Security icon

The First 100 Days as CISO

CISO success in five steps.

Get Instant Access
to this Blueprint


  • Chris Wolski CISO, Port Houston
  • Sean Walls, VP & CISO, Visionworks of America
  • Jon Culter, CISO
  • Michael Welch, Managing Director, MorganFranklin Strategy
  • Michalis Kamprianis, CISO, SUSE
  • Kunal Sehgal, CISO
  • Dimitrios Stergiou, CISO, Trustly
  • Baba Gurjeet Bedi, Advisory CISO, Xirocco, Ltd.
  • 3 anonymous company contributors
  • Make a good first impression at your new job.
  • Obtain guidance on how you should approach the first 100 days.
  • Assess the current state of the security program and recommend areas of improvement and possible solutions.
  • Develop a high-level security strategy in three months.

Our Advice

Critical Insight

  • Every CISO needs to follow Info-Tech’s five-step approach to truly succeed in their new position. The meaning and expectations of a CISO role will differ from organization to organization and person to person, however, the approach to the new position will be relatively the same.
  • Eighty percent of your time will be spent listening. The first 100 days of the CISO role is an information gathering exercise that will involve several conversations with different stakeholders and business divisions. Leverage this collaborative time to understand the business, its internal and external operations, and its people. Unequivocally, active listening will build company trust and help you to build an information security vision that reflects that of the business strategy.
  • Start “working” before you actually start the job. This involves finding out as much information about the company before officially being an employee. Investigate the company website and leverage available organizational documents and initial discussions to better understand your employer’s leadership, company culture ,and business model.

Impact and Result

  • Hit the ground running with Info-Tech’s ready-made agenda vetted by CISO professionals to impress your colleagues and superiors.
  • Gather details needed to understand the organization (i.e. people, process, technology) and determine the current state of the security program.
  • Track and assess high-level security gaps using Info-Tech’s diagnostic tools and compare yourself to your industry’s vertical using benchmarking data.
  • Deliver an executive presentation that shows key findings obtained from your security evaluation.

Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why the first 100 days of being a CISO is a crucial time to be strategic. Review Info-Tech’s methodology and discover our five-step approach to CISO success.

1. Prepare

Review previous communications to prepare for your first day.

2. Build relationships

Understand how the business operates and develop meaningful relationships with your sphere of influence.

3. Inventory components of the business

Inventory company assets to know what to protect.

4. Assess security posture

Evaluate the security posture of the organization by leveraging Info-Tech’s IT Security diagnostic program.

5. Deliver plan

Communicate your security vision to business stakeholders.

Guided Implementations

This guided implementation is a six call advisory process.

Guided Implementation #1 - Prepare

Call #1 - Prepare before you start.

Guided Implementation #2 - Build relationships and inventory components of the business

Call #1 - Understand the business.

Guided Implementation #3 - Assess security posture

Call #1 - Evaluate the business’ security posture using the Info-Tech Diagnostic Program.
Call #2 - Review Security Governance and Management Scorecard.
Call #3 - Review IT Business Satisfaction and Alignment Report

Guided Implementation #4 - Deliver plan

Call #1 - Build Executive Deck

Member Testimonials

Unlock Sample Research

After each Info-Tech experience, we ask our members to quantify the real time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this Blueprint, and what our clients have to say.




$ Saved

Days Saved

The Corporation of the City of Timmins

Guided Implementation




Search Code: 94051
Published: September 21, 2020
Last Revised: September 21, 2020

Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019