Resilient Cyber Resilient Cyber w/ Ross Young - Mastering the Cybersecurity Budget
Nov 4, 2025
Ross Young, a former CIA officer and seasoned cybersecurity leader, dives deep into mastering the cybersecurity budget. He discusses the common pitfalls in budget allocation and critiques the inefficiencies of incremental budgeting. Ross highlights the importance of understanding total cost of ownership and advocates for a threat-informed approach to spending. He also introduces his unique audit method to optimize tool usage and shares insights from his upcoming book on the often-overlooked challenges in cybersecurity finance.
AI Snips
Chapters
Transcript
Episode notes
Ross’s Career Journey Shapes His Lens
- Ross Young spent over a decade at the CIA running DevOps and nation-state actor programs.
- He later served as CISO at Caterpillar Financial and now hosts CISO Tradecraft and writes about budgeting.
Treat Budgeting As Core CISO Skill
- Do prioritize mastering the cybersecurity budget as a core CISO skill, not just technical controls.
- Learn procurement, contracting, and cross-functional finance conversations to save millions and deliver outcomes.
Avoid Knee-Jerk Tool Swaps
- Avoid immediately switching to familiar tools from your previous employer without finding internal savings first.
- Identify underutilized tools to retire and fund new purchases from within your existing budget.