When a CISO joins a new organization, it is important to start with basics. Following is a TODO list for every new CISO.

1. Understand the business – where revenue comes from, who are major customers, meet internal stakeholders.
2. Review CISO budget – How much is the budget, where it is spent (people, technology, services).
3. Know team members – Get to know team members. In case of a large team, get to know key leaders but meet individual contributors to understand their challenges.
4. Identify compliance and regulatory needs – Before creating strategy, list all compliance needs, their current status, next audit cycle timeline.
5. Understand technology foundation
   1. Policy, standards and governance structure.
   2. Critical assets and asset management (what to protect).
   3. Identify key technologies used for protection (end point, network, applications, Cloud, Identity and access management).
   4. Security operations, threat detection, incident response
6. Key vendors – Contact key vendors and identify how to get their help.
7. Develop Strategy and Metrics – What needs to be done to build a security program, risk management strategy, and how to measure progress.
8. Security team branding – Create a plan for marketing and branding of the security team.

Subscribe to Blog

• Navigating the Landscape of Risk Management Frameworks
• CISO MindMap 2024: What do InfoSec Professionals Really Do?
• Building Generative AI (GenAI) Applications
• Security Hygiene
• Third Party Risk Management – Considerations for creating a program standard