This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies
By closing this message or continuing to use our site, you agree to our cookie policy. Learn More
This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Subscribe
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • Home
  • News
    • Security Newswire
    • Technologies
    • Security Blog
    • Newsletter
    • Web Exclusives
  • Columns
    • Career Intelligence
    • Security Talk
    • The Corner Office
    • Leadership & Management
    • Cyber Tactics
    • Overseas and Secure
  • Management
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • More
  • Physical
    • Access Management
    • Video Surveillance
    • Identity Management
    • More
  • Cyber
  • Sectors
    • Education: University
    • Hospitals & Medical Centers
    • Critical Infrastructure
    • More
  • Exclusives
    • Security 500 Report
    • Most Influential People in Security
    • Top Guard and Security Officer Companies
    • The Security Leadership Issue
    • Annual Innovations, Technology, & Services Report
  • Events
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
    • Security 500 West
  • Resources
    • The Magazine
      • This Month's Issue
      • Digital Edition
      • Archives
      • Professional Security Canada
    • Videos
      • ISC West 2018
      • ASIS 2017
    • Photo Galleries
    • Polls
    • Classifieds & Job Listings
    • White Papers
    • Mobile App
    • Store
    • Sponsor Insights
  • InfoCenters
    • Video Management Systems
  • Contact
    • Editorial Guidelines
  • Advertise
Home » A New CSO’s 8-Step Guide on How to Succeed
Cyber Security NewsSecurity Leadership and Management

A New CSO’s 8-Step Guide on How to Succeed

young exec
September 26, 2017
Stefan Sulistyo
KEYWORDS Chief Security Officer (CSO) / security careers / security executives / security leadership / security management
Reprints
No Comments

Do you have a new job as the Chief Information Security Officer (CISO), Chief Security Officer (CSO), the Security Information Manager or something similar? Congratulations! You’ve just received a great job opportunity – one that can either be your dream job, your worst nightmare, and sometimes both simultaneously.

 

  1. Before you start/accept the job offer:
    If you’re still negotiating about the position or have yet to have a job interview, ask these questions:
       - What are the main priorities of the organization?
       - How are the security department and the reporting channels organized?
       - Why is the position vacant right now? (Replacement, newly structured position)
       - How is the budget process structured?
    You should do your own homework and acquire some knowledge about the company’s industry. It will prove to be very crucial that you understand all the company’s business priorities.
  2. Your first week:
    When starting your new job, you’ll have access to internal information. Use those first days, as no one will bother you too much. If your predecessor is still working, use this for gathering info on the current situation, ongoing projects and important stakeholders. If there is an existing security team, introduce yourself and take time to talk to each member. Look at all or at least a large share of the recent documentation and read different shared folders and sharepoints.
  3. Your first month:
    This is the perfect time for building relationships and networking in your new environment. Do it even if you’re a new employee, because you’ll need some new allies for the position.
  4. Positions and departments that are worth visiting for coffee or a quick chat:
       - IT Manager/ CIO
       - Data protection
       - Law department
       - Corporate communications and PR office
       - Customer service
       - Internal audit
       - Personnel management/Human Resources
       - Works council
       - Facility management (or the department that is responsible for physical safety)
       - Executive assistant
  5. The first 100 days:
    As in politics, the first 100 days are for strategic planning. Start with assessing the current situation and look at standards, e.g. ISO certifications. Pick the crown jewels right away – that is assessing business parts with the highest demand for protection. Look at them in depth and try to find all crucial dependencies they entail (e.g. IT-systems, suppliers, different office locations). Do cyber maturity checks. That’s how you gather important technical and organizational loopholes.

    Group those into different topics and into interrelated projects. Illustrate dependencies and prioritize different topics (main risks first, followed by measures that take care of many different risks, meaning you start with the highest return-on-invest). This will be your strategic three-year plan and the core of your InfoSec agenda.

    Let the management board sign off on the risk observation and the migrating plan or request clear and well-documented statements as to what risks are accepted. Convey the plan to all affected colleagues.
  6. The first year:
    Now you start the projects you have planned. Don’t overburden yourself! Even if you receive enough budget (you need a conclusive risk argumentation), you and your team will have a limited amount of ‘horsepower’ you can work with. Security projects can be very excruciating for the rest of the company and often entail major changes in the company processes that are rather difficult to handle.

    Don’t take up more than 3 security projects running simultaneously. One of those projects should be the construction or tailoring of an Incident Response plan, and all important stakeholders should participate in the corresponding simulated exercise.
  7. The first three years:
    Check your plan at least once every year and report to the executive board, so you can adjust it together if necessary. Do your projects and communicate your success. Learn from operative topics and optimize them accordingly.

    Potentially, there have been IT/Security breaches in the last three years. Use newly gained insights for huge awareness measures within the organization and talk about it as much and often as possible (but ensure that the executive board is okay with open communication; include them in awareness measures).
  8. What to read:
    Invest some time and try to read a lot of security blogs such as Bruce Schneier, Grugq, Brian Krebs or the The Hacker News to stay up to date.

Subscribe to Security Magazine

Stefan Sulistyo is the Chief Customer Officer and Co-Founder of Alyne. Prior to founding Alyne, Stefan was the Head of IT Security, Risk & Compliance for Sky Germany and responsible for safeguarding Sky’s digital business and their 4+ million customers’ information. Stefan started his career in consulting at Accenture and Deloitte & Touch with a focus on taking clients from all industries to the next level of Information Security Management. He holds an M.Sc. in Computer Science and a B.Sc. in IT & Business from the International University Bruchsal. 

Related Articles

The Road to CSO: Meet Microsoft's New Security Leader

Five Steps to Developing a Healthcare Information Technology Security Plan

How CSOs Can Adapt to the Changing World of Digital Risk

Baker Hughes CSO's Lessons on Being a Better Business Enabler

Related Products

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws 2E

You must login or register in order to post a comment.

Report Abusive Comment

Subscribe For Free!
  • Print & Digital Edition Subscriptions
  • Security eNewsletter & Other eNews Alerts
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

security-center

The Top 5 Reasons Why Your Security Program Needs Intelligence Personnel

Globe

Which Countries Have the Worst and Best Cybersecurity?

SEC0219-cover-Feat-slide_900px

The Road to CSO: Meet Microsoft's New Security Leader

password1-900px.jpg

New Vulnerabilities Found in Top Password Managers

password1-900px.jpg

How Americans Leave their Personal Info Open to Thieves

20180226SEC_DataminrFeb_360x184customcontent

Events

February 26, 2019

Harness Real-time Public Information to Improve Active Shooter Response

Corporate security teams hope never to respond to an active shooter situation. But given today’s realities, companies spend a great deal of time developing guidelines, holding training sessions, and carrying out drills to ensure that their staff will be prepared in case an active shooter event occurs.
March 7, 2019

Finding Your Physical Security Blind Spots with Artificial Intelligence (A.I.)

Security infrastructures are undergoing a digital transformation with growing adoption of intelligent access control, video surveillance and analytics as well as IoT devices and sensors – generating more data to than ever before. Harnessed properly with artificial intelligence and a risk-based model, this data can be exposed and leveraged to improve life safety, minimize risk and increase operational efficiency.
View All Submit An Event

Poll

Employee Background Screening

How Often Does Your Organization Conduct Background Screening on Employees?
View Results Poll Archive

Products

Effective Security Management, 6th Edition

Effective Security Management, 6th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

See More Products
Security-500

Security Magazine

SEC-Feb-2019-Cover_144px

2019 February

In Security’s February 2019 issue, meet Brian Tuskan, Microsoft's New Security Leader. Learn how he has used technology, his reputation, networking and a desire to help people to become Microsoft’s new CSO. Read about the Next Generation of White Hat Hackers, How to Evaluate Security's Role, and more.

View More Subscribe
  • More
    • Market Research
    • Custom Content & Marketing Services
    • Security Group
    • Editorial Guidelines
    • Privacy Policy
    • Survey And Sample
  • Want More
    • Subscribe
    • Connect
    • Partners

Copyright ©2019. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing