In this episode of the TPRM Podcast — Threats, Pitfalls & Risk Myths — Nate Lee talks with Ross Young, a former CISO and longtime security leader known for his pragmatic, outcome-driven approach to cybersecurity.

Ross brings experience from the intelligence community, including over a decade in government service, as well as senior security leadership roles at Capital One and Caterpillar Financial. He’s also the co-host of the CISO Tradecraft podcast and the author of Cybersecurity’s Dirty Secret: Why Most Budgets Go to Waste.

They explore why so much security spending fails to meaningfully reduce risk, why legacy assumptions continue to shape modern programs, and how CISOs can rethink budgeting, tooling, and prioritization. The conversation covers zero-based budgeting, tool sprawl and rationalization, third-party risk incentives, and how AI is rapidly changing both attack velocity and defensive strategy.

Ross shares practical frameworks for aligning spend with real threats, improving patching speed, and making smarter tradeoffs; without simply asking for more budget.

This episode is packed with insight for CISOs, security leaders, risk executives, and anyone responsible for building security programs that actually work.

Listen and Subscribe
Spotify → https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA?si=bf17a655fc0049f9
Apple Podcasts → https://podcasts.apple.com/us/podcast/the-tprm-podcast/id1848217699
YouTube → @TPRMPodcast

About the Guest
Ross Young is a former CISO with leadership experience at Capital One and Caterpillar Financial, following more than a decade in the intelligence community. He is the co-host of the CISO Tradecraft podcast and the author of Cybersecurity’s Dirty Secret: Why Most Budgets Go to Waste, where he focuses on helping security leaders spend smarter and reduce real-world risk.

About the Host
Nate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai, helping SaaS companies build business-aligned security programs that increase developer velocity, strengthen trust, and support rapid growth.

About the Show
The TPRM Podcast explores real-world conversations with security leaders reshaping how we think about risk — uncovering the threats, pitfalls, and myths behind today’s cybersecurity challenges.

All right. Okay
Nate’s LinkedIn → /natetrustmind
TPRM Podcast LinkedIn → /tprm-podcast
Website → tprmpodcast.com
Instagram → @TPRMPodcast
TikTok → @tprmpodcast