“Beginnings are such delicate times” (Frank Herbert, Dune)
So everyone got their first 90 days dog-eared slide deck. We know it, run an internal audit, identify current strategic OKRs and so on...
But what about everything else? in this series I'd like to talk about the other 90 days.
We'll answer the following questions.
- Who are we working for?
- Know who owns the business. Founders? Shareholders? Investment fund? What do they want? When do they want it? How risk-averse are they what are their priorities? How involved are they?
- What are we selling?
- Know your product. its ecosystem. its image and reputation
- Who are we selling to?
- Know your customers. What do they want from you? What makes trading with you worth it to them?
As a CISO you end up working with everyone. Back to back meetings with a software dev working on new features to discuss ways to implement architectural decisions then appointment with the CHRO to help prepare the presentation of our security policies to the employees representatives (if you're at all familiar with the French labor laws you know they are a force to be reckoned with).
All of those are vital parts of how I see the CISO function and underserved when the role is discussed.
As CISOs, resident or consultants we need to understand the complete value creation chain. This is a support function, our level of access gives us a unique perspective on the bigger picture and staying indoors writing policies and compliance reports would be sacrificing our greatest strength: versatility.