We all understand the need for better cybersecurity. However, for most CISOs the next logical challenge is determining the best way to reduce real-world risk without exhausting or overshooting an already-strained budget.