Playbook: Your First 100 Days as a vCISO

December 11, 2023The Hacker NewsvCISO / Cybersecurity


In an increasingly digital world, no organization is immune to cyber threats. However, not every organization has the luxury of hiring a full-time, in-house CISO. This cybersecurity leadership gap is where you, as a vCISO, step in. You will be the person to build, develop, and strengthen the organization’s cybersecurity infrastructure, integrating strategic guidance with actionable cybersecurity services.

As an organizational leader, you have to navigate professional duties, business needs, different organizational personas and leadership demands. Your success depends on your ability to build trust and establish yourself as a strategic decision maker who can protect the organization.

Like that, your first 100 days in a new organization are the key to your success. They will lay the foundation for your long-term achievements. To help you through this critical phase, we’ve introduced a comprehensive guide: a five-step, 100-day action plan, “Your First 100 Days as a vCISO – 5 Steps to Success”.

The playbook was developed based on the collective wisdom and experience of industry leaders Cynomi and PowerPSA, following their extensive work with hundreds of vCISOs across businesses of all sizes.

The playbook includes:

  • vCISO goals
  • Pitfalls to avoid
  • 5 phases: Research, Understand, Prioritize, Implement, Report
  • Main activities for each phase

Some example activities include:

  • Research (Days 0-30): Meeting with stakeholders and management, meeting with the IT/security team, reviewing past security incidents and responses
  • Understand (Days 0-45): Conduct a security risk assessment, showing the current security posture and management gaps, identifying short-term and long-term needs
  • Prioritize (Days 15-60): Defining short, medium and long term goals, creating a remediation/work plan based on those goals, planning budgets and resources
  • Execute (Days 30-80): Communicate the plan to all stakeholders, implement automated systems that yield low-hanging fruit, create a cadence for external scanning and reporting
  • Report (Days 45-100): Measure success, communicate progress at least once a month, integrate reporting into your overall plan

This guide is your practical handbook for starting a new organization or for leveling up your game with existing clients. Follow the steps and set yourself up for success in your challenging, yet rewarding, tenure as a vCISO. Remove the playbook.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Leave a comment