CISO Tradecraft® #255 - Maximize the Outcomes Per Dollar in Cyber (with Ross Young)
16 snips
Oct 20, 2025 Ross Young, a 20-year cybersecurity veteran with experience at the CIA and Capital One, shares his expertise on optimizing security budgets. He emphasizes that throwing money at tools can dilute effectiveness and stresses prioritizing risk reduction over compliance. Ross advocates for zero-based budgeting and highlights the importance of calculating total cost of ownership. He also critiques traditional cyber risk quantification methods and stresses the need to present budget requests in financial terms that showcase ROI. His insights promise to transform how CISOs approach their spending.
AI Snips
Chapters
Books
Transcript
Episode notes
Maximize Outcomes Per Dollar
- Cybersecurity leaders must maximize outcomes per dollar rather than just focus on technical depth.
- Ross Young reframes cyber as a business of revenue protection to align security with business value.
Fix Tool Coverage Before Buying More
- Audit deployed tools and enable their protective features before buying new products.
- Ensure coverage across endpoints and servers to realize existing tool value.
Security Spending Can Destroy Profit
- Overspending on security can erode company profitability and take revenue away from the business.
- CISOs must show ROI for spend so dollars protect business, not just inflate security budgets.
