Security Without Waste: Rethinking Budgets, Tools, and Risk with Ross Young episode artwork

EPISODE · Jan 20, 2026 · 48 MIN

Security Without Waste: Rethinking Budgets, Tools, and Risk with Ross Young

from The TPRM Podcast

In this episode of the TPRM Podcast — Threats, Pitfalls & Risk Myths — Nate Lee talks with Ross Young, a former CISO and longtime security leader known for his pragmatic, outcome-driven approach to cybersecurity. Ross brings experience from the intelligence community, including over a decade in government service, as well as senior security leadership roles at Capital One and Caterpillar Financial. He’s also the co-host of the CISO Tradecraft podcast and the author of Cybersecurity’s Dirty Secret: Why Most Budgets Go to Waste. They explore why so much security spending fails to meaningfully reduce risk, why legacy assumptions continue to shape modern programs, and how CISOs can rethink budgeting, tooling, and prioritization. The conversation covers zero-based budgeting, tool sprawl and rationalization, third-party risk incentives, and how AI is rapidly changing both attack velocity and defensive strategy. Ross shares practical frameworks for aligning spend with real threats, improving patching speed, and making smarter tradeoffs; without simply asking for more budget. This episode is packed with insight for CISOs, security leaders, risk executives, and anyone responsible for building security programs that actually work. Listen and SubscribeSpotify → https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA?si=bf17a655fc0049f9Apple Podcasts → https://podcasts.apple.com/us/podcast/the-tprm-podcast/id1848217699YouTube → @TPRMPodcast About the GuestRoss Young is a former CISO with leadership experience at Capital One and Caterpillar Financial, following more than a decade in the intelligence community. He is the co-host of the CISO Tradecraft podcast and the author of Cybersecurity’s Dirty Secret: Why Most Budgets Go to Waste, where he focuses on helping security leaders spend smarter and reduce real-world risk. About the HostNate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai, helping SaaS companies build business-aligned security programs that increase developer velocity, strengthen trust, and support rapid growth. About the ShowThe TPRM Podcast explores real-world conversations with security leaders reshaping how we think about risk — uncovering the threats, pitfalls, and myths behind today’s cybersecurity challenges. All right. OkayNate’s LinkedIn → /natetrustmindTPRM Podcast LinkedIn → /tprm-podcastWebsite → tprmpodcast.comInstagram → @TPRMPodcastTikTok → @tprmpodcast

NOW PLAYING

Security Without Waste: Rethinking Budgets, Tools, and Risk with Ross Young

0:00 48:05

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of The TPRM Podcast?

This episode is 48 minutes long.

When was this The TPRM Podcast episode published?

This episode was published on January 20, 2026.

What is this episode about?

In this episode of the TPRM Podcast — Threats, Pitfalls & Risk Myths — Nate Lee talks with Ross Young, a former CISO and longtime security leader known for his pragmatic, outcome-driven approach to cybersecurity. Ross brings experience from the...

Can I download this The TPRM Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!