CISO Tradecraft® #265 - 12 CISO Templates (with Ross Young)
Dec 29, 2025
In this conversation, cybersecurity expert Ross Young, known for developing practical tools and templates, shares insights on his newly redesigned site featuring 12 free resources for CISOs. He delves into AI's role in coding and template creation, including budgeting and risk assessment tools. Ross also discusses the 'Cyber Six Pack' for tracking vulnerabilities, a CMMC compliance guide, and a personal values exercise aimed at optimizing team motivation. His innovative strategies offer invaluable support for enhancing cybersecurity without overspending.
AI Snips
Chapters
Transcript
Episode notes
Adopt English-First 'Vibe Coding' Workflows
- Use English-first 'vibe coding' with LLMs to generate code instead of hand-writing languages like Python or HTML.
- Leverage tools like Google Gemini or ChatGPT to produce working code and iterate from there.
Prioritize Projects With A Nine-Box Matrix
- Use a nine-box impact vs effort matrix to prioritize initiatives and fund quick wins first.
- Reserve funding for compliance items regardless of matrix placement, but prioritize risk-reduction in top boxes.
CMMC Requires Full Compliance For Certification
- CMMC has three certification tiers: foundational (17 safeguards), advanced (NIST 800-171), and expert (expanded controls).
- Organizations must reach 100% for certification and cannot rely on incomplete submissions or POA&Ms.