Risk and Reels: A Cybersecurity Podcast

Jeffrey Wheatman spent years as a Gartner analyst telling CISOs uncomfortable truths about their security programs, and Risk and Reels is basically that job without the NDA. Each episode pairs a cybersecurity topic with a movie reference, which sounds gimmicky until you realize the film framing actually helps make board-level risk conversations stick. An episode about insider threat might open with Office Space; one on supply-chain attacks borrows from Ocean's Eleven. The real substance comes from Wheatman's guests, who tend to be working CISOs, risk officers, and the people who advise them. They talk candidly about things most security podcasts tiptoe around: how to say no to the CEO, what cyber insurance underwriters actually care about, why most risk registers are theater, and how to quantify risk in dollars without pretending you have perfect data. Episodes usually run 30 to 45 minutes and the tone is conversational, occasionally profane, always honest. Recent topics have covered third-party risk management fatigue, the gap between NIST CSF 2.0 and what organizations actually implement, and why the CISO role keeps getting harder. If you're moving from hands-on security into management, or you're already in the chair trying to justify next year's budget, this show will feel like a mentor who isn't trying to sell you anything.