Get Instant Access
to This Blueprint

Security icon

The First 100 Days as CISO

CISO success in five steps.

  • Make a good first impression at your new job.
  • Obtain guidance on how you should approach the first 100 days.
  • Assess the current state of the security program and recommend areas of improvement and possible solutions.
  • Develop a high-level security strategy in three months.

Our Advice

Critical Insight

  • Every CISO needs to follow Info-Tech’s five-step approach to truly succeed in their new position. The meaning and expectations of a CISO role will differ from organization to organization and person to person, however, the approach to the new position will be relatively the same.
  • Eighty percent of your time will be spent listening. The first 100 days of the CISO role is an information gathering exercise that will involve several conversations with different stakeholders and business divisions. Leverage this collaborative time to understand the business, its internal and external operations, and its people. Unequivocally, active listening will build company trust and help you to build an information security vision that reflects that of the business strategy.
  • Start “working” before you actually start the job. This involves finding out as much information about the company before officially being an employee. Investigate the company website and leverage available organizational documents and initial discussions to better understand your employer’s leadership, company culture ,and business model.

Impact and Result

  • Hit the ground running with Info-Tech’s ready-made agenda vetted by CISO professionals to impress your colleagues and superiors.
  • Gather details needed to understand the organization (i.e. people, process, technology) and determine the current state of the security program.
  • Track and assess high-level security gaps using Info-Tech’s diagnostic tools and compare yourself to your industry’s vertical using benchmarking data.
  • Deliver an executive presentation that shows key findings obtained from your security evaluation.

The First 100 Days as CISO Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why the first 100 days of being a CISO is a crucial time to be strategic. Review Info-Tech’s methodology and discover our five-step approach to CISO success.

1. Prepare

Review previous communications to prepare for your first day.

2. Build relationships

Understand how the business operates and develop meaningful relationships with your sphere of influence.

3. Inventory components of the business

Inventory company assets to know what to protect.

4. Assess security posture

Evaluate the security posture of the organization by leveraging Info-Tech’s IT Security diagnostic program.

5. Deliver plan

Communicate your security vision to business stakeholders.

Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.


Overall Impact


Average Days Saved




$ Saved

Days Saved

Tech Data Corporation

Guided Implementation




The Corporation of the City of Timmins

Guided Implementation




no complaints!

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.


Overall Impact

Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 4-phase advisory process. You'll receive 6 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Prepare
  • Call 1: Prepare before you start.

Guided Implementation 2: Build relationships and inventory components of the business
  • Call 1: Understand the business.

Guided Implementation 3: Assess security posture
  • Call 1: Evaluate the business’ security posture using the Info-Tech Diagnostic Program.
  • Call 2: Review Security Governance and Management Scorecard.
  • Call 3: Review IT Business Satisfaction and Alignment Report

Guided Implementation 4: Deliver plan
  • Call 1: Build Executive Deck


Michelle Tran


  • Chris Wolski CISO, Port Houston
  • Sean Walls, VP & CISO, Visionworks of America
  • Jon Culter, CISO
  • Michael Welch, Managing Director, MorganFranklin Strategy
  • Michalis Kamprianis, CISO, SUSE
  • Kunal Sehgal, CISO
  • Dimitrios Stergiou, CISO, Trustly
  • Baba Gurjeet Bedi, Advisory CISO, Xirocco, Ltd.
  • 3 anonymous company contributors
Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019