EPISODE · Jan 20, 2026 · 48 MIN
Security Without Waste: Rethinking Budgets, Tools, and Risk with Ross Young
from The TPRM Podcast
In this episode of the TPRM Podcast — Threats, Pitfalls & Risk Myths — Nate Lee talks with Ross Young, a former CISO and longtime security leader known for his pragmatic, outcome-driven approach to cybersecurity. Ross brings experience from the intelligence community, including over a decade in government service, as well as senior security leadership roles at Capital One and Caterpillar Financial. He’s also the co-host of the CISO Tradecraft podcast and the author of Cybersecurity’s Dirty Secret: Why Most Budgets Go to Waste. They explore why so much security spending fails to meaningfully reduce risk, why legacy assumptions continue to shape modern programs, and how CISOs can rethink budgeting, tooling, and prioritization. The conversation covers zero-based budgeting, tool sprawl and rationalization, third-party risk incentives, and how AI is rapidly changing both attack velocity and defensive strategy. Ross shares practical frameworks for aligning spend with real threats, improving patching speed, and making smarter tradeoffs; without simply asking for more budget. This episode is packed with insight for CISOs, security leaders, risk executives, and anyone responsible for building security programs that actually work. Listen and SubscribeSpotify → https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA?si=bf17a655fc0049f9Apple Podcasts → https://podcasts.apple.com/us/podcast/the-tprm-podcast/id1848217699YouTube → @TPRMPodcast About the GuestRoss Young is a former CISO with leadership experience at Capital One and Caterpillar Financial, following more than a decade in the intelligence community. He is the co-host of the CISO Tradecraft podcast and the author of Cybersecurity’s Dirty Secret: Why Most Budgets Go to Waste, where he focuses on helping security leaders spend smarter and reduce real-world risk. About the HostNate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai, helping SaaS companies build business-aligned security programs that increase developer velocity, strengthen trust, and support rapid growth. About the ShowThe TPRM Podcast explores real-world conversations with security leaders reshaping how we think about risk — uncovering the threats, pitfalls, and myths behind today’s cybersecurity challenges. All right. OkayNate’s LinkedIn → /natetrustmindTPRM Podcast LinkedIn → /tprm-podcastWebsite → tprmpodcast.comInstagram → @TPRMPodcastTikTok → @tprmpodcast
NOW PLAYING
Security Without Waste: Rethinking Budgets, Tools, and Risk with Ross Young
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m