The First 100 Days in A CISO’s Life

Protect your business and read more about cybersecurity and privacy tips on our blog.

Landing the position of a Chief Information Security Officer job can be quite thrilling, and at the same time, overwhelming. Regardless of how the new position was secured, the first three months of a new security chief’s life is highly significant. Like any leadership position, how you begin can make or stain that position. When you approach your new role with a strong strategy, you’re bound to enjoy success.

The Role of a CISO

Though information and communication technology are one of the core aspects of cybersecurity, the role of the CISO goes beyond just managing technology. The CISO wears several hats, with communication being a crucial skill. An effective CISO must be a good communicator, a manager and an effective leader.

The fist 100 days in the life of a Chief Information Security Officer (CISO) is often considered as the “honeymoon” period. Having a solid strategy, then a plan will lay the foundation for a strong security program as well as the foundation for a personal brand of credibility and leadership. There’s no way to avoid this: if you must last in this new position beyond the first 100 days, you must be able to manage the daily emergencies and meet the organizational expectations.

According to Tom Scholtz, the vice president at analyst firm Gartner, it is during this period that you establish your credibility and the perception that others will associate to your subsequent actions and plans. The first step is to set up and preserve relationships with the major partners and influences. The next step is to effectively express and communicate your agenda for security. Later, you identify two essential projects that you can either complete or at least start in the first three months. You can then specify other projects that you can take on in the next twelve months.

Reality Vs Expectations

Most often, the reality a new CISO finds on arrival usually differs from his expectations. The complaints of most CISOs is that, what they find upon starting the new role and what they were promised during their recruitment processes, are two different things. A number of factors may be attributed to this disconnect, both from the part of the organization and the CISO. Thus, it is expedient that both parties make attempt to clarify misunderstandings and engage in some healthy self-evaluations with a focus on “broken promises”.

Bad Moves

Trying to do too Much

One mistake to avoid, is trying to do too much at once. The role of a CISO is naturally demanding without you adding to it. A CISO has to build and oversee the wide-ranging security function of an organization such that the organization is shielded from internal and external threats, demonstrate measurable ROI, at the same time, incorporate strategies that align with the priorities of the Key stakeholders and business cycle of the organization.

Having a Negative Mindset

Avoid having a fatalistic mindset as this will weigh you down. Thinking that technical issues will always win out, will reduce your role to mere firefighting approach. Having a defensive mindset will only breed defensive attitudes, which is difficult to overcome once you start.

Blaming Others

One of the biggest mistakes a new CISO can make is to place blames on his predecessors. Avoid the blame game as much as possible as this sets a negative tone for your security program.

Things to Consider in order to Realize Big Wins in the First 100days

The following are tips for securing big wins in the first 100 days of being a security leader.

Make Preparations

The more information you have about your current position, the better equipped you are to tackle challenges and emergencies. You don’t have to wait till you officially resume before you prepare for that job. Never approach your new role with impromptu attitudes. Find out which security initiatives have worked in the past and which ones haven’t, and if there have ever been cybersecurity breaches.

Assess the Organization and Risk Status

Take an inventory of the overall security status of the company with a digital footprint and run an early penetration test on the key systems. Implement direct communications to build strong relationships. Find out what is working and what isn’t working for the security program of the organization. By gaining information about the vulnerabilities and threats of the organization, the CISO can take proactive measures to assess and tackle security challenges.

Start Developing your Security Plan

Make a rough draft or an outline of your agenda for your fist 100 days and implement all the information you have gathered. Share your knowledge with your team and hire additional resources if necessary. Ensure you have a team of expert who can cover up your weakness. This is the time to strategize and establish your credibility as a security officer.

Act and Measure

Make smart decisions and act on them. This is the time to implement all that you have learnt to deliver visible results. Get the support of the board by actively engaging in board discussions with a view of providing information needed to ensure success. Underline early wins and challenges, ensure the participation of key partners and influencers, participate in existing projects, set budgets, and redefine your team. Furthermore, a CISO can get a mentor with relevant security leadership experience to guide him or he can communicate with his predecessors for guidance.


The first 100 days of a CISO’s job can make or mar his success. No function in any large organization exists in a vacuum. If you must get anything done as a CISO and realise big wins, you must ensure that you align your security agenda with the priorities of the key stakeholders, business cycle, and budget cycle. Meaningful change may not necessarily begin in the first 100 days, but they will surely happen over time with proper planning, hard work, and leveraging the drivers in your security team.

Focus On Your Profits

Protect Your Business on Your Terms

Protect your life’s work with Responsible Cyber’s platform and services, arming you with comprehensive support for your business, empowering you to stay one step ahead of black-hatted criminals.

Cyberattacks on big corporations flood the headlines, but small and medium businesses are also big targets too. One in every five small businesses fall victim to a cyberattack and of those, 60% go out of business within 6 months. 

CYBERSEC Global 2020 Goes Digital – Register Now

CYBERSEC goes global and online in 2020The 6th edition of the EUROPEAN CYBERSECURITY FORUM will be held on 28–30 September online. This year’s CYBERSEC leitmotif - “Together Against Adversarial Internet” and the mission of the forum will enhance cooperation of...

read more

CYBERSEC Global 2020 Goes Digital – Register Now

CYBERSEC goes global and online in 2020The 6th edition of the EUROPEAN CYBERSECURITY FORUM will be held on 28–30 September online. This year’s CYBERSEC leitmotif - “Together Against Adversarial Internet” and the mission of the forum will enhance cooperation of...

read more
Responsible Cyber Revving Up For the New Decade

Responsible Cyber Revving Up For the New Decade

Responsible Cyber is a leading service provider of cybersecurity solutions. Given the efficacy of their solutions that improve the online security of small and medium-sized companies, they have grown at an astronomical rate.

Responsible Cyber provides a fully integrated platform that takes care of the cybersecurity of a business at different stages of growth. It is convenient, user-friendly, and affordable, which has added to the superiority and popularity of the solution. The platform allows busy business owners to pay at their pace, and on their terms while protecting their business. As a result, the business has been expanding at an accelerated pace in the domestic and the international market.

read more

Get In Touch


Don't be the next: we can help you!

Phone Contacts

+65 3157 2142

Email Contacts

Where We Are

105 Cecil Street #07-00 Singapore 069534

Send Your Message