New CISO Role – What to do first?

So i am going to summarise some of the key things you will want to do first:

Reconnaissance / Collecting your info

  1. Understand your current estate (in terms of assets and how the business operates)
  2. Document your findings (maybe only you know)


  1. Ask yourself do you know what the target state looks like (you should have an idea)
  2. Define the capabilities, requirements, tools and a strategy of how you will get there

Continual Improvement

  1. Do you know what ‘good’ looks like? Then you need to know how to measure that, especially for any deviations. Let the data tell the story!
  2. “Security is a practice” and it should be continually improving with no destination only improved layers of maturity.

To find out more have a read of this blog