CISO Tradecraft® #265 - 12 CISO Templates (with Ross Young)
38 snips
Dec 29, 2025 In this conversation, cybersecurity expert Ross Young, known for developing practical tools and templates, shares insights on his newly redesigned site featuring 12 free resources for CISOs. He delves into AI's role in coding and template creation, including budgeting and risk assessment tools. Ross also discusses the 'Cyber Six Pack' for tracking vulnerabilities, a CMMC compliance guide, and a personal values exercise aimed at optimizing team motivation. His innovative strategies offer invaluable support for enhancing cybersecurity without overspending.
AI Snips
Chapters
Books
Transcript
Episode notes
Vet AI Vendors With A Standardized Questionnaire
- Use the Cloud Security Alliance AI Control Matrix questionnaire to assess vendors with yes/no responses and get a compliance dashboard.
- Export JSON or PowerPoint to archive results and present vendor AI posture to executives.
Measure VM With Age And SLA-Backlog Metrics
- Track vulnerability management with simple metrics: average age of vulnerabilities and count past SLA.
- Use a dashboard across scanners and managers to drive accountability and trending improvements.
Budget Around Total Cost Of Ownership
- Build cybersecurity budgets around total cost of ownership: labor, licensing, and hosting.
- Forecast multi-year TCO and show percent of budget by category to align with CFO expectations.
