Prostock-studio – stock.adobe.co
Congratulations! You just landed the job of a lifetime as a chief information security officer. Tell your spouse, call your mother — and gird your loins.
While the CISO role is more important, prestigious and lucrative than ever, it is also high-profile and potentially high-risk. Recently, for example, a jury convicted Uber’s former CSO of mishandling cyber attacks at the company, with up to eight years in prison on the table. While this is an extreme case, one must take the CISO role seriously.
Given the critical nature and high stakes of the position, first impressions are paramount. Approach the first 100 days in a new CISO job as a key period to accomplish the following:
It is vital to immediately establish a tone that balances transparency with high standards, accountability with understanding, and competence with humility and a willingness to learn.
As a new CISO, successfully navigating the first 100 days on the job starts well before your first day in the office. Upon landing a new role, immediately begin sketching out a working list of immediate, medium and long-range goals, which you’ll continue to update in the coming days, weeks and months.
First, do your homework. Learn everything you can about the following:
In your initial days officially on the job, watch, look and listen. Do not act.
While some issues might become immediately apparent, resist the temptation to make any changes during the first week or two. Instead, take a beat to observe and understand the current security landscape as fully as possible.
First and most importantly, learn about the people. Meet with security staff, and ask about their roles and responsibilities and how they do their jobs. Listen carefully as you get to know the team’s personalities and dynamics. Consider the following:
Set up introductory meetings with other key stakeholders as well, such as executives, business unit leaders and other relevant staff.
Once you understand the human element, start methodically assessing existing security processes. This review should include the following:
Inevitably, you will find some gaps, whether in tooling, training or integrations.
Once you have fully assessed your company’s security program, including its people, processes and technology, consider its weaknesses. Draft a list of strategic priorities that close existing security gaps — in alignment with the company’s risk appetite and high-level business goals — and group each into one of the following buckets:
Part of: Getting started as a CISO
The chief information security officer role is growing in profile and importance. Explore six actionable tips for aspiring CISOs as they work toward cybersecurity’s top job.
While one doesn’t necessarily need professional cybersecurity certifications to become a CISO, they don’t hurt. Explore the best certifications for CISOs and aspiring CISOs.
A capable security executive is invaluable — a fact organizations increasingly recognize. CISOs’ salaries are generally trending up, but the range in compensation is wide.
If a CISO becomes the company scapegoat after a security incident, a strong golden parachute clause can mean the difference between a soft landing and a hard crash.
Incompatibility between CISOs and their companies can lead to stress, frustration, burnout and rapid turnover. Identify your CISO style to target the ideal role and environment for you.
As a chief information security officer, you won’t get a second chance to make a first impression. Learn how a CISO’s first 100 days lay the foundation for a successful tenure.
When planning wireless network capacity needs, tally your total endpoints, monitor application bandwidth usage and consider …
Private wireless networks enable more control over networks, but they aren’t right for every organization. Here’s what to …
Arista’s new switches provide more options for enterprises and higher speeds for bandwidth-hungry hyperscalers. The latest …
When building a list of emerging technologies to watch, it’s essential to also consider sustainability — a concept gaining more …
Looking for information on digital transformation? Our list of 12 must-reads covers everything from formulating a digital …
Technology managers will be boosting cybersecurity, optimizing previous investments and staying on top of AI — while they also …
These 12 tools approach patching from different perspectives. Understanding their various approaches can help you find the right …
Modern enterprise organizations have numerous options to choose from on the endpoint market. Learn about some of the main …
Monitoring files on Windows systems is critical to detect suspicious activities, but there are so many files and folders to keep …
To add another level of security, find out how to automatically rotate keys within Azure key vault with step-by-step instructions…
Terraform manages resources using configuration files within cloud platforms. Follow this step-by-step tutorial to learn how to …
Open source PaaS is a good option for developers who want control over application hosting and simplified app deployment, but not…
Data for good is a theme of the information management stories of 2022 selected here. From tracking space junk, through medical …
As the Covid crisis gave way to the energy crisis and economic turmoil, enterprise software suppliers have urged customers to …
Data science and analytics is an increasingly important function across the John Lewis Partnership, covering its retail, grocery …
All Rights Reserved, Copyright 2000 – 2023, TechTarget
Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information