- Chris Wolski CISO, Port Houston
- Sean Walls, VP & CISO, Visionworks of America
- Jon Culter, CISO
- Michael Welch, Managing Director, MorganFranklin Strategy
- Michalis Kamprianis, CISO, SUSE
- Kunal Sehgal, CISO
- Dimitrios Stergiou, CISO, Trustly
- Baba Gurjeet Bedi, Advisory CISO, Xirocco, Ltd.
- 3 anonymous company contributors
- Make a good first impression at your new job.
- Obtain guidance on how you should approach the first 100 days.
- Assess the current state of the security program and recommend areas of improvement and possible solutions.
- Develop a high-level security strategy in three months.
- Every CISO needs to follow Info-Tech’s five-step approach to truly succeed in their new position. The meaning and expectations of a CISO role will differ from organization to organization and person to person, however, the approach to the new position will be relatively the same.
- Eighty percent of your time will be spent listening. The first 100 days of the CISO role is an information gathering exercise that will involve several conversations with different stakeholders and business divisions. Leverage this collaborative time to understand the business, its internal and external operations, and its people. Unequivocally, active listening will build company trust and help you to build an information security vision that reflects that of the business strategy.
- Start “working” before you actually start the job. This involves finding out as much information about the company before officially being an employee. Investigate the company website and leverage available organizational documents and initial discussions to better understand your employer’s leadership, company culture ,and business model.
Impact and Result
- Hit the ground running with Info-Tech’s ready-made agenda vetted by CISO professionals to impress your colleagues and superiors.
- Gather details needed to understand the organization (i.e. people, process, technology) and determine the current state of the security program.
- Track and assess high-level security gaps using Info-Tech’s diagnostic tools and compare yourself to your industry’s vertical using benchmarking data.
- Deliver an executive presentation that shows key findings obtained from your security evaluation.
This guided implementation is a six call advisory process.
Guided Implementation #1 - Prepare
Call #1 - Prepare before you start.
Guided Implementation #2 - Build relationships and inventory components of the business
Call #1 - Understand the business.
Guided Implementation #3 - Assess security posture
Call #1 - Evaluate the business’ security posture using the Info-Tech Diagnostic Program.
Call #2 - Review Security Governance and Management Scorecard.
Call #3 - Review IT Business Satisfaction and Alignment Report
Guided Implementation #4 - Deliver plan