Part 4 — What do we want?
This is the point when you really get stuck in. By now, you would have been in the new CISO job for about 2 months and it should start to feel less and less like a new job. Of course, this is not really about 100 days, and you should also start to realise it.
Part 3 — Who to trust?
This is really the time-horizon over which the new CISO must start assessing their new position. Once again, many of the management tips we will be building up in this series could apply to any executive taking up a senior job in a new organisation.
Many of the management tips we will be building up in this series could apply to any executive taking up a senior job in a new organisation. But the role of the CISO is particularly sensitive in many aspects and has its own dynamics. It is often poorly understood by management and still seen by some as a necessary evil, or as an imposition by auditors or regulators.
As a follow-up from my last article - where I shared thoughts on one of the key differentiators for the businesses of tomorrow being the ability for people to make data-driven decisions within an environment of emerging, fast-paced transformation - this month I dig a little deeper into how sensing your market and making sense of your data are crucial in remaining a competitive and viable business, enabling you to continuously change faster than the competition.
There is some form of management reality beyond the “100 days” journalistic cliché: How does an incoming executive make an impact in a new role? What are the real timeframes to look at? What can be expected, and over what horizon? What are the key issues that should raise a red flag during the first few months in a new senior position? and those which can be ignored? Those are the themes we will be exploring in this new series around the specific role of the CISO.
The Person, the Role and the Culture of the Firm
I can't recall who said it, or where I heard it, but it has resonated with me for a while now, providing the inspiration for the first article in this series - "uncertainty is the only certainty in business". Never has this been more relevant than in today's world of rapid change, where organisations are continuously challenged to disrupt or be disrupted.
As illustrated by the quote below, the case for data in business is not a new one, nor one that needs to be much discussed. The purpose is, and always was, to collect sufficient data (and not too much, ‘infobesity’ and ‘analysis paralysis’ are well-known pitfalls in that area) to make the right choices, with the maximum number of possibilities, whilst acknowledging that decisions are a sort of bet on the future and its uncertainties.
There is an important issue in the world of Procurement. While the future of the function is at stake, too many CPOs and Procurement organisations are looking at the future of Procurement solely through a technological prism and consider technology as the end (when it is the means to an end).
It is no surprise then that the questions that are at the top of their agenda are centered around what technology (RPA, blockchain, big data, AI,…) they should focus on and implement. It is as if this or that piece of technology would magically fix all of their problems.