Getting the first 100 days right is critical to achieving momentum, credibility, and long-term success.
By Etay Maor, Senior Director, Security Strategy, Cato Networks
Starting off as a new CIO in a tough, dynamic environment can be daunting. CIOs must juggle multiple issues like coping with hybrid workplaces, changing cybersecurity and compliance protocols, increasing ransomware attacks and high expectations from the board, to name but a few. New CIOs need to tackle biased perceptions, make a good first impression, assess the current state of processes and policies and determine a strategy to build a foundation that drives innovation.
Other CIO challenges may involve building a deep awareness of the IT organization, developing close relationships with key stakeholders and achieving wide acceptance for strategic goals while also gaining some quick wins that boosts confidence in your talents.
In speaking with countless CIOs about their security posture, I’m always intrigued by what lessons they’d offer new CIOs. In truth, there doesn’t seem to be a single set of ‘guiding principles’ for best launching into a CIO role. There are, however, strategies and tips that repeat themselves in my conversations. Here, then, are five of those often-cited takeaways battle-tested CIOs recommend new CIOs follow in their first 100 days in office.
- Get to Know Your Organization and Team
With many stakeholders and team members operating remotely, one of the most significant hurdles a CIO must overcome is to forge meaningful, interdepartmental relationships.
- With IT Teams: Start with regular one-on-ones, seek out the issues they regularly wrestle with and assess whether it involves technology, infrastructure, processes or people. Familiarize yourself with the strategy and tactics currently in place and evaluate if these adequately align with overall business goals.
- With non-IT Teams: Start with key executives and leadership teams. Understand their role in the business and how they interact with IT. Evaluate recent IT requests and determine whether they have been resolved satisfactorily. Prepare questions relevant to their role but listen carefully to understand their overall strategic vision and expectations from IT.
- Determine the state of IT and Security Infrastructure
Conduct a detailed technology risk assessment of your network infrastructure, databases, applications, cybersecurity and back-ups. Evaluate the current state of policies, procedures, compliance, security awareness and service delivery levels. Get to know your vendor-partners and learn the contract status from each, especially big-ticket deals. Know your IT budgets (planned vs. actual). Figure out what stage the company is at relative to their digital transformation process.
As a first measure, benchmark what you can. Three years down the road you should be able to sell a story of sustained improvement. Conduct a baseline assessment and capture metrics from current applications and security practices. This will also help identify what is and isn’t working.
- Define your Goals and Chart Out a Plan
Once you’ve got a handle on IT’s position and learned about its resources and capabilities, it’s time to develop swift action plans for urgent and simple issues to help define an overall blueprint of your longer-term company strategy. Your plan should include an executive summary, your department’s strengths and weaknesses; opportunities and threats; new trends, tools and capabilities; the tactics you will use along with costs, time and impact – in short, guiding principles that will drive future decisions.
- Incorporate Digital Transformation
Whether it’s changing buyer behavior or securing a large-scale remote workforce, the demand for digital transformation post-pandemic (i.e., digital methods to improve business processes and continuity) has accelerated by several years.
New CIOs must keep this momentum going by identifying and implementing technology that can significantly transform customer and employee experiences. As an example, CIOs can leverage automation and AI to improve product efficiency or augment intelligence to an existing product, giving it a competitive edge. In cybersecurity, CIOs can leverage transformational technologies like SASE (Secure Access Service Edge) to boost cybersecurity, provide high-speed connectivity and reduce IT overheads.
- Get Priorities in Order
Choose your battles wisely based on mandates, urgency, business needs, ROI, previous experiences and understanding of market trends. Seize opportunities for quick wins like improving processes, vendor management, SLA timelines and end-user applications. Resist firefighting.
Weigh out the risks and repercussions before you make major decisions. Get executive sponsorship for your actions and priorities. If needed, set up a steering committee to secure buy-in from a diverse group. Determine where the power lines are drawn and what priorities can be addressed first to instill greater confidence across internal stakeholders.
There is no silver bullet for a successful transition. We can all agree that there is a lot to manage and not everything is just about technology. Having an organized approach in place for your first 100 days ensures you cover all your bases, leaning in for a better shot at being successful in your new role along with establishing yourself as a valued and inspirational leader.
About the Author
Etay Maor is the Senior Director of Security Strategy for Cato Networks, provider of the world’s first Secure Access Service Edge (SASE) platform, converging SD-WAN and network security into cloud-native services. Previously, Etay was the Chief Security Officer for IntSights, where he led strategic cybersecurity research and security services. Etay has also held senior security positions at IBM, where he created and led breach response training and security research, and RSA Security’s Cyber Threats Research Labs, where he managed malware research and intelligence teams. Etay is an adjunct professor at Boston College and is part of Call for Paper (CFP) committees for the RSA Conference and QuBits Conference. He holds a BA in Computer Science and a MA in Counter-Terrorism and Cyber-Terrorism.