths and finding security.

Positivity, Privacy, and Pressure

Jeffrey Wheatman — Wed, 17 Jan 2024 10:00:00 -0800

Debbie Reynolds the Data Diva and Founder for Debbie Reynolds Consulting, and Jeffrey Wheatman talk about privacy in our modern world.

The Unlikely Hero

Jeffrey Wheatman — Wed, 10 Jan 2024 08:00:00 -0800

Jason Ozin, CISO for PIB Group joins Jeffrey Wheatman, SVP Security Evangelist for Black Kite to discuss unlikely heroes and the role of the CISO.

Heists, Fraud and Cons; Oh My!

Jeffrey Wheatman — Wed, 15 Nov 2023 07:12:34 -0800

During this Podcast Jonathan Care, Advisor at Lionfish and former Gartner Analysts, talks scams, cons and frauds and why they still work.

Can You See the Real Threats? | S2 Ep. 9 with Patrick Garrity

Jeffrey Wheatman — Wed, 01 Nov 2023 08:19:23 -0700

Patrick Garrity talks about the real threats, prioritizing vulnerabilities and movies where someone thinks they know what is going on and is wrong.

Tackling Risk | S2 Ep. 8 with Tomás Maldonado

Jeffrey Wheatman — Wed, 25 Oct 2023 05:17:25 -0700

Join us as Tomas Maldonado, CISO for the NFL and Jeffrey Wheatman, Black Kite Cyber Risk Evangelist discuss the best sports movies, the challenges of securing a league of disparate teams and collaboration for better security.

Building a Successful Security Program from Scratch | S2 Ep. 7 with George Al-Koura

Jeffrey Wheatman — Wed, 18 Oct 2023 11:58:19 -0700

During this episode George Al-Koura, CISO at Ruby and co-host of the Bare Knuckles & Brass Tacks podcasts shares his insights on building security programs from scratch.

The Overlap of Physical Security into Digital | S2 Ep. 6 with Angela Dogan

Jeffrey Wheatman — Tue, 10 Oct 2023 05:00:00 -0700

Meet Dr. Angela Dogan, the Associate Director for IT Cloud Computing at Kyndryl. Join us to talk about the Halloween movies, twists and turns, physical security, the evolution of physical security, cyber risk/posture, and the move to the cloud.

Security Operations: Learning what works | S2 Ep. 5 with Anton Chuvakin

Jeffrey Wheatman — Mon, 02 Oct 2023 10:27:11 -0700

Meet today's guest: Dr. Anton Chuvakin, an advisor at the Office of the CISO of Google Cloud. Join us to chat about sci-fi movies, technology predictions, security operations, solving security problems, three lines of defense, AI and using the cloud.

Security Architecture and what the structure entails | S2 Ep. 4 with Evgeniy Kharam

Jeffrey Wheatman — Mon, 25 Sep 2023 07:00:00 -0700

Jeffrey Wheatman is joined in this episode by Evgeniy Kharam, a fellow Cyber Evangelist!

Today we are discussing learning from your mistakes, Avatar, CGI, New Zealand, firewalls, and security architecture.

Why open standards matter for streamlined cybersecurity | S2 Ep. 3 with David Mahdi

Jeffrey Wheatman — Mon, 18 Sep 2023 07:47:29 -0700

This week we have Jeffrey's old friend and colleague: Dave Mahdi, the current CIO (Chief Identity Officer) for Transmit Security. Join us to chat about movies (Natalie Portman's first film!), Ted Lasso, good guys vs. bad guys, and why standards (and open standards) matter in the world of cybersecurity when prioritizing risk resilience.

Prioritizing cybersecurity in the world of CISO burnout | S2 Ep. 2 with Rob Black

Jeffrey Wheatman — Mon, 11 Sep 2023 07:51:09 -0700

In this episode, join Jeffrey and Rob Black, CISSP, the founder and CEO of Fractional CISO. Buckle up to talk about Stephen King, Barbenheimer, and the main topic of CISO burnout/stress and how to combat it in our new cyber environment while still prioritizing security leadership.

Cybersecurity in the realm of Higher Education around the world | S2 Ep. 1 with Luqman Kondeth

Jeffrey Wheatman — Tue, 05 Sep 2023 10:00:00 -0700

Welcome to SEASON TWO of Risk and Reels! Get ready to talk about Indian film festivals, Abu Dhabi, cyber security within higher education (with an emphasis on third party cyber risk), and plenty of side stories. In episode one, Jeffrey Wheatman brings his good friend and colleague
Luqman Kondeth to the show. He is the Director of Campus Technology Security Services for NYU Abu Dhabi.

The Bright Future of Public/Private Partnership in Cybersecurity | SEASON 1 FINALE Ep. 17 with Bailey Bickley

Jeffrey Wheatman — Tue, 30 May 2023 01:25:00 -0700

True crime, storytelling, Big Fish, the partnership between private sector and public sector, the new White House cybersecurity policy, power of strong minds in one room, resilience and redundancy, threat actors worldwide, and supply chain risk and security.

We are thrilled to share this episode with special guest, Bailey Bickley, the Chief DIB Defense at the NSA.

From the Military to IT and Cybersecurity | Ep. 16 with Lewis Heuermann

Jeffrey Wheatman — Mon, 22 May 2023 09:28:01 -0700

Charlie and the chocolate factory, Tom Hanks, the Military, culture shifts, precision, training, accountability, the why for the what.

Join Jeffrey Wheatman and Lewis Heuermann (current Cyber Risk Management leader at Booz Allen Hamilton) as they discuss what it looks like to move from a life in the service to a post-military role in cybersecurity, as well as stories and moments along the way.

Investing in Cyber and AI in 2023 | Ep. 15 with Rick Grinnell

Jeffrey Wheatman — Mon, 15 May 2023 11:48:03 -0700

Comedies, Young Frankenstein, History of the World, artificial intelligence, investments in cybersecurity, AI investors, third party risk, ChatGPT, the future of jobs in cyber. Hear from Rick Grinnell, the Founder of Glasswing Ventures (an investor of Black Kite!)

Cybersecurity in Higher Education – over the years and today | Ep. 14 with Gretchen Ruck

Jeffrey Wheatman — Mon, 08 May 2023 09:29:16 -0700

80s movies, Animal House, cyber in higher education, university CISOs, managing student data, healthcare within universities, compliance requirements, HECVAT, Educause,

Today's episode features Gretchen Ruck, Senior Managing Director of Cybersecurity & Privacy at Ankura.

The People of Cyber: Diversity, Education and Empowerment | Ep. 13 with Juliana Vida

Jeffrey Wheatman — Mon, 01 May 2023 10:03:11 -0700

The Admiral, A Christmas Story, new policies, the New White House Cybersecurity Policy, information security importance, DEI, diversity in cyber, government training, empowering the people, poker, hiring, and zero trust.

Welcome Juliana Vida to today's episode - she currently runs strategy for Public Sector at Splunk.

How to use cybersecurity tools properly to meet regulations | Ep. 12 with Larry Whiteside

Jeffrey Wheatman — Mon, 24 Apr 2023 11:12:29 -0700

Crafty hackers, super-smart villains, speaking the business language, GRC tools, risk and regulatory correlations, reg ops, being compliant, meeting regulations, and why vendors can't solve all your problems.

This episode, features Larry Whiteside, the current CISO at RegScale and long-time friend of Jeffrey Wheatman.

Building a third-party risk program from the ground up | Ep. 11 with Tom Garrubba

Jeffrey Wheatman — Mon, 17 Apr 2023 06:14:35 -0700

SPECIAL double-time episode. Hear from Tom Garrubba, the Director of Third-Party Risk Management Services at Echelon Risk + Cyber and he talks through the journey of building a third party risk management program at CVS Caremark (plus everything after and in-between.) Plus, as always, movies (JAWS), Saturday night theater showings, Franco, and Schwarzenegger.

Threat Modeling in STRIDE, the basis for cybersecurity. | Ep. 10 with Matt Stamper

Jeffrey Wheatman — Mon, 10 Apr 2023 01:16:00 -0700

Forrest Gump, threat modeling, animal farm, application weaknesses, business impact analyses, resilience, accountability, and stride. Tune into the latest episode to hear from Matt Stamper, the CEO of Executive Advisors Group.

Productive risk processes = truly reducing risk. How has TPRM shifted? | Ep. 9 with Bob Maley

Jeffrey Wheatman — Mon, 03 Apr 2023 06:42:37 -0700

Star Wars, Star Trek, third party risk management, fallen heroes, best practices, triaging risk, cyber posture, the cloud, vendor access, productive risk process, and truly managing risk. How has third party risk management changed in the last 20 years? How should it be changing to promote better processes? Join Jeffrey Wheatman and Bob Maley, CSO of Black Kite, for this exciting discussion.

Talking with the former Director of Cybersecurity Coordination for the U.S. Dept. of Homeland Security | Ep. 8 with Mike Brown

Jeffrey Wheatman — Mon, 27 Mar 2023 04:00:00 -0700

Jeffrey speaks with the former Director of Cybersecurity Coordination for the U.S. Dept. of Homeland Security, Mike Brown, about strategic, tactical, and operational cybersecurity.

With a plethora of emerging AI, where does the cybersecurity industry stand? | Ep. 7 with Eric Cowperthwaite

Jeffrey Wheatman — Mon, 20 Mar 2023 01:00:00 -0700

Musicals, emerging AI, and understanding the risk within your third-party ecosystem. Our guest this week is Eric Cowperthwaite, COO at Threathunter.ai by Milton Security.

Managing the risk you quantify is half the battle | Ep. 6 with David Elfering

Jeffrey Wheatman — Mon, 13 Mar 2023 01:00:00 -0700

Black and white films, photography, risk quantification, FAIR, (ROI), the business case for risk, risk scenarios, sea monsters, and PII. Our guest this week is David Elfering, Sr. VP and Sr. Cybersecurity Specialist at Marsh.

It’s the dog that caught the car - how can security programs properly mature? | Ep. 5 with Dave Lewis

Jeffrey Wheatman — Mon, 06 Mar 2023 01:00:00 -0800

John wick, curiosity, organizational changes over time, security debt, risk appetite, chatGPT, dogs running around, and taking security seriously. Join Jeffrey Wheatman and Dave Lewis, (Global Advisory CISO at Cisco), as they discuss what it means for security teams to mature and address accepted risks that need to be revisited. As security is taken more seriously overall, leaders must adjust programs to complement that.

The anatomy of the 2023 Black Kite Third Party Breach Report | Ep. 4 with Ferhat Dikbiyik

Jeffrey Wheatman — Sun, 19 Feb 2023 21:49:50 -0800

Third party attacks, common ways hackers target companies, Turkish movies, outsmarting the bad guys, and the trajectory of 2023 data breaches. Listen to episode four as Jeffrey Wheatman and the Head of Research at Black Kite, Ferhat Dikbiyik discuss the latest Third Party Data Breach report (and its astonishing findings).

“We’ve always done it that way.” Why we shouldn’t. | Ep. 3 with Patti Titus

Jeffrey Wheatman — Sun, 12 Feb 2023 22:15:00 -0800

Security starts with people. Process requires purpose. | Ep. 2 with Brian Reed

Jeffrey Wheatman — Sun, 12 Feb 2023 22:05:00 -0800

People, process, tools, tech, Ocean’s Eleven, movie remakes, and a recession. Security is people-centric, and tools cannot exist independently. Learn why we must humanize our problems first. Tune into episode 2 with Jeffrey Wheatman and guest Brian Reed (Senior Director of Cybersecurity Strategy at Proofpoint).

Who's a hacker? | Ep. 1 with Jayson Street

Jeffrey Wheatman — Sun, 12 Feb 2023 22:00:00 -0800

Hackers, curiosity, security, pen-testers, kindness, analogies and Hollywood criminals. Welcome to the first episode of Risk and Reels with Jeffrey Wheatman, featuring Jayson Street (OG Pen Tester and Chief Chaos Officer for Trusec), a self-proclaimed hacker.

Introducing Risk and Reels: A Cybersecurity Podcast

Jeffrey Wheatman — Mon, 06 Feb 2023 11:40:39 -0800

It's me, Jeffrey. And the first three episodes of my new podcast release on February 13th. I want YOU to tune in and experience the fun and knowledge shared every week.

I am inviting fellow cyber security experts and icons in the field to chat about relevant topics (plus all things cinema!) Stay tuned.