What should a CISO do the first 90 days of his new role ? It's all about the journey of a CISO. Split the tenure into a few segments for understanding current security situation in the organization, putting together a strategy and execution. Focus on understanding your key roles in first 7 Days and first 30 Days withing in 90 Days. Learn more from our speaker - CISO, NTT Research. He's also writing a book on this soon.
About Speaker
Matthew Irelan is the CISO at NTT Research. Mathew is Proven strategic leader with a diverse background across many domains including executive consulting, healthcare, manufacturing, financial//banking industries, and emergency services (Law Enforcement, EMS, and Fire/Rescue). I love leading teams through culture change, fixing complex business problems, and driving profitable revenue growth.
Bikash Barai is the Co-Founder of FireCompass, an AI assistant for IT security decision makers. Earlier he founded iViZ an IDG Ventures backed company which was later acquired by Cigital. He is also an early advisor at CISO Platform.
Fireside Chat (Recorded)
Executive Summary (Session Highlights):
- Building Relationships and Preparing for Day One:
This session emphasized the importance of relationship-building and early research for incoming CISOs. Preparation begins before day one by studying the organization's business strategy, understanding key stakeholders, and building trust with peers and leaders. CISOs should seek to grasp the company culture, revenue models, and leadership dynamics through resources like LinkedIn and direct conversations. - Key Priorities in the First Week:
The initial week focuses on foundational activities like onboarding, understanding organizational dynamics, and creating a sense of belonging. CISOs should establish relationships with team members, identify key influencers, and familiarize themselves with the business environment. Early efforts should align with understanding immediate operational and strategic priorities. - Understanding Business Strategy in the First Month:
In the first 30 days, CISOs must prioritize learning the business inside out. Strategies include analyzing key revenue sources, understanding major business metrics, and identifying critical organizational milestones (e.g., acquisitions, product launches, or IPO plans). Building relationships with leaders in finance, manufacturing, and other departments provides insight into what drives the business and uncovers potential risks. - Aligning Security and Business Goals:
The session highlighted the necessity of framing security initiatives in terms of business outcomes. CISOs were advised to shift their focus from technical jargon to business language, aligning security strategies with key business objectives. For example, framing data security as a method to ensure customer trust and financial stability enhances collaboration with non-technical stakeholders. - Inventory and Gap Assessments:
Creating a complete and accurate inventory of people, processes, and technology is critical. This includes identifying data locations, understanding data flows, and mapping team strengths and weaknesses. Gap assessments help align existing security measures with organizational needs, ensuring a focused approach to mitigating risks. - Challenges in Data Discovery and Access Management:
Data inventory and access reviews were cited as ongoing challenges. Shadow IT and unknown data repositories present significant risks. The session stressed the importance of using both tools and personal interactions to uncover hidden data and foster collaboration with business leaders for effective security management. - Navigating the Language of Business vs. Security:
Successful CISOs bridge the gap between business and security by learning to speak the language of their stakeholders. Rather than imposing technical solutions, they must listen, adapt, and align security goals with broader business strategies. Building trust and showing humility were highlighted as key enablers in this process. - Mentorship and Continuous Learning:
The session underscored the importance of mentorship and ongoing professional development. Exercises like identifying gaps between current skills and desired roles can guide career advancement. CISOs were encouraged to focus on strategic thinking and leadership to become valuable business partners.
Comments