Make the first meeting count. It is imperative to get off on the right foot. If the first meeting goes poorly, it is unlikely that you can be successful as a CISO. To be successful, you have to focus on the things that matter to senior executives. There is no single list, but here are some ideas and concepts to get you started.
From an actual job posting: Responsible for an area within the Strategy Office, (SO), (also called strategic planning), senior executives are going to expect the CISO to focus on strategy deployment, growth, go-to-market, strategic Intelligence, network integration, strategic transactions) which will include leading projects/relationships, developing standardized practices/processes, and managing/leading teams of people within the SO and across the Enterprise.
HBR.ORG, (possibly paywalled), has an article on the seven things you need to do to thrive in the C-suite. They list leadership, strategic thinking and execution, technical and technology skills, team and relationship building, communication and presentation, change management and integrity.
As a CISO you will have more face time with senior executives than members of the board of directors, so this can be even more important to make and maintain a good impression. Have a plan, and get your entire company and board to understand and support it. The Jack Welch book, Straight from the gut, illustrates his experience of sharing the vision with the organization continuously.
Techcrunch has a great article on dealing with the board, a few of the points are:
- Tell the board if the plan changes for tactical reasons.
- Tell the if the plan is changing a lot for “big reasons”, (strategic).
- Strategy mistakes are harder to admit than execution mistakes.
- Email is good for delivering straightforward information; board meetings are good for explaining complicated information and discussing alternatives.
Stephen Northcutt is Director for Academic Advising at SANS.EDU and chair for SANS Rocky Mountain 2017.