{"id":18135,"date":"2025-09-08T10:58:24","date_gmt":"2025-09-08T08:58:24","guid":{"rendered":"https:\/\/www.dp-institute.eu\/?p=18135"},"modified":"2025-09-08T10:58:24","modified_gmt":"2025-09-08T08:58:24","slug":"your-first-100-days-as-a-ciso-a-practical-approach","status":"publish","type":"post","link":"https:\/\/www.dp-institute.eu\/en\/your-first-100-days-as-a-ciso-a-practical-approach\/","title":{"rendered":"Your First 100 days as a CISO. A practical approach."},"content":{"rendered":"

You\u2019ve been looking forward to today: your first day as the new Chief Information Security Officer<\/strong> (CISO)! You\u2019re ready to save the world, and by \u201cthe world,” I mean your company\u2019s most critical assets. You\u2019ve ironed your fancy cybersecurity hero cape and are all set to talk strategy and business alignment. But how do you get started?<\/p>\n

In this article, we’ll outline the key focus points for your first 100 days<\/strong> to help you establish yourself as a security leader<\/a>, putting all the necessary pieces in place to make security and risk management<\/a> drivers for success.<\/p>\n

Ready? Set! Let’s make security strategy support business goals.<\/p>\n

Building Strong relationships<\/span><\/h2>\n

In your first weeks in this new role, focus on building relationships<\/strong> and understanding the organization<\/strong>, its culture<\/strong>, and its business objectives<\/strong>. Your influence across the organization is directly connected to the strength of your relationships and, perhaps more importantly, the level of trust people have in you. Take the initiative to free up time in your schedule for both formal and informal touchpoints to align with your peers from every department. Instead of reacting to isolated incidents, look for patterns that could inform your risk assessment. Understand the compliance environment you\u2019ll be working within. Analyze situations carefully before taking action. Identify metrics that support business leaders. Complement this with sharing your knowledge and expertise when appropriate, especially if you can make quick wins, as it will help solidify your relationships and provide a platform for change. Remember, while doing all this, your top priority is to be your authentic self. It enhances trust and acts as a force multiplier.<\/p>\n

First Priority: Authentication<\/h2>\n

There\u2019s a lot of debate about the balance between IT and Security when it comes to owning tools and functions in the infrastructure. Most breaches occur through compromised credentials. There should be no debate about Security being heavily involved in everything related to authentication<\/strong> (AuthN) and authorization (AuthZ). Collaborate with your IT Operations and DevOps teams to gain a basic understanding of the toolchain used across the organization. After understanding the tools and their fundamental functions, conduct an initial audit of who has access to what and map out the AuthN\/AuthZ landscape. Key focus points in this process are as follows:<\/p>\n