CISO Tradecraft® #256 - Maximize Your Cybersecurity Budgets (with Ross Young)
14 snips
Oct 27, 2025 In this discussion, cybersecurity expert and author Ross Young shares insights on maximizing security budgets and improving processes for CISOs. He explains the OWASP Threat and Safeguard Matrix and its importance in prioritizing defenses against key threats like phishing and identity attacks. Ross also provides strategies for negotiating master service agreements and optimizing security practices with tools like murder boards. The conversation further explores applying AI-related risk assessments and enhancing leadership approaches for new CISOs.
AI Snips
Chapters
Books
Transcript
Episode notes
Prioritize Material Threats With TASM
- Focus your budget on material threats unique to your organization rather than buying every tool.
- Use the OWASP Threat and Safeguard Matrix to map threats to appropriate safeguards and prioritize spending.
Ask What Threat A Tool Solves
- Always ask which material threat a proposed tool addresses and which NIST function it supports.
- Reject vendor pitches that cannot clearly map features to your prioritized threats and safeguards.
Build Playbooks From DBIR Findings
- Read the Verizon DBIR and build playbooks for the top recurring attack types.
- Ensure you have specific defenses for phishing, identity attacks, and unpatched internet-facing vulnerabilities.
