So far , you were frustrated that your boss does not tell you his expectations clearly…. Now you will have 6 bosses telling to 12 different things every month.
Get used to it.. Fast.
You will get mixed signals.
Nobody is going to give any “charter”
Remedy :
Stay neutral and suspend judgement
Stay curious
Take time… absorb all inputs : Do not take hasty decisions.
Try things on… and fail fast
Soon you will be have enough experience to take decisions based on ‘Instinct” as Malcomn Gladwell advocate in his book “Blink”.
Knowledge is Power
Learn …
Your business imperatives
Other functions issues
Understand people, their strengths and weaknesses
Knowing you own domain is a “Given”
Never be closeted in your own domain… IRRESPECTIVE of your reporting structure.
Convey your vision, your strategy for making the business secure.
One fundamental difference… “Do not report about what YOU have achieved”, Most communications need to be about the STATE of SECURITY in the firm.
Communicate the right picture to the leadership… NOT Alarmist reports , No scare tactics also no understatements or hiding things … but a the correct Risks.
Besides internal communications… be in touch with your peers in the industry, regulatory authorities.
If you want to win a popularity contest… this is not the job for you.
Be prepared to be lonely.
Draw support from family and friends if things get too stressful.
Take on additional responsibilities
b. Take ownership of security related domains
c. Don’t be an auditor… be a problem solver. ..
d. Show initiative… specially in major cross functional projects….a CISO in the only Cross functional technical as well as process compliance leader…(not HR, or Legal or SCM etc).
You WILL become a trusted advisor to the leadership
You are going to be the CEO's/ Boards trusted advisor.
You cannot slip-up even on the smallest of things... Fuel bills, small favours from vendors etc.
Be polite but "strong"... ONLY in the interest of the company... not for your ego.
Last msg. .. you WILL come at crossroads when you may have to put career on the line as CISO...in the Interest of the company…. You will know what you are made of.